PROFESSIONAL SECURITY SERVICES
Based on our years of experiences on security, we provide quality security professional services in various stages of the security lifecycle.
PLANNING
The Secret of Success is to prepare as early as possible and to build necessary controls both in processes or infrastructure to prevent security incidents
IT SECURITY INFRASTRUCTURE DESIGN AND PLANNING
• Reviews on the network infrastructure from network, system and operation viewpoints according to the organization business requirements
• Recommend the best solution based on the latest technology available, vulnerabilities trend and business requirements
CLOUD SECURITY AND CONSULTANCY SERVICES
• Cloud Adoption Consultancy Studies (e.g. Cloud Readiness Studies, Design, Service Model Analysis and Planning)
• Secure Cloud Design Advisory Services
• Cloud Risk Audit Program Development
MOBILE STRATEGY STUDIES
• Mobile Computing Strategy & Policy Development
• Mobile Infrastructure Design & Planning Service
• Mobile Device Management Studies (e.g. BYOD Readiness Studies, Design and Planning)
IT SECURITY PROFESSIONALS TRAINING
• Our trainings provide up-to-date IT Security knowledge to end-user and technical staff
REVIEW & ASSESS
The Secret of Success is to clearly understand the healthiness of your security controls and infrastructure. Our services verify IT operation, development, design and built of your environment to identify weaknesses and provide recommendations to mitigate those risks. We also conduct compliance reviews based on COBIT standard and also perform Penetration Test using non-intrusive penetration methods.
IT SECURITY ASSESSMENT
• Perform periodic review and assessment for clients
• Provide pre-launch IT security risk assessment services before new systems implementation
• Assist clients in identifying current vulnerabilities, threats and prioritizes remediation activities to mitigate technical risks according to business impacts and requirements
IT SECURITY AUDIT AND IT AUDIT SUPPORT SERVICES
• Provide periodic effectiveness and efficiency review of IT systems through IT Audit
• Perform General IT Audit and Application IT Audit to support financial audit and due diligence review
• Conduct IT security audit review of IT systems through industry best practices (e.g. ISO 27001, COBIT, PCI-DSS, etc.)
CLOUD SECURITY ASSESSMENT SERVICES
• Perform Cloud Risk Security Assessment for Cloud User or Cloud Service Provider according to Cloud Security Alliance Cloud Control Matrix or other tailor-made Cloud Audit program
• Launch Cloud Application Vulnerability using system or web application testing depending the Cloud Service Model
COMPLIANCE AUDIT REVIEW
• Perform IT Compliance Audit to IT systems (e.g. banking application, stock trading system)
• Conduct Compliance Review on critical IT systems.
PENETRATION TEST AND SIMULATED ATTACK
• Conduct system, network and application penetration test using Black/Gray Box hacking method
• Launch Non-intrusive penetration methods to application based on industry best practices (e.g. OSSTMM, OWASP, etc)
• Perform Simulated Attack / Red Teaming
PRIVACY IMPACT ASSESSMENT REVIEW
• Conduct Privacy Impact Assessment Review according to the
Personal Data Privacy Ordinance review
• Perform Privacy Compliance Review based on corporate privacy policy and
sensitive data requirement
MOBILE APPLICATION REVIEW
• Conduct Secure Design Review of Mobile Application
• Perform Non-intrusive pre-launch mobile penetration to mobile application based on industry best practices (e.g. OSSTMM, OWASP, etc)
• Conduct Secure Code Review of Mobile Application
IMPLEMENTATION
The Secret of Success is to ensure the effective deployment of security controls with continuous solid operations. We don’t just implement what are required, we will also recommend related operational and continuous improvement processes to enhance the effectiveness of the security controls.
SYSTEM HARDERING
• Review and develop System or Application Hardening Guide for client applications based on industry best practices (e.g. SANS 20 CSC, CIS Critical Security Controls, CIS Security Benchmarks)
• Evaluate and revise security hardening requirement for client to fit into the patch and hardening configuration guide
• Develop security hardening scripts for client according to the hardening configuration guide
POLICY DEVELOPMENT AND REVISION
• Review and update IT Security policies and procedures according to industry best practices
• Develop security checklists and user level security policies practices guide for client
• Assist clients in reviewing, revising and refining existing IT security policies and procedures against business requirements and international best practices
SECURITY SOLUTION IMPLEMENTATION, INTEGRATION, AND CUSTOMIZATION SERVICES
• Assist clients to implement and configure specific security solutions, such as
• Smart Card Infrastructure design and implementation
• IT Security Incident Management solution implementation
• Authentication and Identity Management solution implementation
• Single sign-on solution implementation
DATA CENTER DESIGN & BUILD
• More than 20 years of experiences in Data Center operations including the management of more than 10 DCs and 500+ ELV rooms
• Facilitate the gathering of the DC requirements based on the client’s strategic plan and the technologies to be adopted
• Design and build the green DC with PUE below 2 and the DC wll met the requirements of the Cyber Security Law
• Provide and implement cost effective monitoring system for DC and ELVs
• Supply of modular DC solution
• Supply and deploy of secure enterprise storage
POST INCIDENTS
The secret of success is to act as quick as possible with right skills to minimize the impact to the operation.
SECURITY INCIDENT HANDLING SERVICES
• Develop Security Incident Handling and Response Procedures for client
• Assist client to perform Security Incident Handling and Response after security attack
• Provide Post-Security attack security incident response containment and incident management
DIGITAL FORENSICS INVESTIGATION SERVICES
• Perform Post-incident Digital Forensics Investigation Services to determine and identify the cause of incident, time and propose the rectification recommendations
• Contain and Acquire Digital Evidence for forensics investigation
• Provide Forensics and Investigation Support Services for Court Litigation cases
SIEM Consultation Services
We help our customers to implement SOC and security monitoring with their selected tools
We plan, we design, we deploy, we train