Home    About Us    Services    Resources    Careers    Contact Us

Security Strategy Assessment
As a security leader, you must navigate an ever-changing security landscape. To chart a successful course it is imperative to align operational excellence and security priorities, meet overarching business objectives and articulate a clear vision of how your program maps to the realities of your business. The Security Strategy Assessment is a collaborative and strategic service designed to give you the tools to reach a business aligned, threat aware program no matter where you are on your security journey.



As an engaged partner, you will gain in-depth knowledge and insight into the threats and risk that impact your organization



Align Security Initiatives with Your Business Goals – Interview key business stakeholders to gain insights into the products and services that generate revenue.
Document Your Business Relevant Threats – Determine specific threats to your organization. Identify requirements to elevate your defense and response posture.
Map Controls in Place to Protect Your Business – Examine current security program structure and maturity. As a result, create an actionable and prioritized program roadmap.
Build a Business Aligned Security Program – Review key findings and results during a facilitated discussion and receive a board-ready presentation.




Program Management
Strategy and Planning
Assist organization in understanding the context and leadership commitment, roles and responsibilities for Information security, organization of Information security, contact with applicable authorities, resource allocation, Information security objectives etc.


Data Security
Assist organizations in data classification, labeling of data, protecting organization records, data protection and privacy of personal information, cryptographic controls and key management, protection of log data, administrators and operator logs, etc.


Access Management
Assist organizations in identity and access management, user registration, privilege management, security of credential systems, access reviews, removal of access rights, secure log-on procedures etc.


Business Continuity
Assist organizations in information systems continuity plans, trainings, maintenance and testing etc.



Personnel and Physical Security
Personnel Security
Assist organizations in human resource security, screening, terms and conditions of employment, disciplinary process, termination responsibilities etc.


Physical Security
Assist organizations in secure areas, designing perimeter security controls, physical entry controls, securing offices, rooms and facilities, protecting against external and environmental threats, public access and delivery, supporting utilities, cabling, etc.



Governance, Risk and Compliance
Governance
Assist organization in developing Policies, Procedures, Standards and Guidelines (Information Security Policy, Supporting Policies for Information Security, Confidentiality Agreements, Internal and external communications, documentation etc.)


Risk Management
Assist organization in Identification of Risks related to third parties, Addressing security when dealing with customers, Addressing security in third party agreements, Risk Identification, Risk Analysis, Risk Treatment, Identification of Controls, Risk communication and consultation etc.


Compliance
Assist organization in compliance policy, compliance with Information Security Legal requirements, Intellectual property rights (IPR), regulation of cryptographic controls, Compliance with technical and non-technical requirements etc.



IT Infrastructure Security
Asset Management
Assist organizations in inventory, ownership, acceptable use, return of assets, security of bring your own devices, media handling, disposal and reuse of assets, securing off premises assets, etc.


Network Security
Assist organizations in network architecture review, network optimization, configuration baselines, network segregation, security of network services, ecommerce and transaction security, network access controls, remote access, teleworking etc.


Wireless Security
Assist organizations in securing wireless networks, wireless network infrastructure review, configuration baselines, wireless access etc.


System Security
Assist organizations in preventing misuse of Information systems, configuration baselines, security of unattended systems, malware controls, publicly available information systems and accessible content, sensitive system isolation etc.


Database Security
Assist organizations in securing and configuring databases as per industry standards, database security review, information management etc.


Cloud Security
Assist organizations in security requirements for cloud environments, delivery agreements and responsibilities with cloud providers, etc.


Operations Security
Assist organizations in configuration guidelines and baselines, standard operating procedures, change management, segregation of duties, capacity management, backups, audit logging and monitoring, time synchronization, end user messaging security etc.


Software Development Security
Assist organizations in identifying information security requirements during software development, input / output data validation, internal processing, message integrity, test data, access to source code, OWASP Top 10, SANS Top 25 vulnerabilities, restrictions on software package, information leakage, outsource software development etc.



Technical Compliance Testing
Vulnerability Assessment
Assist organizations in conducting Internal and External Vulnerability Assessments


Penetration Testing
Assist organizations in conducting Internal and External Penetration Tests


Application Security
Assist organizations in secure code review, application security, application architecture review, information flow, baselines etc.



Internal Audits
Internal Audits
Assist organizations in their Internal Audits based on risk, infrastructure, compliance needs or adhoc basis.



Third Party Security
Third Party Security
Assist organizations in conducting third party audits based on specific compliance need or adhoc basis, service delivery, outsource software development, supplier reviews etc.



Incident Management
Incident Management
Assist organizations in Incident classification, monitoring, analysis, evaluation, Incident response plan, incident documentation, evidence collection, situational awareness and learning from incidents etc.



Security Trainings and Support
Education and Awareness
Assist organization in creating awareness and training program, Identification of required trainings, training implementation plan, executing trainings, analyze training results and records, run awareness campaigns, developer trainings, incident response trainings, etc.


Remediation Support
Assist organizations in remediation and closing the audit findings and charting a roadmap for continual improvement.







  Offline: Leave Message