INFORMATION SECURITY & GOVERNANCE SYSTEMS AND IT INFRASTRUCTURE INFOSEC & TECHNOLOGY TRAINING. forebrook

Transcription

1 INFORMATION SECURITY & GOVERNANCE SYSTEMS AND IT INFRASTRUCTURE INFOSEC & TECHNOLOGY TRAINING forebrook

2 Forebrook offers a range of information security, governance, IT systems and infrastructure related services. We conduct IT infrastructure assessments, security and risk assessments, vulnerability assessments and penetration tests. We design and implement information security programmes, review and develop information security architectures, security policies, business continuity strategies and disaster recovery plans. We assist organisations in preparing for certification audits such as ISO27001:2013, PCI-DSS, ISO 20000; we conduct compliance reviews for international and regional standards including ADSIC 2.0 and Dubai Information Security Regulation (ISR). We are KHDA-approved training institute and we specialise in information security and governance trainings offering both certification trainings and short-courses. Forebrook is a vendor-independent, systems and security consulting firm based in Dubai. Our biggest strength is our team of experienced consultants, who have worked in large enterprises, banks and government organisations. Our senior consultants have years experience in information technology and hold multiple industry certifications such as CISSP, CISA, CISM, CRISC, CGEIT, COBIT, ITIL, ISO27001/LA, ISO20000, TOGAF9, PMP, MCSE, MCITP, MCT. Security Assessments Security assessments are conducted on a regular basis to protect the organisation from data breaches and disruption of services. The goal of such assessments is to ensure that necessary and adequate security controls are implemented to protect information assets from unauthorised access, use, disclosure, disruption, modification, recording or destruction. We conduct comprehensive assessments based on best-practices and international standards. In addition to using latest tools for vulnerability assessments, we also check, inspect, observe and analyse information systems in a holistic manner covering technology, people, policies, processes, procedures. As an integral part of assessments, we conduct interviews with individuals and groups in the organisation to understand the infrastructure, security objectives and strategies, and assess security controls for effectiveness and adequacy. Penetration tests will be conducted for public-facing IPs. Security/Risk Assessments culminate in extensive reports and recommendations for remediation along with roadmap and prioritised lists for implementing controls. A typical assessment covers more than 25 areas including Security Policies Data Classification Risk Management Topology, Data Flow Access Control VPN/Remote Access Network Access Control Application Configuration Database Configuration Change Control Patching & Anti-Virus Logging / SIEM Intrusion Detection Physical Security BCP/DR Vulnerability Assessment & PT VA/PT is a requirement for compliance with standards such as PCI-DSS, or as a part of risk assessment for ISO 27001; regardless, conducting regular VA/PT is deemed a good practice and is usually included in well-designed security programmes. VAPT is included in our security assessments, but we also offer a separate service for specific objectives such as reports for compliance audits. We use VA scanning tools according to the need of the organisation and analyse reports to extract actionable intelligence. In addition to the summary report, we submit recommendations for remediation and a prioritised list of remediation activities.

3 Compliance We assist organisations in implementing ISMS based on good practices and international standards. Organisations are required to obtain independent certification of their information security management systems against the ISO standard. The ISO27000 suite of standards specifies requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System (ISMS), using a continual improvement approach. We help organisations prepare for certification by doing risk assessment, gap-analysis and by designing an integrated ISMS covering the following domains described in the standard: Information Security Policies Organisation of Information Security Human Resources Security Asset Management Access Control Cryptography Physical and Environmental Security Operations Security Communications Security Systems Acquisition, Development, Maintenance Supplier Relationships Security Incident Management Business Continuity Compliance ISO 27001:2013 ISO ISO PCI-DSS 3.0 Dubai-ISR Applicability Review ADSIC 2.0 Review COBIT 5 Review and Implementation ISO Infrastructure Assessments IT infrastructure assessment is required from time to time as an input to decision making - for strategic investments in technologies or for process improvement and optimisation. Organisations engage external parties to do healthchecks and assessments for an independent opinion. Typical assessments are generally conducted in the following major phases: 1. Survey and Data Gathering 2. Documentation and Assessment of the Infrastructure 3. Gap Analysis vis- -vis good practices 4. Recommendations for improvement, configuration changes etc. 5. Presentation of findings, reports; and workshops. Based on the maturity level, and business requirements (gathered during interviews), we make recommendations or highlight areas which require attention whether configuration changes, upgrades or a complete overhaul of the systems in question. These recommendations will be guided by good practices, taking into consideration latest technologies and security enhancements, for the overall improvement of IT services. Services and Applications Data Centres and Locations System Infrastructure Network and Wireless Infrastructure Virtualisation Infrastructure Storage and Backup Infrastructure Printers and Peripherals Voice Infrastructure Communication Lines Access Control and CCTV Audio/Video Infrastructure Security Infrastructure Recommendations will be made in alignment with enterprise architecture, if a formal definition exists in the organisation; if not, these recommendations will be conducive for such a design in the future. In addition to various documents, we also produce engaging infographics as a part of deliverables.

4 Governance of Enterprise IT Whether you are planning to build an ITG framework or seek to revise an existing governance model, we can help you review, revise and update ITG processes, policies and procedures. We prepare documentation in accordance with standards and prepare your organisation for audits by performing health-checks and gap analysis against frameworks such as COBIT 5. Source: COBIT 5, figure ISACA All rights reserved. Source: COBIT 5, figure ISACA All rights reserved. Maturity Assessment COBIT Health-Check Build/Review ITG Framework Document ITG Processes IT Architecture Review Business-IT Alignment Review Resource Review Benefits Realisation Gap Analysis Disaster Recovery All organisations are vulnerable to disruptions of many kinds: from human error to utilities failure to natural disasters to terrorist attacks. Even though it is impossible to eliminate risks completely, they can be minimized to a level acceptable to the organisation. One of the strategies of managing such risks is to have a contingency plan, in case of a disruption. It is essential for organisations to have a comprehensive contingency plan, which can be invoked during such a disruptive event. Such a contingency plan should be updated regularly and tested frequently for readiness and efficacy. Disaster recovery planning is composed of the processes, policies and procedures related to preparing for recovery or continuation of technology infrastructure critical to an organisation after a natural or human-induced disaster. We conduct reviews to examine the capability and accuracy of DR plans and recovery strategies. If you are in the process of building one, we can help you draft a sound strategy and compile comprehensive plans that cover infrastructure, applications, data, people, processes, procedures and policies. We conduct tests to validate plans and prepare the staff to efficiently respond in case of a disaster. Virtualisation technologies have simplified the technology aspect of disaster recovery and also drastically reduced the costs for robust DR implementations. We explore and recommend latest technologies for costefficient and agile disaster recovery strategies. Business Impact Analysis Drafting a DR/BCP Strategy Draft Disaster Recovery Plan Review / Update DR Plans DR Training and Workshops Failover and Fail-back Testing Implement DR Technology Health-check of DRP/BCP

5 IT Optimisation It is an understatement,, virtualisation and cloud computing have revolutionised IT. But many organisations are not ready to take the big leap due to sprawling and outdated infrastructures. In most cases, a severe lack of documentation contributes to the fear of the unknown. IT departments understand that virtualisation is not only about optimisation of hardware but also about the agility of the organisation in provisioning of services and better security. We help organisations to examine, explore, review and upgrade their infrastructures and conduct feasibility studies to move towards fully virtualised infrastructures. Feasibility Studies IT Optimisation Assessment Virtualisation Implementations Virtualisation Design and Architecture Documentation We believe that we are among the very few, if not the only service provider in the region offering documentation as a separate service. The importance of documentation and the associated risk in absence of documentation for critical systems is commonly acknowledged. More often than not, infrastructure documentation is incomplete or outdated for a variety of reasons. We can help your IT team in documentation of applications, infrastructures, processes and procedures. We prepare manuals, detailed diagrams, user-guides and SOPs. Systems Documentation Network Documentation Process Documentation Procedures / SOPs Systems/Process Diagrams Manuals / User-Guides

6 Microsoft Technologies Design and implementation of Windows Domains Installation, Configuration of Windows Servers (2000, 2003, 2008, 2012) Microsoft Exchange Microsoft System Centre Hyper-V based Virtualisation Microsoft Project Server Redesign and optimise existing environment Review for Windows environment security and best-practice Migration or upgrades of Client OS (WinXP to Win7 or Win8) Documentation of Windows/Microsoft infrastructure Cloud / SaaS Solutions Gmail / Google Apps Office 365 Salesforce SugarCRM ZohoCRM Zoho Accounting Xero Accounting Folklore HRMS NetSuite: CRM / ERP Resource Management Timesheet Management Project Management Expense Management Project Accounting Dashboards and Reporting

7 Training Forebrook Training Institute is KHDA-approved institute and we specialise in information security and information governance related trainings. We also provide various infrastructure and systems related trainings such as Microsoft technology trainings and CompTIA trainings. We conduct both certification trainings and customised trainings delivered in a classroom setting or as seminars and workshops. Security and Governance Trainings CISSP (Certified Information Systems Security Professional) CISA (Certified Information Systems Auditor) CISM (Certified Information Security Manager) CRISC (Certified in Risk and Information Systems Control) CGEIT (Certified in Governance of Enterprise IT) COBIT5 (COBIT Foundation/Practitioner/Implementer) PMP (Project Management Professional) TOGAF9 User Awareness Trainings for End- Users IT Staff Systems/Security Staff Auditors/Internal Control Management IT-Related Risk Management IT-Project Management Technology Trainings MCSE: Server Infrastructure MCSE: Desktop Infrastructure MCSE: Private Cloud MCSE: Messaging MCSE: Communication MCSE: Sharepoint CompTIA A+ CompTIA Server+ CompTIA Network+ CompTIA Security+ CompTIA Cloud+ CompTIA Storage+

8 Certification Trainings and Short Courses Security/Governance Course Name of the Course Duration Microsoft Technologies MOC Name of the Course Duration CISSP Certified Information Systems Security Professional 20410D Installing and Configuring Windows Server 2012 CISM Certified Information Security Manager 4 days 20411D Administering Windows Server 2012 CISA Certified Information Security Auditor 3 days 20412D Configuring Advanced Windows Server 2012 Services CRISC Certified in Risk and Information Systems Control 4 days 20413C Designing and Implementing a Server Infrastructure CGEIT Certified in Governance of Enterprise IT 4 days 20414C Implementing an Advanced Server Infrastructure PMP Project Management Professional (with 35 PDUs from R.E.P) 20415B Implementing a Desktop Infrastructure PK0-003 Project+ (CompTIA certification exam course) 20416B Implementing Desktop Application Environment FBS-01 Security Awareness for End-Users 20341B Core Solutions of Microsoft Exchange Server 2013 FBS-02 Information Security Risk for Managers 20342B Advanced Solutions of Microsoft Exchange Server 2013 FBS-03 Information Security Risk for Auditors 2 days 20331B Core Solutions of Microsoft SharePoint Server 2013 FBS-04 Workshop on Information Security for IT Staff 20332B Advanced Solutions of Microsoft SharePoint Server 2013 FBS-05 Workshop on Information Security for Security Professionals 10750A Monitoring and Operating a Private Cloud with System Center 2012 FBS-06 Enterprise Architecture for Beginners 10751A Configuring and Deploying a Private Cloud with System Center 2012 FBS-07 Incident Handling 6425C Configuring and Troubleshooting Windows Server 2008 AD FBS-08 Introduction to COBIT B Configuring and Troubleshooting a Windows Server 2008 Network FBS-09 Introduction to IT Governance 6433A Planning and Implementing Windows Server 2008 FBS-10 Vulnerability Assessment and Penetration Testing for Managers 20687D Configuring Windows 8.1 FBS-11 Introduction to ITIL and Service Management 20688D Supporting Windows 8.1 CompTIA Course Name of the Course Duration Short Courses Course Name of the Course Duration A+ (Fundamentals, Hardware) FBT-01 Introduction to Computers, Windows, MS-Office, Internet 2 days A+ (Operating Systems) FBT-02 Introduction to Computer Networks and Information Security 2 days N Network+ FBT-03 Microsoft Windows Server 2012 Workshop for Windows Admins 2 days SK0-003 Server+ FBT-04 Microsoft Sharepoint Server 2013 Administration Essentials SGO-001 Storage+ (Powered by SNIA) FBS-05 Workshop on Information Security for Security Professionals 1-2 days CLO-001 Cloud Essentials SY0-401 PK0-003 CVO-001 Security+ Project+ Cloud+ CAS-002 CompTIA Advanced Security Practitioner (CASP) Duration TO BE ANNOUNCED: CISSP-ISSMP, CISSP-ISSAP, TOGAF, CCFP CISA, CISM, CGEIT Review Seminars for the June 2015 exams will be held in May. Write to info@forebrook.com to book your seat today! FOREBROOK TRAINING & CONSULTING Office M-02, Mezzanine Floor Sunshine Building Garhoud, Dubai United Arab Emirates forebrook.com foretrain.com Tel: Fax: PO Box info@forebrook.com