International Services Catalog Navigating the Security Landscape from Takeoff to Landing



Similar documents
Security Services. Service Description Version Effective Date: 07/01/2012. Purpose. Overview

Chapter 7 Business Continuity and Risk Management

ISO Management Systems. Guidance on understanding the benefits of an ISO Management System

Research Report. Abstract: Advanced Malware Detection and Protection Trends. September 2013

Research Report. Abstract: The Emerging Intersection Between Big Data and Security Analytics. November 2012

NC3A SOA Techwatch Day Call for Presentations

Research Report. Abstract: Security Management and Operations: Changes on the Horizon. July 2012

The actions discussed below in this Appendix assume that the firm has already taken three foundation steps:

First Global Data Corp.

Licensing the Core Client Access License (CAL) Suite and Enterprise CAL Suite

TrustED Briefing Series:

G-CLOUD FRAMEWORK SERVICE DEFINITION. Oracle Technology Service for Agile Cloud Projects. Copyright: point6 Ltd

Audit Committee Charter

LINCOLNSHIRE POLICE Policy Document

MANITOBA SECURITIES COMMISSION STRATEGIC PLAN

Enterprise Security Management CIS 259

Oracle Cloud Enterprise Hosting and Delivery Policies

Key Steps for Organizations in Responding to Privacy Breaches

Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013

Session 9 : Information Security and Risk

Cloud Services Frequently Asked Questions FAQ

Customer Support & Software Enhancements Policy

Build the cloud OpenStack Installation & Configuration Integration with existing tools and processes Cloud Migration

PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK

2008 BA Insurance Systems Pty Ltd

Eastern Wyoming College Criminal Justice Department

Symantec User Authentication Service Level Agreement

ITIL Release Control & Validation (RCV) Certification Program - 5 Days

Internal Audit Charter and operating standards

ITIL V3 Planning, Protection and Optimization (PPO) Certification Program - 5 Days

Systems Support - Extended

Lumension Connect: Online Customer Community FAQs

VCU Payment Card Policy

REPLY S OFFER FOR BUSINESS SECURITY

NYU Langone Medical Center NYU Hospitals Center NYU School of Medicine

CSU STANISLAUS INFORMATION TECHNOLOGY PLAN SUMMARY

Work- and Process Organisation

Delivering Business Value Through IT Cost Transparency Using IT CMF

Service Level Agreement (SLA) Hosted Products. Netop Business Solutions A/S

CASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT

To Receive CPE Credit

General Records Authority 33. Accredited Training

Succession Planning & Leadership Development: Your Utility s Bridge to the Future

Médecins Sans Frontières Australia Job Description

MSB FINANCIAL CORP. MILLINGTON BANK AUDIT COMMITTEE CHARTER

Agenda. o Purpose of IT Assessment o Scope of IT Assessment o Deloitte Recommendations o IBM Discussions o Research Data Center o Open Season

Job Summary. Job Title: Head of Sport & Recreation. Grade: 9. Job reference: CSE01521

Travel Insurance. Is your insurance company listening to you? Handbook on

Charmaine Brooks CRM (208)

Request for Resume (RFR) CATS II Master Contract. All Master Contract Provisions Apply

Duty Statement Manager The Early Years at Seymour (TEYS)

Password Reset for Remote Users

Course Title: Computer Forensic Specialist: Procedures & Response

Who Should attend? Application Developers,Network Engineers, IT Professionals, Engineering Students, Professors

AUDIT AND RISK COMMITTEE TERMS OF REFERENCE

Request for Proposal (RFP) RFP HQ Training Session and Leadership Program Development Consulting Services

Research Report. Abstract: Data Center Networking Trends. January By Jon Oltsik With Bob Laliberte and Bill Lundell

UNIVERSITY INCIDENT PLANNING COMMITTEE TERMS OF REFERENCE

Avaya Business Continuity Plan Overview

10 th May Dear Peter, Re: Audit Quality in Australia: A Strategic Review

APC Elite Small Medium Data Center Partner Program Guide

Network Security Trends in the Era of Cloud and Mobile Computing

expertise hp services valupack consulting description security review service for Linux

HEALTH INFORMATION EXCHANGE GRANTS CRITERIA

Request for Proposal Technology Services

Help Desk Level Competencies

Multi-Year Accessibility Policy and Plan for NSF Canada and NSF International Strategic Registrations Canada Company,

The Largest Enterprise Mobility Management Provider

In-Booth Survey. Visitor demographics and activity within the exhibit.

Audit Committee Charter. St Andrew s Insurance (Australia) Pty Ltd St Andrew s Life Insurance Pty Ltd St Andrew s Australia Services Pty Ltd

MCSA: Windows 7 Boot Camp for Desktop Support Technicians

Information Security Incident Response Plan

In-House Counsel Day Priorities for Cloud Computing the benefits, potential risks and security for the future

Systems Load Testing Appendix

ITIL Service Offerings & Agreement (SOA) Certification Program - 5 Days

OFFICIAL JOB SPECIFICATION. Network Services Analyst. Network Services Team Manager

Appendix H. Annual Risk Assessment and Audit Plan 2013/14

9 ITS Standards Specification Catalog and Testing Framework

HP ValuPack Consulting Description OpenVMS Engineering Change Order (ECO) Patch List

HP ExpertOne. HP2-T21: Administering HP Server Solutions. Table of Contents

Information Services Hosting Arrangements

MITEL INTEROP CERTIFICATION OVERVIEW FOR MSA DEVELOPER PARTNERS AND SIP SERVICE PROVIDERS

Environment Protection Authority

FCA US INFORMATION & COMMUNICATION TECHNOLOGY MANAGEMENT

How To Write Insurance Quotation Software For Gthaer Vericherungen Insurance Prducts

Business Continuity Management Policy

Installation Guide Marshal Reporting Console

Company Profile Updated: 22 Dec Teacup Services (P) Ltd. Australia: Nepal:

Business Plan Overview

Public Finance Management and Transparency and Oversight BS eligibility for OCTs OCT Seminar 9-10 December 2013

OITS Service Level Agreement

END USER SUPPORT: DESKTOP SUPPORT SUBPROJECT PLAN. Shawn Potter Jenifer Steil. Mike Frangi

State of Wisconsin Division of Enterprise Technology (DET) Distributed Database Hosting Service Offering Definition (SOD)

Support Services. v1.19 /

Process of Setting up a New Merchant Account

Service Level Agreement

How To Run An Independent Cmpany

Ref. RFP 2015/104. Invitation to tender. International Retirement Plan. Project Green Climate Fund. 11 May 2015

Recognition of Prior Learning (RPL) TAE40110 Certificate IV in Training and Assessment

Transcription:

Internatinal Services Catalg Navigating the Security Landscape frm Takeff t Landing Cpyright 2013 infrmatin security cnsulting All rights reserved

Intrductin Infrmatin security cnsulting (i.s.c.) funded in 1998, is active in three majr areas supprting custmers with strategic and tactical security services: cnsulting, investigatin and training. Cnsulting services cver a brad, yet carefully selected, range f services established successfully ver the years, ranging frm general purpse security cnsulting and CxO supprt services t highly specialized advice n audit matters (auditing custmers as well as supprting custmers in a cntractual, regulatry r ther certificatin audit) and entire multi-year prjects devted t getting r retaining ISO 27001 r PCI certificatin. Als cvered are related standards such as the German Baseline Prtectin Manual r lcal natinal standards. The investigatin branch specializes in supprting a custmer during r in the aftermath f any serius criminal r therwise illegal actin (e.g., civil law, business law) f which the custmer was a victim. Scenaris include crprate embezzlement, fraud, mney laundering, data theft and data leakages, DDS blackmailing, trade in custmer data, unfair cmpetitin, nline and ffline defamatin, as well as physical threats. Our IT frensics unit perates as an auxiliary unit in this branch. i.s.c. has fur Rapid Respnse Deplyment Teams (RRDT) n 24hr duty t assure that a custmer can be assisted in the fllwing areas: persnnel prtectin and evacuatin, physical and IT-based eavesdrpping, fraud (accunting fraud), and cybercrime. RRDTs services can be prvided n a subscriptin r ad-hc basis. The training branch specializes in ffering custmized training, frm individual sessins r prgrams t the setting up f entire academic training prgrams in the fields f security awareness, fundatins f infrmatin and IT security, IT frensics and a limited set f standardized classes as described later in this dcument. i.s.c. has always been at the frefrnt f the industry and has successfully executed ver 400 prjects since 1998. We have saved custmers frm legal damages in excess f EUR 25 millin thrugh ur frensic services. Shuld yu have any questins r a general inquiry, please feel free t cntact us anytime; shuld yu face a serius security situatin feel free t cntact ur 24h htline t arrange first-respnse prceedings. i.s.c. infrmatin security. delivered. Cpyright 2013 infrmatin security cnsulting All rights reserved

Service Directry Cnsulting Strategic CIO, CISO, CSO r IT-Security Directr/Manager services Studies, delivery f lines f arguments fr in-huse discussins Develping shrt, medium and lng term strategies r supprting their develpment Prviding cnfidential review and caching r sparring services Gvernance, Risk, and Cmpliance cnsulting with a fcus n IT and the relatinship between IT GRC and crprate GRC tpics Cnfidential CIO, CISO, CSO supprt Security reviews and audits t identify pain pints in the IT, physical and human security sphere using ur prven Cmprehensive Security Check service prduct Drafting and rll-ut f plicies and prcedures; develpment f plicy framewrks ISO 27001 and PCI certificatin supprt prjects (Certificatin Assistance Prgrams) Infrmatin security and IT security risk analysis Business risk analysis cnsidering the relatinship between infrmatin security and business risks Audits and reviews f infrmatin security management systems Systemic security audits f IT architectures IT systems (any kind f Windws r Unix based system, z/os; ther systems n request) Netwrk architecture and firewall reviews VIP telephny systems Penetratin testing f web applicatins and netwrk perimeters Web applicatin security auditing Implementatin f secure sftware develpment prcesses Business cntinuity management and planning Drafting BCM and BCP framewrks Drafting and testing f business cntinuity, business peratins cntinuity and IT-service level cntinuity plans Drafting and deplyment f security awareness trainings (such as the yearly trainings required by PCI) r entire security awareness prgrams. Cpyright 2013 infrmatin security cnsulting All rights reserved

Service Directry Investigatin and Evidence Acquisitin Emergency supprt thrugh Rapid Respnse Deplyment Teams (RRDT): RRDT Alpha Persnnel emergencies including evacuatin frm crisis areas Preventing and dealing with wrkplace vilence CxO and key persnnel travel prtectin services RRDT Beta Detectin and remval f physical and IT-based eavesdrpping devices RRDT Gamma Fraud and embezzlement Frensic accunting RRDT Delta Strategic guidance in cases f infrmatin and IT security breaches Strategic guidance in cases f white-cllar crime in cnnectin with cybercrime Case assessments, damage cntainment measures Executin f peratins t identify perpetratrs RRDT services can be prvided n a subscriptin r ad-hc basis Strategic guidance and tactical supprt t acquire and prvide evidence fr later use in curt prceedings r ther strategic use Evaluatin f incidents including damage assessment, damage prpagatin and damage cntainment Strategic guidance in relatin t any crime r ther illegal activity affecting the cmpany Analysis f IT r infrmatin security breaches in high cnfidentiality envirnments Cpyright 2013 infrmatin security cnsulting All rights reserved

Service Directry Training Standardized Training Classes: Fraud in the IT Department Preventin and Detectin, ffered as 1-day r 2-day training Crime in the IT Department Definitin, Preventin, Detectin, ffered as 1-day r 2-day training Hw t achieve ISO 27001 Certificatin Overview and critical pints, 1-day training Hw t Achieve PCI Certificatin Overview and critical pints, 1-day training Hw t Cpe with Audits Dealing with special audit situatins, 1-day training Hw t Set Up a Security Awareness Prgram 1-day training These classes are available in extended versins. By custmer request, cntent can be agreed upn, resulting in bespke training. Custmized Training is available n all items cvered as cnsulting services t assure that a custmer btains a targeted knw-hw transfer. The purpse f such training is t enable the custmer t execute a full prject autnmusly and achieve the mst beneficial rati f internal vs. external effrt in the prject. Past examples include (nn-exhaustive list): Drafting Business Cntinuity Plans Methds and Tls Cnducting Internal Infrmatin Security Audits Determining Infrmatin Security Risk Levels Risk Analysis Accrding t ISO 27005 Setting Up an Accreditatin Bdy Accrding t ISO 27006 Breach Reslutin Using ISO 27035 IT-Frensic Investigatr Educatin & Training (2-year academic training prgram) Cpyright 2013 infrmatin security cnsulting All rights reserved

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information