CyberGroup
Information Security Consulting Services |
CyberGroup realise that a complete
information security approach not only includes the actual technical
solution that provides the security, but must also consist of a
comprehensive Information Security Management Approach.
This approach should be able to uncover the risks that the business
systems are facing, address them and then manage them. This is the
most neglected part of an information security approach, but CyberGroup's
Information Security Consulting Team have developed an easy to understand
and implement set of services to assist companies in developing
an Information Security Management Approach.
CyberGroup's Information Security Consulting Services consists of
the following Security Model: |
|
The following provides a short overview of each phase:
-
Phase 1, Baseline: The CyberGroup
Security Assessment Service involves the creation of a baseline
to gain an understanding of the customer's current Information
Security situation. The Information Security Compliance Audit
creates this baseline, and provides a snapshot of the current
risks and vulnerabilities, and compares the assessment report
to the ISO-7799 standard. This is an effective, quick and inexpensive
way to gain an understanding of the current IT security risks
and vulnerabilities. Highly skilled, trained and discrete security
experts perform all activities, minimising the consequences
for the production systems under fire. The security report will
highlight both the problematic and adequately controlled areas,
which will assist you with your strategic solutions and choices
in the security products or services to stay ahead in a competitive
marketplace.
-
Phase 2, Identify Risks:
To gain an understanding of the risks, from a technical point
of view, a risk assessment needs to be performed. CyberGroup
will obtain an accurate image of the customer's security level
within respect to the latest-and-greatest security assessment
and penetration technologies. The risk assessment needs to address
the business assets protection, scope, intrusive nature and
consequences, detailing a complete security architecture review.
This phase consists of two main areas, the Network Security
Risk Assessment and the Business Risk Assessment, resembles
a "classical" audit of the customer's IT system. The
first service is of a technical nature, and provides details
on technical risks, that function under the IT architecture
and infrastructure. Secondly, the Business Risk Assessment section
of the CyberGroup offering consists of various security assessment
procedure modules. Our security assessment procedures will take
the customer on a journey of how to understand the risks, and
then how to address and manage them effectively. We provide
these phases to our customers, in order to assist companies
to understand the risks associated with their policies and procedures.
We refer to this phase as the grey area in Information Security
in the above-mentioned Security Model diagram.
-
Phase 3, Address Risks:
Once we understand a company's risks and vulnerabilities in
terms of their Information Security, we can start to address
the security risks without compromising the technical and business
logic of the customer. Shortcomings are immediately identified
and countermeasures are proposed where possible, together with
a cost estimate of these actions. The latter result in a real-world
security assessment is unavailable through theoretical security-centric
design. We address the risks by creating and applying remedies
to problem areas, by applying preventative measures and by designing,
or updating an effective Information Security Policy with the
focus on the business needs, as well as the security needs of
an organization.
-
Phase 4, Manage Risks:
With reference to the Security Model diagram above, we call
this phase the Secure Zone. It is favorable to have a well-defined
Information Security Policy, but if the policy is not implemented
correctly, it will have little or no effect on the business.
Hence, for all practical purposes it would be seen as if no
Information Security Policy is in place, which should protect
your business from exposing themselves from real everyday security
threats and unorthodox behavior of the under world. The CyberGroup
Information Security Consulting Service team will assist a customer
to develop their own standards; procedures and guidelines based
from the current ISO standards. A unique Information Security
Policy are specially customised and adapted to the company's
business needs. The customer's new policy will still fall within
the ISO security regulations, which are necessary to enforce
a successful and well-defined Information Security Policy. Once
the Information Security Policy have been created, implemented
and all the security vulnerabilities been addressed correctly,
the customer only needs to apply proper management. From hereon
the "ship" will virtually steer it self.
|
The risks are out there and they are real, what you don't
know can and most probably will harm you. All systems are vulnerable
to attack from both internal and external threat agents. Security
threats facing businesses today have never been greater, and they
only promise to become more sophisticated and dangerously effective
in the future. Now is the best time to get your Information Security
Management in order, don't wait until you've been compromised.
CyberGroup have put significant effort into developing a Security
Model that works, and that will deliver on the expectations where
Information Security can easily be managed effectively, and will
in affect simultaneously reduce unnecessary security risks that
could easily have been prevented with our Security Model approach.
Our Security Model will take the customer on a journey of how to
understand the risks, and then how to address and manage them effectively.
These Information Security Services can be done separately if required,
but understandably would be of greater benefit should all four steps
be completed. However, we do understand that sometimes the only
requirement is to pin point a specific area of concern.
CyberGroup offers you its expertise for customized security solutions
by giving you direct access to the core assets of the company, are
proof of our commitment to concentrate on the security of your e-Business.
For more information on any of the services described feel free
to contact
us.
Now is the best time to get your Information Security Management
in order, don't wait until it's too late. Hackers don't
sleep!
|
|