About Us l Contact Us   Home
 

 

The information Security Services is conducted by our partner Front Defense

 

BS7799 Security Assessment / Auditing

Introduction
ISO/IEC 17799 provides a comprehensive set of controls comprising the best practices in information security. It is intended to serve as a single reference point for identifying the range of security controls needed in situations where information systems are implemented in industry and commerce.

Objective

Our baseline review is a high-level assessment, intended to provide management with a detailed analysis on how effective their current security measures are. It helps them identify their information security needs and set their IT security priorities depending on those needs.

Methodology
Our Security assessment uses an advanced baseline approach based on the ISO/IEC 17799 standard. The review provides you with an insight into your business security, how efficiently it is being managed and how effective are the security controls you have in place.

Deliverables

Following an extensive analysis by our senior security consultants, a detailed report on the security assessment findings and recommendations will be provided to you. The report is divided as follows:

  • A management presentation highlighting the major findings and recommendations.
  • A complete security controls review covering high, medium and low risk areas
  • A detailed technical explanation of the system's vulnerabilities with the recommended solutions.

Security Policies & Procedures

Introduction
Information security policies are the baseline of information security within any enterprise. A security policy can be defined in many ways depending on the standards and compliance issues a company faces. However, a security policy is basically defined as a document, either written or digitalized, that contains guidelines and instructions regarding subjects that affect any aspect of information security within your organization. Additionally policy training and awareness is a key issue to ensure effective business operations.

Objective
Our approach is to assist your organization in defining its information security policies, which in turn, outline and identify the implementation and management of your specific information security needs.


Methodology
Front Defense policy assistant is a new and innovative tool that takes an outdated traditional paper-based solution and transforms it into a new digitalized-based solution, converting policies from a paper trail into your computer screens.


It effectively allows you to access information related to security policy in your organization with the touch of a button. The policy assistant comes fully equipped with policies that have been tried and tested in numerous business environments with common business requirements. The policy assistant is fully customized to fit your needs and could be easily managed and updated by your own staff.


Deliverables
A comprehensive security policy document, in electronic and hard copy formats is delivered to you after thorough analysis of your security and business needs. The electronic version is easily managed and updated, as it is easily propagated it to all your staff with a click of a button.

 

Vulnerability Assessment & Penetration Tests

Introduction
Organizations invest millions of dollars on leading edge IT technology. In order to protect these investments, vulnerability assessment needs to be a preemptive process, both internally and externally, within the entire business/IT framework. Rigorous assessments of network design, application and internet security strategies should take place to ensure the proper protection of your information assets.


Objective
The objective of performing such vulnerability/penetration tests is to identify vulnerabilities on your systems and network, which could be exploited by either internal or external malicious users or hackers, and to provide you with the proper solution for these vulnerabilities.


Methodology
Our System, Network and Internet security assessment service focuses on the security strategies and measures in place to safeguard your entire IT infrastructure, including servers, middleware, operating systems, desktops, laptops, internal/external networks and internet connectivity. This service provides you with an insight on how vulnerable your systems and network are from internal/external attacks, and how to fix these vulnerabilities.

Deliverables

  • A comprehensive review of all the configuration files and operating systems, known vulnerabilities, as well as patch level, to ensure the confidentiality, integrity and availability of your critical information assets.
  • A review of your entire network architecture.
  • A review of all components of your internal and external network, including intranets/extranets, websites, and their related firewall, web servers.etc, among others to determine system vulnerabilities.
  • A comprehensive detailed report including short/long term recommendations to fix and improve the overall system, network and internet security.

Business Continuity Planning & Disaster Recovery

Introduction
Business Continuity refers to the activities required to keep your organization running during a period of displacement or interruption of normal operation caused by natural or manmade disaster. Disaster Recovery is the process of rebuilding your operation or infrastructure after the disaster has passed.


Objective
Disaster might occur unexpectedly, thus you must be prepared. Front Defense assists you in designing a plan to minimize the disruption of disaster, and ensures your business remains competitive. This plan is specifically tailored to the size and nature of your business.


Methodology
Our approach is to assist you build a business continuity plan, which is a collection of procedures and information developed, compiled and maintained for you to use in the event of an emergency or disaster. Some of the phases include BCP objective and scope, business analysis, design and development, implementation, testing and maintenance.

Deliverables
We deliver a detailed business continuity plan that identifies the processes and infrastructure required to provide an acceptable level of service when a key business process fails. This might be due to the sudden loss or degradation of a system, or to the failure of any externally-sourced system, product or service.

The plan contains, but is not limited to, the following sections:

  • Data Processing, Data Center , Restoration procedures (Primarily IT functionality).
  • Where to go to resume Business Functions;
  • Who will carry out the recovery;
  • What will be needed to resume vital Business Functions;
  • Procedures to be followed to recover or resume business after a catastrophic event;
  • Step-by-step instructions in case the Planner is not available;
  • Assignments (areas of responsibility) which should be simple, and tested to ensure the Safety of Employees and critical information and documents.

 

Security Awareness Training

Security awareness is extremely important in any organization as it is the first building block in helping your employees understand the dangers and ramifications of information security in today's world. Users are unaware of their security responsibilities, and due to the constant changes in regulatory compliance, it is imperative that both employees and organizations have the right security awareness training.

Objective
Our objective is to assist you tailor an awareness program that fits your organization needs and culture.


Methodology/ Deliverables
The security awareness program is a collective and coordinated effort that includes the security staff, management, marketing, human resources, technical and end users.


Deliverables include:

  • A theme approach covering all aspects of information security.
  • Posters, intranet and email messages.
  • Seminars and presentations.
  • Internal marketing, design, production, placement and distribution of newsletters, posters and desk items.
  • Technical vs. management high level training
  • Open discussions and area expertise.
  • Measurements and feedback.
  • ...and much more.

 

Security Architecture

Introduction
Creating security architecture for your organization builds the foundation for the successful implementation of a viable and scalable long term security strategy. IT infrastructures, with both internal and external networks, are increasingly vulnerable to security violations that threaten the availability, integrity and confidentiality of your company's vital business information. A sound and comprehensive architecture is critical to guarantee the security of your business transactions.


Objective
The overriding objective of any security architecture is to detect security threats and risks promptly, so that policies can be adopted to ensure that business activities are maintained at a high-level of security, at an acceptable cost, and without overburdening your personnel with complex procedures.


Methodology/ Deliverables
Font defense trained consultants can design and implement a security architecture that meets your business needs and objectives with a lower total cost of ownership as well as the ability to scale up in capabilities as your business grows.
The key elements of developing a security architecture tailored to your company's unique requirements and culture include the following elements, all of which are contained in Front Defense service:

  • Understanding the primary business functions and goals of your organization]
  • Comprehending and analyzing the current IT infrastructure, security concepts and business processes within your organization.
  • Delivering a comprehensive review and documentation of the security analysis with short and long-term requirements.
  • Designing a working scenario for corporate-wide security architecture, including related technologies and policies