SECURITY: New IT Services Being Rolled Out

Growing interest in disaster recovery and worries about ever more aggressive cyberattacks have companies putting IT security under the microscope. Consulting firms Computer Sciences Corp. and Guardent Inc. are trying to capitalize on this trend by expanding their service lines. Separately, CSC has bagged an eight-year, $86 million contract to train the Department of Defense to fight cybercrime.

CSC, which declined to say how much it will charge for CyberCare, is adding business-security functions to the previously government-focused risk-management service. The new version includes continuity and disaster-recovery assessments for the private sector. For instance, it assesses what processes a company needs to continue operations in compliance with its industry's governing bodies in the event of a business interruption.

"Financial-services firms, for example, operate in a highly regulated environment," says Ron Knode, CSC's global director of managed security services. "They need to prove that they can not only operate in an emergency, but also operate according to SEC guidelines." Other features include risk and vulnerability assessment and policy and program development and organization.

When the company's Global Information Security Services unit first developed CyberCare earlier this year, the consulting, systems-integration, and outsourcing services were tuned primarily to assess the IT and physical security vulnerabilities of government agencies. CyberCare customers include DuPont and Raytheon Co. as well as the U.S. Agency for International Development and the Defense Information Systems Agency.

There's value in adding a management structure around a security program, although CSC isn't alone in providing these services, says Peter Lindstrom, Hurwitz Group's director of security strategies. IBM Global Services and EDS offer risk-assessment and security services, as do smaller firms like @stake Inc. and Guardent. "You should evaluate these services based upon your comfort level with the company providing them," Lindstrom says.

For its part, Guardent is expected to bolster its security services Dec. 12 when it is scheduled to unveil a new security defense appliance, part of a managed-security package that includes firewall protection, intrusion detection, vulnerability scanning, event correlation, reporting, and alerting capabilities. Guardent uses the defense appliance to collect information about the client site's security vulnerabilities, then presents the client with its findings, for $1,500 per month.

CSC Tuesday also revealed it won a long-term contract to support the Department of Defense's computer-investigations training program. CSC will assist the department in researching, developing, and delivering computer-investigation courses for military police. Courses will cover computer search and seizure, computer intrusions, and forensic computer-media analysis to support the prosecution of criminal activities and execution of counter-intelligence actions.