Professional Services

IT SECURITY INFRASTRUCTURE DESIGN AND PLANNING

• Reviews on the network infrastructure from network, system and operation viewpoints according to the organization business requirements
• Recommend the best solution based on the latest technology available, vulnerabilities trend and business requirements

CLOUD SECURITY AND CONSULTANCY SERVICES

• Cloud Adoption Consultancy Studies (e.g. Cloud Readiness Studies, Design, Service Model Analysis and Planning)
• Secure Cloud Design Advisory Services
• Cloud Risk Audit Program Development

MOBILE STRATEGY STUDIES

• Mobile Computing Strategy & Policy Development
• Mobile Infrastructure Design & Planning Service
• Mobile Device Management Studies (e.g. BYOD Readiness Studies, Design and Planning)

IT SECURITY PROFESSIONALS TRAINING

• Our trainings provide up-to-date IT Security knowledge to end-user and technical staff

IT SECURITY ASSESSMENT

• Perform periodic review and assessment for clients
• Provide pre-launch IT security risk assessment services before new systems implementation
• Assist clients in identifying current vulnerabilities, threats and prioritizes remediation activities to mitigate technical risks according to business impacts and requirements

IT SECURITY AUDIT AND IT AUDIT SUPPORT SERVICES

• Provide periodic effectiveness and efficiency review of IT systems through IT Audit
• Perform General IT Audit and Application IT Audit to support financial audit and due diligence review
• Conduct IT security audit review of IT systems through industry best practices (e.g. ISO 27001, COBIT, PCI-DSS, etc.)

CLOUD SECURITY ASSESSMENT SERVICES

• Perform Cloud Risk Security Assessment for Cloud User or Cloud Service Provider according to Cloud Security Alliance Cloud Control Matrix or other tailor-made Cloud Audit program
• Launch Cloud Application Vulnerability using system or web application testing depending the Cloud Service Model

COMPLIANCE AUDIT REVIEW

• Perform IT Compliance Audit to IT systems (e.g. banking application, stock trading system)
• Conduct Compliance Review on critical IT systems.

PENETRATION TEST AND SIMULATED ATTACK

• Conduct system, network and application penetration test using Black/Gray Box hacking method
• Launch Non-intrusive penetration methods to application based on industry best practices (e.g. OSSTMM, OWASP, etc)
• Perform Simulated Attack / Red Teaming

PRIVACY IMPACT ASSESSMENT REVIEW

• Conduct Privacy Impact Assessment Review according to the Personal Data Privacy Ordinance review
• Perform Privacy Compliance Review based on corporate privacy policy and sensitive data requirement

MOBILE APPLICATION REVIEW

• Conduct Secure Design Review of Mobile Application
• Perform Non-intrusive pre-launch mobile penetration to mobile application based on industry best practices (e.g. OSSTMM, OWASP, etc)
• Conduct Secure Code Review of Mobile Application

SYSTEM HARDERING

• Review and develop System or Application Hardening Guide for client applications based on industry best practices (e.g. SANS 20 CSC, CIS Critical Security Controls, CIS Security Benchmarks)
• Evaluate and revise security hardening requirement for client to fit into the patch and hardening configuration guide
• Develop security hardening scripts for client according to the hardening configuration guide

POLICY DEVELOPMENT AND REVISION

• Review and update IT Security policies and procedures according to industry best practices
• Develop security checklists and user level security policies practices guide for client
• Assist clients in reviewing, revising and refining existing IT security policies and procedures against business requirements and international best practices

SECURITY SOLUTION IMPLEMENTATION, INTEGRATION, AND CUSTOMIZATION SERVICES

• Assist clients to implement and configure specific security solutions, such as
• Smart Card Infrastructure design and implementation
• IT Security Incident Management solution implementation
• Authentication and Identity Management solution implementation
• Single sign-on solution implementation

DATA CENTER DESIGN & BUILD

• More than 20 years of experiences in Data Center operations including the management of more than 10 DCs and 500+ ELV rooms
• Facilitate the gathering of the DC requirements based on the client’s strategic plan and the technologies to be adopted
• Design and build the green DC with PUE below 2 and the DC wll met the requirements of the Cyber Security Law
• Provide and implement cost effective monitoring system for DC and ELVs
• Supply of modular DC solution
• Supply and deploy of secure enterprise storage

SECURITY INCIDENT HANDLING SERVICES

• Develop Security Incident Handling and Response Procedures for client
• Assist client to perform Security Incident Handling and Response after security attack
• Provide Post-Security attack security incident response containment and incident management

DIGITAL FORENSICS INVESTIGATION SERVICES

• Perform Post-incident Digital Forensics Investigation Services to determine and identify the cause of incident, time and propose the rectification recommendations
• Contain and Acquire Digital Evidence for forensics investigation
• Provide Forensics and Investigation Support Services for Court Litigation cases