Services

Information Security/Risk Management/Compliance

Provide subject matter expertise in information security disciplines supporting the design of security technology architecture and implementation of security solutions

Establish, document, manage and disseminate information security architectural methodologies, policies, standards and baseline across all IT departments

Drive overall technology direction for security in defining the strategic view of Corporate IT and Business needs

Identify security risks, threat and vulnerabilities of networks, systems, and applications

Recommend new technology initiatives and provide direction to security engineers and project teams on building appropriate information security controls into systems in development, aligning them to enterprise security goals

Identify solutions, product/vendor evaluation, selection and procurement, development, migration, deployment and oversight including perimeter defense, Firewall Management, Endpoint security, Intrusion detection, Encryption, Wireless, VPN, Access Control, data protection and integrity across platforms and applications

Provide direction to security engineers on improving and maintaining the appropriate information security controls

Provide technical guidance, procedural recommendations and advanced-level troubleshooting of issues

Security Review and Assessments, Vulnerability Management, Penetration Testing or Encryption Methodologies

Firewall Management and Configuration Expertise

Security Event Monitoring

Vulnerability Management

User Provisioning

Single Sign-On

Federation, Extranet Access Management, and Directory solutions

Significant direct experience with information security at the enterprise level and knowledge of Identity and Access Management (IAM) solutions

Knowledge of regulatory requirements and compliance issues specific to security and data protection

Proven skills in gathering and documenting business and functional requirements, system testing and configurations in the selection, deployment and maintenance of security solutions

Knowledge of network infrastructures, including firewalls, VPN's, Intrusion Detection Systems, penetration testing and vulnerability assessment strategies, file and session encryption and cryptography methods, web application and device security

Security Tips Video

back to top

Data Privacy

Sarah is a member of the AIM Advisory Board on Data Privacy Laws to the Massachusetts Legislature

Read InmanTechnologyIT's Massachusetts Senate Testimony on Data Privacy Laws and Security

New Laws resulting from data breaches and identity theft have resulted in new requirements for IT operations. We can help with the assessment of how these may affect you and other questions, and help implement controls to meet the new requirements.

Some questions you may have:

  • Do they affect me? - If so, how?
  • What is my deadline for implementation?
  • Are technologies mandated?
  • If I'm not in Massachusetts, do they apply to my organization?

Some helpful references:

SECTION 17.
The General Laws are hereby further amended by inserting after chapter 93H the following chapter:-

GENERAL LAWS OF MASSACHUSETTS
CHAPTER 93H. SECURITY BREACHES.
Chapter 93H: Section 1. Definitions
Chapter 93H: Section 2. Regulations to safeguard personal information of commonwealth residents
Chapter 93H: Section 3. Duty to report known security breach or unauthorized use of personal information
Chapter 93H: Section 4. Delay in notice when notice would impede criminal investigation; cooperation with law enforcement
Chapter 93H: Section 5. Applicability of other state and federal laws
Chapter 93H: Section 6. Enforcement of chapter

CHAPTER 93I.
Disposition and Destruction of Records.

201 CMR 17.00: Standards for The Protection of Personal Information of
Residents of the Commonwealth

back to top


High Availability and Disaster Recovery Services


Sarbanes-Oxley
Investment Company Act of 1940
SEC
FDIC
COBIT
ISEE......

And now....
Massachusetts General Privacy Law c93H
Massachusetts Data Breach Law Chapter 82-2007

These are some of the drivers for your business and information availability strategy. But as a professional whose reputation is on the line 24/7 to provide system availability, you know recovery is more than compliance with regulations.

Sarah Cortes has personally managed numerous major Code Red business and system interruptions, including the 9/11 failover of trading, accounting and other critical business systems during Marsh McLennan's WTC data center collapse. The first plane struck at 8:45am at the 96th floor of the North Tower, directly into the heart of Marsh & McLennan's data center and IT group, which occupied the 93rd-100th floors. As SVP, Disaster Recovery at Putnam Investments, Marsh's subsidiary, she personally managed 24-hour round the clock failover operations from Boston that day. Planning and testing in the period leading up to the world's least expected disaster allowed continuous business operations for one of the world's largest enterprises in the moments during and after the Tower collapse.

Disaster Recovery and Business Continuity services integrate more than 15 years of industry experience with best-practices knowledge. Develop and deploy solutions based on a comprehensive understanding of your critical business issues and your organization; its IT and business assets; and the internal and external pressures that drive them.

Achieve less downtime and better employee productivity, improve availability of systems and processes, and implement techniques for a quicker, more cost-effective business resumption following an interruption.

  • Technology and Business Availability Planning: A proactive means for IT management and team members to outline decisions and actions that should be performed in the prevention or in response to situations that disrupt normal business processes.
  • Information Availability Assessments: A service that provides essential regulatory comparisons that can be used to make sound endpoint strategic decisions and establish a comprehensive executive opinion on a strategic direction for an availability program.
  • Business Impact Analysis: A service to identify the critical functions and processes of a business, analyze the impact caused by an interruption to these functions and processes, and then determine the availability requirements for each.
  • Pandemic Response Planning/Incident Management Exercises: A proactive means to outline a response to a pandemic scenario, as well as assess risks and business priorities and develop enterprise-wide response templates.

Business Availability Services for Your Entire Enterprise

  • Business and Technology Profile
  • Business Impact Analysis
  • E-mail Compliance Assessment
  • Enterprise Availability Plan
  • Incident Management Plan
  • Business Availability Plan
  • Technology Availability Plan
  • Pandemic Response Plan
  • Information Availability Assessment
  • Information Availability Program Maintenance and Enhancement
  • Information Availability Strategy Analysis and Design
  • Regulatory Compliance Assessment
  • Paragon Implementation Assistance

back to top

Program and Project Management

Extensive experience managing hundreds of IT projects, including:

  • Integration Management
    • Project Charter Development
    • Project Scope Statement Development
    • Project Plan Development
    • Project Plan Execution
    • Monitoring and Controlling of Project Work
    • Overall Change Control
    • Project Closure
  • Scope Management
    • Scope Planning
    • Scope Definition
    • Work Breakdown Structure Development
    • Scope Verification
    • Scope Change Control
  • Time Management
    • Activity Definition
    • Activity Sequencing
    • Activity Resource Estimating
    • Activity Duration Estimating
    • Schedule Development
    • Schedule Control
  • Cost Management
    • Cost Estimating
    • Cost Budgeting
    • Cost Control
  • Quality Management
    • Quality Planning
    • Quality Assurance
    • Quality Control
  • Human Resources Management
    • Human Resource Planning
    • Staff Acquisition
    • Team Development
    • Team Management
  • Communications Management
    • Communications Planning
    • Information Distribution
    • Performance Reporting
    • Stakeholder Management
  • Risk Management
    • Risk Management Planning
    • Risk Identification
    • Risk Assessment
    • Risk Analysis-Quantitative and Qualitative
    • Risk Response Planning
    • Risk Monitoring and Control
  • Procurement Management
    • Planning for Purchases and Acquisitions
    • Contract Planning
    • Requesting seller Responses (RFPs)
    • Source Selection
    • Contract Administration
    • Contract Close-out

back to top

Full Lifecycle, Complex Application Development


Feasibility Analysis to Implementation

Implementing technology solutions to the following business areas:

  • Fixed Income and Equity Trading
  • Derivatives
  • Middle Office, Back Office
  • Cash Management
  • Domestic and Global Currency
  • Investment Analytics
  • Performance Measurement
  • Accounting and Fund Accounting
  • Pricing
  • Custody
  • Asset/Liability Management
  • Faculty Support
  • Energy Pricing Analysis
  • Regulation Compliance Analysis

And the following industries:

  • Financial Services
  • Global Biotech
  • Higher Education
  • Government Agencies
  • Media
  • Energy

back to top

PMP certified CISA certified