Modern information workers communicate electronically. This creates a whole new set of challenges for companies that choose to implement enterprise collaboration solutions, including complex legal, availability, security, capacity, and disaster recovery considerations. Quest specializes in the following core collaboration technologies:

• Messaging. Many companies describe email as a mission-critical service, simultaneously supporting internal business processes while connecting the company with clients and suppliers. Modern messaging techniques have also expanded to include mobile devices, web-based email, instant messaging, and many other complementary technologies - such as message archival and workflow applications. Messaging systems must be designed from the ground up to accommodate realistic usage and availability requirements, and thoroughly integrated with enterprise services such as message hygiene, PKI, and storage area network (SAN) deployments.

  Quest Consultants has also developed special expertise in messaging migration scenarios, for Microsoft Exchange e-mail solutions based on Exchange Server 5.5 and 200x, including the new Exchange 2010. The specific high-availability and disaster recovery features built into the E2010 platform, as well as increased command line management through the Windows Powershell scripting language, make Exchange an especially suitable platform for large enterprises with stringent recovery time objectives. We can design a consolidation or migration plan for your organization, using either native or third party migration toolsets, that satisfies both budgetary and uptime requirements.

• Convergence. The increasing popularity of voice-over-IP (VoIP), videoconferencing, collaborative authoring, and unified messaging solutions have dramatically increased both the capabilities and complexity of modern collaboration across the enterprise. The low latency tolerance of these convergence applications demands reliable and fast connections, with guaranteed quality-of-service (QoS), across the entire network backbone (WAN/LAN). This in turn has driven the development of best-of-breed networking solutions, which together can ensure that audio and video content is properly prioritized (and safeguarded) across the network. Quest can help your organization plan a collaboration environment from the ground up, ensuring maximum return on IT investment.

As companies continue to strive for competitive advantage through increased efficiency, the proliferation of disparate information systems has also increased - and along with them, the myriad digital identities of users, partners and customers. Identity Management addresses the growing complexity associated with consolidating, designing, and managing this multitude of identity stores. Quest Consultants specializes in the following Identity Management activities:

• Identity Consolidation. To reduce management and operational complexity, and to minimize security risks across the environment, separate identity stores must be consolidated. Implementing solutions such as meta-directory and virtual directory services can reduce costs, simplify operation, and minimize attack surfaces.
• Directory Design & Migration. Increasingly complex business models require secure, available, and efficient directory services infrastructures. As firms consolidate and centralize their operations, or merely wish to take advantage of new system capabilities by upgrading to newer software platforms, the need to retain identity-related data and access control permissions (while minimizing downtime and disruption) is absolutely paramount.
• Identification and Authentication. Identification and authentication of users, customers and services brings its own challenges, including the need to implement complex solutions such as federated identities, multi-factor authentication, and public key infrastructure (PKI).
• Identity Monitoring and Control. To mitigate legal and financial threats associated with the potential abuse or misuse of digital identity technologies, companies are increasingly relying enterprise intrusion prevention, auditing and monitoring systems. To be effective, these systems must be tuned correctly, and integrated with overall security operations.

Industry analysts and federal law enforcement officials have repeatedly flagged identity theft as one of the most critical computer security issues that organizations face today, with one key report suggesting that "identity is perhaps the biggest single issue on the radar of enterprise security practitioners." (2007 CSI Computer Crime and Security Survey, p.25). The mandate has never been stronger for organizations to tackle this issue proactively, and at the same time leverage potentially enormous cost savings due to reductions in operating costs and protection from costly legal actions.

Quest Consultants LLC provides comprehensive project management services for information technology projects. With two certified PMPs and many years of hands-on experience running large projects we are well prepared to handle the responsibilities inherent to leading a project regardless of size. Our uncompromising committment to customer satisfaction is successful because of our attention to staffing and communications, the two most important aspects of any technology project.

• Customer satisfaction is the name of the game in the technology market. We understand this because we've dealt with customers of all types and sizes from small business (like ourselves) to one of the largest organizations in the world. Delivering the product or service that fits the customer's needs is often challenging because of tight schedules, complex technical designs, and external constraints. We navigate these waters to find a safe path to the ultimate goal; a satisfied customer.
• Staffing a modern day technology project can feel like finding a date the day before prom, everyone good is already taken! We've dealt with this environment for many years and our knowledge of the staffing process allows us to find and recruit the right people at the right time. Staffing is the most critical responsibility of the project manager because no one else can analyze candidates and determine the right one for the open position. Timing the staffing process is the most difficult piece of the puzzle and requires careful attention to detail and foresight.
• Communication is the lifeblood of a project. Effective communication will provide the customer, staff, and project management team with the information and confidence they need to do their jobs. We go to great lengths to provide timely, efficient, and effective communication to every stakeholder. Our open and honest approach breaks down barriers and makes everyone feel like they're playing for the same team.

Quest Consultants provides a wide variety of information security design and testing services, several of which are discussed below:

• Website Testing. Testing the security of a website, often one of the few Internet accessible attack vectors in an organization, is a complex and challenging task that requires extensive experience not only with security tools but also with business processes and concepts. Quest provides fast, comprehensive, and useful testing for all types of websites from basic HTML/CSS to open source CMS systems such as Drupal to complex proprietary systems such as Microsoft Sharepoint. Each engagement is approached using a customized process refined over many years and hundreds of tests. Clients receive a detailed technical report along with informative management-level summaries, and Quest is able to provide additional assistance to remediate findings if necessary. Use the General Inquiry contact form to request more information.
• Penetration Testing. Testing the security controls used to protect confidential and sensitive information is paramount in today's increasingly connected world. Penetration testing engagements begin by sharply defining the "rules of engagement," wherein specific systems, penetration techniques, and windows of operation are delineated. Quest's penetration testers then use a blend of commercial, open source, and proprietary technologies, along with investigative intelligence-gathering and hands-on techniques, to identify network and application security weaknesses. Final reports include both technical detail and non-technical managerial overviews, and are delivered along with an interactive presentation of findings. More information on our penetration testing approach is available here.
• Network Security. The concept of the "network perimeter" has been in steady decline in recent years. Infrastructure services such as virtual private networking (VPN), web services, email, wireless networking, and other business process requirements make the network perimeter increasingly porous. Although it's still important to choose best-of-breed network security devices such as firewalls or intrusion detection and prevention systems, the "de-perimeterization" of the network has also led to robust notions of defense-in-depth, including system hardening and patching, malware scanning and auditing, data encryption, and network-based access controls (such as 802.1x port security and network access protection). The security posture of the entire organization must be analyzed as an integrated system, to ensure that sensitive data are ultimately protected.
• Risk Assessment. Risk assessment is both and art and a science, involving intuition, detailed research and analysis, and critical decision making. Quest's approach to risk assessment is based on years of strategic experience, including work surrounding the catastrophic events of September 11; the Greek Olympics in 2004; the Maryland electronic voting initiative in 2004; and some of the world's most critical financial and national defense systems. We combine risk assessment techniques recommended by the federal government (such as NIST 800-30) with the guidelines of international conventions (such as ISO/IEC 27002, previously 17799), tempered by a fine-tuned understanding of each organization's specific risk tolerance. Final reports are often customized according to detailed corporate governance guidelines or organizational templates, and are provided to the client along with an interactive presentation of findings to management.

Attachment	Size
Application_Testing_and_Mitigation.pdf	329.62 KB

Quest Consultants LLC approaches training activities with an eye for the details based on a foundation of training expertise developed over more than 12 years of instruction in fields as diverse as the tactics of warfare and information security for large enterprises. Our approach integrates modern technical props and tools overseen and guided by an instructor with subject matter expertise. Whether the solution is in-person training classes, seminars, or computer based training (CBT), we bring the right attitude and the right people to make sure our students learn quickly and efficiently.

Our approach is based on established learning principles and our training solutions help each type of student understand and master the subject matter. Verbal, visual, and tactile learning mediums are provided whenever possible to meet the wide variety of learning needs. Innovative approaches, such as creating live CDs to explore web security concepts, are a hallmark of Quest training programs. We think outside the box to bring concepts right into the classroom.

Training programs are customized for each customer and a training solution can be created in approximately 6 weeks for any of the following areas:

• Web Application Security
• Penetration Testing
• Vulnerability Scanning
• Information Security Project Management
• Continuous Monitoring Solutions

Classes are generally less than 25 students with one or two instructors, depending on the subject matter and length of the class. At the conclusion of a class the students will have specific skills and knowledge as identified in the course curriculum.

Attachment	Size
Application_Security_Training.pdf	310 KB