• Security Posture Assessment (SPA)
ScanSyria is meant to establish the current baseline security of the network and systems by discovering known vulnerabilities and weaknesses, with the intention of providing incremental improvements to tighten the security of the network and systems.
Security is concerned with the protection of information access, integrity, reliability and availability.
The degree of protection required depends on the value of the information and this, in turn, dictate the security measures needed and afforded.
Information security is implemented by systems, policies, and procedures. Vulnerabilities in the systems present a threat to the information it protects, and if successfully exploited will result an impact. Measures intended to counteract against potential threats are called counter measures.
The purpose of a counter measure is to eliminate or reduce the likelihood or impact of a threat on an information asset. Thus, the objective of a Security Posture Assessment uncovers the potential threats to the information assets, and is therefore, an indispensable starting point in avoiding undesirable impacts. This is indispensable for organizations to require the highest possible assurance and confidence that their networks and systems are protected.
• Business Continuity Management (BCM)
ScanSyria Business Continuity Management (BCM) is a holistic management process that identifies potential impacts that can threaten the day-to-day operations of an organization.
It provides a framework for building resilience with the capability for an effective response that safeguards the interests of its key stakeholders, reputation, brand and value-creating activities. In addition, BCM provides an overall program to ensure the plan stays current and up-to-date through continuous training, rehearsals and reviews.
ScanSyria ICT Consultants’ extensive knowledge and experience in the areas of business continuity, training and certification will help you and your organization understand important elements in your business to ensure survivability in the event of a crisis or disaster.
Our tailor-made approach is beneficial to ensure requirements met are made as concisely as expected.
We help our clients through the entire life cycle of Business Continuity Management (BCM) by:
- Undertaking impact assessment and risk profiling to determine the recovery requirements and priorities of your organization.
- Managing implementation of recovery infrastructure and Business Continuity Plan (BCP).
- Developing options of recovery strategies, defining recovery resources, preparing budgetary costing, and designing the framework of how the BCM program is to be managed within an organization
- Developing policies, plans, manuals, templates and checklists pertaining to recovery activities.
• Security Incident Response
A security incident is a deliberate attempt to gain unauthorized access to a company’s system or data in order to disrupt the service or change the system’s characteristics without the owner’s knowledge.
Security incidences can come in many forms, the most deadly being:
- Malicious codes
These include viruses, worms, Trojan horses, time bombs and pests.
- Intrusions or breaking
An intruder may bypass a system’s authentication process. A registered user may use his limited privilege to engineer unauthorized activity.
- Insider attack
This includes industrial or commercial espionage by employees, contract workers or others working inside the company’s premises.
- Effects of an Attack
Once a company’s computer security is compromised, it could create:
• Congested network or system crashes.
• Data or programs may be altered or lost.
• Response to Security Incidents.
The ScanSyria Response is two-folds. First, it promotes proactive contingency action to tighten a company’s ICT security against incidents.
Second, it initiates five stages of response to minimize damage and ensure continuity of operations when incidents do take place. These stages are:
This constitutes determining the exact problem. Using sophisticated detection software and audit information, SCAN’s team investigates the identity, nature and extent of the network attack.
Containment is limiting the extent of the attack. This may involve shutting down the system temporarily if the system is classified or sensitive data is at risk. Another alternative is to keep the system up and risk some minimal damage in order to identify the intruder.
Once an incident is contained, it is then eradicated. There is specialized software for such procedures. All backups must be ensured clean. At times, systems become periodically reinforced with viruses simply because these viruses are not periodically cleaned from the backups.
The next phase of action after eradication is recovery. Recovery means returning the system to normal. If the incident attack is network-based, it is important to install patches to all vulnerable holes in the operating system, exploited during the attack.
+ Security Impact Analysis
This follow-up stage, the most crucial, is often neglected. This is a post-mortem analysis that is very valuable as:
• It helps to create a set of ‘lessons learnt’ as reference to improve future performance in similar situations.
• It justifies all security measures and efforts to management.
• It yields information including a formal chronology of events, which may be essential in legal proceedings
• Development of ICT Security Document
To be truly effective, the security within an organization needs to be supported by different types of documentations. These documentations form the principle and guideline for which security is to be managed, and thereby the basis of which consistent security throughout the organization is achieved.
Our certified security consultants who have been well exposed to different operating environments of various industries would be able to develop the security documents that best fit your organization. The security documents covered are as follows:
• Law and Regulations Industry & Best Practices.
• Guideline Procedure.
We approach the development of ICT Security Document by Understanding the organization’s culture, industry standards and regulatory requirements are paramount during the development process to ensure that the documents developed are truly practical and reflect the actual practices of the client.
• ISO/IEC 27001 Compliance
In today’s competitive business environment, information is the lifeblood to ensure survivability of an organization, which is subject to increased exposure to threats and vulnerabilities. There is a need to establish a comprehensive protection strategy based on a sound risk management framework.
ISO/IEC 27001 is a standard for Information Security Management Systems (ISMS) to provide a framework for organizations to improve and demonstrate maturity of their information security process.
ScanSyria has proven methodology for achieving ISO/IEC 27001 compliance and certification.
As we house one of the largest pools of Certified ICT Security Consultants in the country, we will help you meet your ISO/IEC 27001 compliance goals in the shortest time and lowest cost.
• ICT Security Risk Assessment
All organizations, large or small, public or private, exist to provide value to their stakeholders. However, there are many risks inherent in the current business environment that may deter an organization from achieving its objectives. Therefore, risk management is an important business discipline that an organization should embrace to minimize the effects of risks on its returns and capitals.
For security risk assessment, there two modes i.e. high-level risk assessment and detailed risk assessment that is tailored perfectly to each customer’s needs. Depending on the size and complexity of your organization.
We guide you through the entire life cycle of risk management by:
• Undertaking security health checks to assess the security posture within your organization.
• Designing and implementing a risk management framework for your organization.
• Creating the risk mitigation strategies by prioritizing the treatment of risk.
• PCI Compliance Services
Today, as security awareness is growing, with the vast array of regulations and standards that emphasizes on the importance of corporate governance, IT governance, reporting standards and financial frameworks, security of personal information is crucial for the development of the current business environment.
ScanSyria will ensure that the compliance of standards are adopted and maintained by providing the following services:
• Quality Security Assessors Assessment.
• Compliance in all requirements pertaining to PCI.
• Approved Scanning Vendor.
• Effective training and seminars.