International Services Catalog Navigating the Security Landscape from Takeoff to Landing

Transcription

1 Internatinal Services Catalg Navigating the Security Landscape frm Takeff t Landing Cpyright 2013 infrmatin security cnsulting All rights reserved

2 Intrductin Infrmatin security cnsulting (i.s.c.) funded in 1998, is active in three majr areas supprting custmers with strategic and tactical security services: cnsulting, investigatin and training. Cnsulting services cver a brad, yet carefully selected, range f services established successfully ver the years, ranging frm general purpse security cnsulting and CxO supprt services t highly specialized advice n audit matters (auditing custmers as well as supprting custmers in a cntractual, regulatry r ther certificatin audit) and entire multi-year prjects devted t getting r retaining ISO r PCI certificatin. Als cvered are related standards such as the German Baseline Prtectin Manual r lcal natinal standards. The investigatin branch specializes in supprting a custmer during r in the aftermath f any serius criminal r therwise illegal actin (e.g., civil law, business law) f which the custmer was a victim. Scenaris include crprate embezzlement, fraud, mney laundering, data theft and data leakages, DDS blackmailing, trade in custmer data, unfair cmpetitin, nline and ffline defamatin, as well as physical threats. Our IT frensics unit perates as an auxiliary unit in this branch. i.s.c. has fur Rapid Respnse Deplyment Teams (RRDT) n 24hr duty t assure that a custmer can be assisted in the fllwing areas: persnnel prtectin and evacuatin, physical and IT-based eavesdrpping, fraud (accunting fraud), and cybercrime. RRDTs services can be prvided n a subscriptin r ad-hc basis. The training branch specializes in ffering custmized training, frm individual sessins r prgrams t the setting up f entire academic training prgrams in the fields f security awareness, fundatins f infrmatin and IT security, IT frensics and a limited set f standardized classes as described later in this dcument. i.s.c. has always been at the frefrnt f the industry and has successfully executed ver 400 prjects since We have saved custmers frm legal damages in excess f EUR 25 millin thrugh ur frensic services. Shuld yu have any questins r a general inquiry, please feel free t cntact us anytime; shuld yu face a serius security situatin feel free t cntact ur 24h htline t arrange first-respnse prceedings. i.s.c. infrmatin security. delivered. Cpyright 2013 infrmatin security cnsulting All rights reserved

3 Service Directry Cnsulting Strategic CIO, CISO, CSO r IT-Security Directr/Manager services Studies, delivery f lines f arguments fr in-huse discussins Develping shrt, medium and lng term strategies r supprting their develpment Prviding cnfidential review and caching r sparring services Gvernance, Risk, and Cmpliance cnsulting with a fcus n IT and the relatinship between IT GRC and crprate GRC tpics Cnfidential CIO, CISO, CSO supprt Security reviews and audits t identify pain pints in the IT, physical and human security sphere using ur prven Cmprehensive Security Check service prduct Drafting and rll-ut f plicies and prcedures; develpment f plicy framewrks ISO and PCI certificatin supprt prjects (Certificatin Assistance Prgrams) Infrmatin security and IT security risk analysis Business risk analysis cnsidering the relatinship between infrmatin security and business risks Audits and reviews f infrmatin security management systems Systemic security audits f IT architectures IT systems (any kind f Windws r Unix based system, z/os; ther systems n request) Netwrk architecture and firewall reviews VIP telephny systems Penetratin testing f web applicatins and netwrk perimeters Web applicatin security auditing Implementatin f secure sftware develpment prcesses Business cntinuity management and planning Drafting BCM and BCP framewrks Drafting and testing f business cntinuity, business peratins cntinuity and IT-service level cntinuity plans Drafting and deplyment f security awareness trainings (such as the yearly trainings required by PCI) r entire security awareness prgrams. Cpyright 2013 infrmatin security cnsulting All rights reserved

4 Service Directry Investigatin and Evidence Acquisitin Emergency supprt thrugh Rapid Respnse Deplyment Teams (RRDT): RRDT Alpha Persnnel emergencies including evacuatin frm crisis areas Preventing and dealing with wrkplace vilence CxO and key persnnel travel prtectin services RRDT Beta Detectin and remval f physical and IT-based eavesdrpping devices RRDT Gamma Fraud and embezzlement Frensic accunting RRDT Delta Strategic guidance in cases f infrmatin and IT security breaches Strategic guidance in cases f white-cllar crime in cnnectin with cybercrime Case assessments, damage cntainment measures Executin f peratins t identify perpetratrs RRDT services can be prvided n a subscriptin r ad-hc basis Strategic guidance and tactical supprt t acquire and prvide evidence fr later use in curt prceedings r ther strategic use Evaluatin f incidents including damage assessment, damage prpagatin and damage cntainment Strategic guidance in relatin t any crime r ther illegal activity affecting the cmpany Analysis f IT r infrmatin security breaches in high cnfidentiality envirnments Cpyright 2013 infrmatin security cnsulting All rights reserved

5 Service Directry Training Standardized Training Classes: Fraud in the IT Department Preventin and Detectin, ffered as 1-day r 2-day training Crime in the IT Department Definitin, Preventin, Detectin, ffered as 1-day r 2-day training Hw t achieve ISO Certificatin Overview and critical pints, 1-day training Hw t Achieve PCI Certificatin Overview and critical pints, 1-day training Hw t Cpe with Audits Dealing with special audit situatins, 1-day training Hw t Set Up a Security Awareness Prgram 1-day training These classes are available in extended versins. By custmer request, cntent can be agreed upn, resulting in bespke training. Custmized Training is available n all items cvered as cnsulting services t assure that a custmer btains a targeted knw-hw transfer. The purpse f such training is t enable the custmer t execute a full prject autnmusly and achieve the mst beneficial rati f internal vs. external effrt in the prject. Past examples include (nn-exhaustive list): Drafting Business Cntinuity Plans Methds and Tls Cnducting Internal Infrmatin Security Audits Determining Infrmatin Security Risk Levels Risk Analysis Accrding t ISO Setting Up an Accreditatin Bdy Accrding t ISO Breach Reslutin Using ISO IT-Frensic Investigatr Educatin & Training (2-year academic training prgram) Cpyright 2013 infrmatin security cnsulting All rights reserved