Security Posture Assessment (SPA) Headquarters: Ofisgate Sdn Bhd (610820-A), 2-15 Jalan Jalil Perkasa 13 Aked Esplanad, Bukit Jalil, 57000 Kuala Lumpur,

Slides:



Advertisements
Similar presentations
Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.
Advertisements

Ofisgate Training Program Headquarters: Ofisgate Sdn Bhd ( A), 2-15 Jalan Jalil Perkasa 13 Aked Esplanad, Bukit Jalil, Kuala Lumpur, Malaysia.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.
SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.
Separate Domains of IT Infrastructure
Information Security Policies Larry Conrad September 29, 2009.
Security Controls – What Works
WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Computer Security: Principles and Practice
Managing Risk in Information Systems Strategies for Mitigating Risk
Ofisgate Verified Program Headquarters: Ofisgate Sdn Bhd ( A), 2-15 Jalan Jalil Perkasa 13 Aked Esplanad, Bukit Jalil, Kuala Lumpur, Malaysia.
PCM2U Presentation by Paul A Cook IT SERVICES. PCM2U Our History  Our team has been providing complete development and networking solutions for over.
© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
Patch Management Strategy
IT Risk Mitigation Lewan Technology, Agility Recovery, FORTRUST & Woodruff Sawyer.
Website Hardening HUIT IT Security | Sep
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
Consultancy.
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.
Financial Advisory & Litigation Consulting Services Risk Management 2006 September 14-15, 2006 The Metropolitan Club, New York, NY Workshop B: Information.
SecureAware Building an Information Security Management System.
SEC835 Database and Web application security Information Security Architecture.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
Enterprise Computing Community June , 2010February 27, Information Security Industry View Linda Betz IBM Director IT Policy and Information.
“Mitigating Offshoring Risks in a Global Business Environment“
HIPAA COMPLIANCE WITH DELL
What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
CSE 4481 Computer Security Lab Mark Shtern. INTRODUCTION.
Compliance Management Platform ™. Compliance Management Platform Compliance is the New Marketing – Position yourself to thrive in the new regulatory and.
Quintum Confidential and Proprietary 1 Quintum Technologies, Inc. Session Border Controller and VoIP Devices Behind Firewalls Tim Thornton, CTO.
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Identifying Application Impacts on Network Design Designing and Supporting.
OCTAVE-S on TradeSolution Inc.. Introduction Phase 1: Critical Assets and threats Phase 2: Critical IT Components Phase 3: Changes Required in current.
Lesson 9-Information Security Best Practices. Overview Understanding administrative security. Security project plans. Understanding technical security.
CSE 4481 Computer Security Lab Mark Shtern. INTRODUCTION.
1 MISA Model Douglas Petry Manager Information Security Architecture Methodist Health System Managed Information Security.
What Can Go Wrong During a Pen-test? Effectively Engaging and Managing a Pen-test.
5/18/2006 Department of Technology Services Security Architecture.
Security Environment Assessment. Outline  Overview  Key Sources and Participants  General Findings  Policy / Procedures  Host Systems  Network Components.
Information Technology Services Strategic Directions Approach and Proposal “Charting Our Course”
Mark Shtern.  Our life depends on computer systems  Traffic control  Banking  Medical equipment  Internet  Social networks  Growing number of.
The Art of Information Security: A Strategy Brief Uday Ali Pabrai, CISSP, CHSS.
IS3220 Information Technology Infrastructure Security
Information Security tools for records managers Frank Rankin.
Risk Assessments in Many Flavors George J. Dolicker, CISA, CISSP.
CS457 Introduction to Information Security Systems
CYBERSECURITY SOLUTIONS
Chapter 7. Identifying Assets and Activities to Be Protected
ISSeG Integrated Site Security for Grids WP2 - Methodology
Critical Security Controls
Compliance with hardening standards
Lecture 14: Business Information Systems - ICT Security
L e a d i n g I C T s o l u t i o n c o m p a n y
COMPTIA CAS-003 Dumps VCE
سيستم مديريت امنيت اطلاعات
Unit 27: Network Operating Systems
Office 365 Security Assessment Workshop
ISMS Information Security Management System
IS4680 Security Auditing for Compliance
Security Essentials for Small Businesses
Cyber security Policy development and implementation
1 Stadium Company Network. The Stadium Company Project Is a sports facility management company that manages a stadium. Stadium Company needs to upgrade.
Cybersecurity Threat Assessment
Unit 5 Assignment 1 Help.
6. Application Software Security
Presentation transcript:

Security Posture Assessment (SPA) Headquarters: Ofisgate Sdn Bhd ( A), 2-15 Jalan Jalil Perkasa 13 Aked Esplanad, Bukit Jalil, Kuala Lumpur, Malaysia Regional Office: Ofisgate (s) Pte Ltd, 205B Thompson Road, Goldhill Centre, Singapore

Understand Your Current Security State Understanding your organization’s security state and identifying vulnerabilities is the first step toward protecting the confidentiality, integrity and availability of critical data. It is also an important component for achieving regulatory compliance. Protection of Information Integrity Protection of Information Availability Protection of Information Access Protection of Information Reliability SPA to secure ICT Assets

Understand Your Current Security State Your organization may be vulnerable to attack from the outside or the inside if you remain unaware of security issues, simply ignore them or don’t sufficiently manage them. An attack may take down your network or lead to the theft of sensitive data — customer information, employee information or intellectual property. The ensuing loss of public trust or the failure to comply with regulations could result in severe financial repercussions. A major security breach could also cause irrevocable damage to your organization’s reputation. To effectively protect your organization, you first need to evaluate where you stand in relation to industry best practices and regulatory requirements. A gap assessment will help identify the most effective course of action based on your business objectives. IMPACT SOLUTION

Understand Your Current Security State A ROADMAP TO A MORE SECURE NETWORK Going much deeper than an ordinary assessment, the Internet Security Systems Information Security Assessment provides a comprehensive evaluation of your information security posture. Based on the globally recognized ISO standard and industry best practices, the assessment by Ofisgate Sdn Bhd security experts will thoroughly document the results and provide you with specific recommendations for mitigating the identified risks and improving overall security posture

Benefits Of the Information Security Assessment Provides a clear understanding of current information security risks Provides a clear understanding of current information security risks Identifies the potential impact of vulnerabilities on your network infrastructure Raises internal awareness of information security risks Enables more informed decision-making and identifies the gaps in organizational security controls, policies and processes Provides a specific, actionable plan to improve overall security posture based on business needs Enables you to proactively address security issues before they are exploited Helps to meet regulatory compliance requirements

SPA Scope of Work This document is intended to show and analyze network security issues to the management and technical staff. The audit report outlines: Network AssessmentHost / Server Security AssessmentApplication and Database AssessmentPhysical AssessmentICT Security Policy AssessmentPenetration Test (Internal & External)Reporting / Recommendation / PresentationTransfer of Technology (ToT) & Hands-On Security Training

Project Timeline Pre Assessment Assessment Post Assessment Project Handover

SPA Project Phase Pre Assessment Project Planning and initiation Customization of assessment procedures Assessment Network Assessment Host/ Server Security Assessment Application and Database Assessment Physical Assessment ICT Security Policy Assessment Penetration Test (Internal & External) Post Assessment Reporting / Recommendation/ Presentation Transfer of Technology (ToT) & Security Hands- On Training

Network Design Audit and Network Parameters Evaluation BTM WAN Network Internal Datacenter Network BTM NOC

Internal and External Network Devices Assessment 7 Types 1 Firewall 1 Content Filtering / IPS 1 Security Gateway 3 Wireless Appliances 3 Routers 1 Core Switch and 2 Access Switches 1 AV Admin Server, 2 AV District Hosts and 4 user PCs Example

Host / Server and Desktop Security Assessment Example 2x Branches User DMZ Server Farm HQ User

Application and Database Security Assessment Example One (1) PortalFive (5) Web Applications Two (2) My SQL DatabaseTwo (2) Oracle Database

Operating System & Configuration Management Example 10 Windows Hosts 5 Linux Hosts 3 HQ Users 3 District Users 21 Hosts

Physical and Environment Security Audit One (1) Customer a Datacenter One (1) NOC Example

ICT Security Policy Assessment / Review One (1) Customer A ICT Security Policy Example

Internal Penetration Test Server Farm DMZ HQ User2x District User Example

External Penetration Test Example 9 Hosts One(1) One (1) Agency Portal Seven(7) Web Applications

Report Presentation Example Six (6) Reports Including (1) Executive Summary Report Report Presentation

Security Awareness One (1) Security Awareness Session

Training Three (3) Network Security Hands-On Training

Tools Nikto2 MATASANO Flint Firewall Checker

e: For contact information: OFISGATE SDN BHD ( A) 2-15, Jalan Jalil Perkasa 13, Aked Esplanad, Bukit Jalil, Kuala Lumpur, MALAYSIA. Tel: Fax: For enquiries about our products, services or to schedule a sales presentation:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.