1. ENTERPRISE
SECURITY PROGRAM ANALYSIS AND DESIGN
Analyse the current Enterprise
Security Program using best practice guidelines
viz. ISO 17799 and COBIT
with supporting information from corporate
internal standards ;
Deliver and implement cost
effective solution for the specified industry
type ;
Our methodology and solutions
empower the custodian of the information to
manage their risk.
2.
INFORMATION SECURITY POLICIES, STANDARDS AND
PROCEDURES, AND GUIDELINES
Review the status quo of a
company’s Security Policy, Standards
and Procedures, and Guidelines taking in consideration
the industry and legal implications ;
Define a library of Policies,
Standards and Procedures, and Guidelines to
ensure that the risk within the organisation
is adequately managed and thereby increasing
the confidentiality, integrity and availability
of the company resources
3.
ENTERPRISE SECURITY ARCHITECTURE DESIGN
Analyse the current IT
infrastructure performing a ‘fingerprint’
or an Enterprise Map with data flow analysis
;
Define cost-effective security solutions
to embrace the current investment ;
Define and assist in a Security Road Map
for the future
4.
MANAGED SECURITY SERVICES
Perform a detailed Vulnerability
Assessment with a project to minimise
the identified risk ;
Install components that enables a process
whereby the security of the network and applications
can be monitored ;
We use the current security software investment
and install ‘enablers’ to enhance
the analysis and reporting ;
Have a 24 x 7 monitored network with
specialist reviewing exceptions in real-time.
5.
NETWORK VULNERABILITY ASSESSMENT AND PENETRATION
TESTING (AUTHORISED HACKING)
We use commercial, public domains and internally
developed applications to perform a detail
Vulnerability Assessment of your network and
resources ;
Anomalies and Security
Risks are identified and lodged in
a centralised ‘Risk Repository’
;
A process is put in place to ensure that
the risk are managed as an ongoing or living
environment ;
Penetration studies are
done from a remote location and / or on-site
depending on the requirements ;
Define and implement compensating controls
proving their effectiveness against the identified
‘hole’.
6.
INFORMATION SECURITY TRAINING
Analyse an organisation’s specific
IS Security Training needs
Design
specific courses to fast-track an organisation
IT Security skill level
Develop Information Security Awareness
training programs