• Develop, document & implement an organisation specific security policy including standards, guidelines and procedures
• Security policy compliance review
• Security governance & organisation set – up
• 3rd party security governance review

Deliverables:

• Security policy, standards, baselines, guidelines and procedures
• Review report with recommendations
• Organisation chart, roles and responsibilities

• Security Information Risk Advisory
• Cyber security risk management
• Security risk and vulnerabilities’ assessment
• Vulnerability reporting
• Security control review and recommendations
• Threat Analysis for the organisation

Deliverables:

• List of risks, vulnerabilities, threats and mitigating actions
• Hybrid – (Qualitative and Quantitative) risk assessment
• Prioritised list of threats and suggested defense
• Residual risk and Countermeasure benefit evaluation report

• Network vulnerabilities and controls review(firewall, IDS, encryption, protocols)
• Implementation of Encryption, certificate & key management (for data at rest, in transit and in use)
• Denial of Service (DoS) awareness and protection
• Acquiring, managing and disposing of network devices

Deliverables:

• Network controls recommendations
• Encryption best practice recommendations
• Certificate and key management reports
• DoS protection best practice

• Data remanence & life cycle management
• Data Governance establishment
• Data Privacy impact Assessment
• Data and asset classification
• Database security management

Deliverables:

• Data lifecycle assessment report
• Data governance organization chart with roles and responsibilities
• Data privacy impact and recommendations report
• Data classification report
• Database vulnerabilities report

• Security solution design, architecture, development & maintenance
• Security architecture service(implementing defence in depth)
• Software design review
• Security documentation review – NDA, NCA, MOU, SLA, policies
• Digital service security review

Deliverables:

• Cyber security design principles
• Secure development and deployment principles for software
• Security architecture anti-patterns
• Security document templates

• Security review of mergers & acquisitions
• GDPR compliance review
• ISO security audit ( NCSP CAF 2.0)
• Web application penetration testing (OWASP)
• Software code security review
• Product and service security assessment
• Email security review
• Security operations review
• Security testing reviews & follow ups
• Security tool review
• Product security evaluation (using common criteria)

Deliverables:

• Comprehensive review reports
• Audit reports
• Security improvement recommendations
• Penetration test reports
• Network vulnerabilities’ report
• Performance test reports

• Review of software, hardware, people and physical assets’ security
• Formulation of asset strategy
• Asset classification and prioritization for security
• Configuration management review
• Capacity management review
• Personnel security recommendations
• Secure sanitization of storage media
• Mobile device security management
• End-user device security

Deliverables:

• Comprehensive review reports with improvement considerations and evaluation
• Asset strategy
• Configuration management strategy
• Capacity management strategy
• Secure asset database design

• DR & BCP – planning & review
• System resilience review
• Business Impact Assessment
• Major security incident review process

Deliverables:

• Business continuity plan
• Disaster recovery plan
• DR/BCP organization structure, roles and responsibilities
• Review and assessment reports with recommendations
• Implementation of Security incident review process

• Security management of industrial control systems
• Cyber-physical, Embedded systems, Firmware security review
• IoT systems security review
• Connecting OT and Enterprise systems securely

Deliverables:

• DoS protection guidance
• Review and assessment reports with recommendations
• OT security policy
• API Security assessment report

• Identity & Access Management reviews
• Joiners, movers and leavers process reviews
• Change management review
• Secure password administration
• Security incident management

Deliverables:

• Identity and Access management best practice recommendations
• Privilege creep, Excess privileges and other vulnerabilities’ assessment
• Best practice security processes guidance
• SIEM process implementation

• Preventing attacks & defence
• Threat profile
• Logging monitoring & audit set-up
• Security Awareness Training (Execs, Managers, End-users)

Deliverables:

• Organisation cyber attack potential, profile and defense suggestions
• Tailored awareness, training and education

• Cloud contracts review
• Cloud security review
• Cloud migrations & suitability assessments(security focussed)
• SaaS, PaaS and IaaS service security review

Deliverables:

• Cloud security best practice
• SaaS security best practices
• PaaS and IaaS security best practices
• Connecting cloud services securely guidance
• Cloud migration checklist
• Organisation cyber attack potential, profile and defense suggestions
• Tailored trainings

• Tailored around (ISC)² internationally acclaimed cyber security courses
• Prepares participants to get certified as an Associate CISSP
• Two courses – basic and advanced
• Tailored for university students and professionals
• Courses delivered both online and in classroom
• Assessment included

Deliverables:

• Tailored Cyber security curriculum and delivery