Information
Security
IT Governance
Cloud Consulting
Services
Risk Compliance
CIO
/ CISO Services:
Information Security,
IT-Governance consulting and infrastructure related services.
Conduct:
·
IT infrastructure
assessments
·
Security and risk
assessments
·
vulnerability
assessments
·
Penetration tests
Design and
implement:
·
Information
security programs
Review and
develop:
·
Information
security architectures
·
Security policies
·
Business continuity
strategies
Disaster recovery
plans
Certifications
·
CISSP
·
CISA
·
CISM
·
CRISC
·
CGEIT
·
ITIL
·
TOGAF9
·
PMP
·
MCSE
·
MCITP
·
MCT
Certification
audits
·
ISO27001:2013
·
ISO 20000
·
PCI-DSS (3.1 /
3.2)
·
COBIT 5 Review
and Implementation
·
ADSIC ISS 2.0
·
ISR: Dubai
Information Security Regulation
·
NESA standard:
·
ISA / IEC 62443
Security
Assessments
·
Security Policies
·
Data
Classification
·
Risk Management
·
Topology, Data
Flow
·
Access Control
·
VPN/Remote Access
·
Network Access
Control
·
Application
Configuration
·
Database
Configuration
·
Change Control
·
Patching &
Anti-Virus
·
Logging / SIEM
·
Intrusion
Detection
·
Physical Security
·
BCP/DR
Compliance:
·
Information
Security Policies
·
Operations
Security
·
Organisation of
Information Security
·
Communications
Security
·
Human Resources
Security
·
Systems
Acquisition, Development, Maintenance
·
Asset Management
·
Supplier
Relationships
·
Access Control
·
Security Incident
Management
·
Cryptography
·
Business
Continuity
·
Physical and
Environmental Security
Compliance
INFOSEC:
Security assessments:
Security assessments should be conducted on a regular basis, and
should be included in the strategy. Major international standards include
third-party assessments as an important requirement. The goal of assessments is
to ensure that necessary and adequate security controls are implemented to
protect information assets from unauthorized access, use, disclosure,
disruption, modification, recording or destruction.
We,
at Forebrook, conduct comprehensive assessments based on best-practices and
international standards. In addition to using latest tools for vulnerability
assessments, we also check, inspect, observe and analyze information systems in
a holistic manner covering technology, people, policies, processes, procedures.
As an integral part of assessments, we conduct interviews with individuals and
groups in the organization to understand the infrastructure, security
objectives and strategies, and assess security controls for effectiveness and
adequacy. Additionally, penetration tests will be conducted for public-facing
IPs.
Our
Security/Risk Assessments culminate in extensive reports and recommendations
for remediation along with roadmaps to implement controls.
ISMS implementation
(Information Security Management System)
We assist organizations in implementing ISMS based on good practices and
international standards. Organizations are required to obtain independent
certification of their information security management systems against the ISO
standard. The ISO27000 suite of standards specifies requirements for
establishing, implementing, operating, monitoring, reviewing, maintaining and
improving a documented Information Security Management System (ISMS), using a
continual improvement approach. We help organizations prepare for certification
by doing risk assessment, gap-analysis and design an integrated ISMS covering
all the domains described in the standard:
Security Architecture
We review Security Architecture based on any of the standards or
even create a standards-based architecture.
Vulnerability
Assessment and Penetration Testing (VA/PT)
VA/PT is a requirement for compliance with standards such as PCI-DSS, or as a part of risk
assessment for ISO 27001;
regardless, conducting regular VA/PT is deemed a good practice and is usually
included in well-designed security programmes. VA/PT is included in our
security assessments, but we also offer a separate service for specific
objectives such as reports for compliance audits. We use VA scanning tools according to the need of the organization and analyze
reports to extract actionable intelligence. In addition to the summary report,
we submit recommendations for remediation and a prioritized list of remediation
activities.
Forensics