Security Posture Assessment(SPA)

Transcription

1 Security Posture Assessment(SPA) Headquarters: Ofisgate Sdn Bhd ( A), 2-15 Jalan Jalil Perkasa 13 Aked Esplanad, Bukit Jalil, Kuala Lumpur, Malaysia Regional Office: Ofisgate (s) Pte Ltd, 205B Thompson Road, Goldhill Centre, Singapore

2 Understand Your Current Security State Understanding your organization s security state and identifying vulnerabilities is the first step toward protecting the confidentiality, integrity and availability of critical data. It is also an important component for achieving regulatory compliance. Protection of Information Access Protection of Information Reliability Protection of Information Availability Protection of Information Integrity SPA to secure ICT Assets

3 Understand Your Current Security State Your organization may be vulnerable to attack from the outside or the inside if you remain unaware of security issues, simply ignore them or don t sufficiently manage them. An attack may take down your network or lead to the theft of sensitive data customer information, employee information or intellectual property. The ensuing loss of public trust or the failure to comply with regulations could result in severe financial repercussions. A major security breach could also cause irrevocable damage to your organization s reputation. IMPACT SOLUTION To effectively protect your organization, you first need to evaluate where you stand in relation to industry best practices and regulatory requirements. A gap assessment will help identify the most effective course of action based on your business objectives.

4 Understand Your Current Security State A ROADMAP TO A MORE SECURE NETWORK Going much deeper than an ordinary assessment, the Internet Security Systems Information Security Assessment provides a comprehensive evaluation of your information security posture. Based on the globally recognized ISO standard and industry best practices, the assessment by Ofisgate Sdn Bhd security experts will thoroughly document the results and provide you with specific recommendations for mitigating the identified risks and improving overall security posture

5 Benefits Of the Information Security Assessment Provides a clear understanding of current information security risks Identifies the potential impact of vulnerabilities on your network infrastructure Raises internal awareness of information security risks Enables more informed decision-making and identifies the gaps in organizational security controls, policies and processes Provides a specific, actionable plan to improve overall security posture based on business needs Enables you to proactively address security issues before they are exploited Helps to meet regulatory compliance requirements

6 SPA Scope of Work This document is intended to show and analyze network security issues to the management and technical staff. The audit report outlines: Network Assessment Host / Server Security Assessment Application and Database Assessment Physical Assessment ICT Security Policy Assessment Penetration Test (Internal & External) Reporting / Recommendation / Presentation Transfer of Technology (ToT) & Hands-On Security Training

7 Project Timeline Pre Assessment Assessment Post Assessment Project Handover

8 Pre Assessment Assessment Post Assessment SPA Project Phase Project Planning and initiation Customization of assessment procedures Network Assessment Host/ Server Security Assessment Application and Database Assessment Physical Assessment ICT Security Policy Assessment Penetration Test (Internal & External) Reporting / Recommendation/ Presentation Transfer of Technology (ToT) & Security Hands- On Training

9 Network Design Audit and Network Parameters Evaluation BTM WAN Network Internal Datacenter Network BTM NOC

10 Internal and External Network Devices Assessment 1 Firewall 1 AV Admin Server, 2 AV District Hosts and 4 user PCs 1 Content Filtering / IPS Example 1 Core Switch and 2 Access Switches 7 Types 1 Security Gateway 3 Routers 3 Wireless Appliances

11 Host / Server and Desktop Security Assessment Server Farm DMZ 2x Branches User HQ User Example

12 Application and Database Security Assessment One (1) Portal Five (5) Web Applications Two (2) My SQL Database Two (2) Oracle Database Example

13 Operating System & Configuration Management 10 Windows Hosts 5 Linux Hosts 3 HQ Users 3 District Users 21 Hosts Example

14 Physical and Environment Security Audit One (1) Customer a Datacenter One (1) NOC Example

15 ICT Security Policy Assessment / Review One (1) Customer A ICT Security Policy Example

16 Internal Penetration Test Server Farm DMZ HQ User 2x District User Example

17 External Penetration Test One (1) Agency Portal Seven(7) Web Applications One(1) 9 Hosts Example

18 Report Presentation Six (6) Reports Report Presentation Including (1) Executive Summary Report Example

19 Security Awareness One (1) Security Awareness Session

20 Training Three (3) Network Security Hands-On Training

21 Tools Nikto2 MATASANO Flint Firewall Checker

22 For enquiries about our products, services or to schedule a sales presentation: e: sales_enquiries@ofisgate.com For contact information: OFISGATE SDN BHD ( A) 2-15, Jalan Jalil Perkasa 13, Aked Esplanad, Bukit Jalil, Kuala Lumpur, MALAYSIA. Tel: Fax: