IT Security Consulting
International Standards - ISO/ BS
A standard is a document that provides requirements, specifications, guidelines or characteristics that can be used consistently to ensure that materials, products, processes and services are fit for their purpose. Standards define best practice in many different areas. They’re put together by groups of experts, consumers, research organizations, government departments and more and come in a number of different kinds, from a set of definitions to a series of strict rules. Standards are agreed ways of doing something, written down as a set of precise criteria so they can be used as rules, guidelines or definitions.
ISO International Standards ensure that products and services are safe, reliable and of good quality. For business, they are strategic tools that reduce costs by minimizing waste and errors, and increasing productivity. They help companies to access new markets, level the playing field for developing countries and facilitate free and fair global trade. Standards come in a number of different forms. Some tell you how to do something in great detail, others give more general information, and others simply define terms.
Frameworks
Oman eGovernance Framework is a set of standards / best practices and process management systems to enhance the delivery of Government Services in alignment with the Mission of ITA. The framework spells the rules and procedures that ensure that Government IT projects and systems sustain and extend ITA’s strategies and objectives. It is also intended to provide assurance about the value of IT, provide framework for the management of IT-related risks and putting together controls to minimize risks and better deliver IT initiatives.
Domain Based
Domain Based Security was developed in the late 1990s by the Defence Evaluation and Research Agency (DERA). It is a model-based approach to information assurance that describes the requirements for security in an organisation, taking account of the business that needs to be supported. The model is based around the concept of a security Domain, which represents a logical place where people work with information using a computer system, and which has connections with other security domains where this is necessary to support business activity. Hence the focus is on the information that needs protection, the people that work with it and the people they exchange information with. The model can also describe the physical environments where people work and the system boundaries where major system security measures are placed. A systematic method is then applied to the model to identify and describe the risks to which valuable information assets are exposed and specify security measures that are effective in managing the risks.
IT Governance
Our comprehensive range of products and services, combined with flexible and cost-effective delivery options, provides a unique, integrated alternative to the traditional consultancy firm, publishing house, penetration tester or training provider. We pride ourselves on our ability to serve an international customer base and deliver a broad range of integrated, high-quality solutions globally, while meeting the real-world needs of today’s organisations, directors and practitioners.
Having led ISO 27001 implementations since the inception of the Standard, our strong global cyber security presence gives us the knowledge and insight to provide valuable advice, tailored to meet any organisation’s specific needs or budget.
Operation Centres
A security operations center (SOC) is a centralized unit that deals with security issues on an organizational and technical level. A SOC within a building or facility is a central location from where staff supervises the site, using data processing technology. Typically, a SOC is equipped for access monitoring, and controlling of lighting, alarms.
A SOC is related with the people, processes and technologies involved in providing situational awareness through the detection, containment, and remediation of IT threats. An SOC manages incidents for the enterprise, ensuring they are properly identified, analyzed, communicated, actioned/defended, investigated and reported. The SOC also monitors applications to identify a possible cyber-attack or intrusion (event) and determine if it is a real, malicious threat (incident), and if it could have a business impact.
Physical Security
Investments in cybersecurity and physical security are proportionally connected to your organization’s improved financial picture for a long-term perspective. Our digital lives are getting smaller as technology simplifies our communications, but cyber attacks are also prevalent. While the Internet radically changes the way organizations operate globally, from handling sensitive data to offshore outsourcing of IT architecture, the payoffs of security are significant and can’t be overlooked.
Organizations are becoming smarter as they leverage on the available resources such as physical security systems, software, and advanced IT infrastructures to protect their property, digital assets, and of course the employees. Unfortunately, vulnerabilities, threats, and risks are everywhere. However, you can mitigate them as long you dutifully enforce proper planning and implementation of standards, policies, and procedures through a physical security policy.
Other Standards Process
Contents
Payment Card Industry Data Security Standards
COBIT4.1 / COBIT5
UPTIME Institute / TIA-942
Data Center / Disaster Recovery Site Standards
Tier based Standards