COMPANY PROFILE REV 4.0
Company Background and Core Values Secor is a highly innovative company based in Lebanon and Dubai, focusing on the exploding market of the information security in the Middle East and North Africa (MENA). This company is a spin-off of the security division of Computel, a leading Lebanese IT company since 1974. Secor inherited Computel s Network Security and expanded it into Information Security. Since its inception in 2002, Secor was faced with the challenge of expanding beyond the local market by capitalizing on its highly qualified team and his long expertise in the information security field. Few companies in this industry in MENA offer Secor s same full range of comprehensive security services. Secor, being entrusted of the client s highly valuable and classified information, believes that its reputation relies mainly on its commitment to deliver quality of services, and meeting or exceeding the client s expectations while maintaining a solid code of ethics. Secor is also committed towards its community by employing local expertise while preserving international standards requirements. Market Overview The evolution of a new global culture of electronic exchange of the information, and the increasing demand for Internet banking and e-services applications, have posed greater risks on banks, government institutions and companies worldwide. The need for securing organizations information, business processes and technology assets has always been a crucial factor in the implementation of any e-business or e-government solution. The market in the Arab world, in general, is aware of the risks and knows the importance of being secured. In the last few years, companies and governmental institutions have spent heavily on the security infrastructure; however, it turned out to be insufficient to protect them from internal and external threats, such as: Data and Identity Theft, Phishing and Social Engineering attacks, etc Most of the time, the absence of awareness and lack of policies and procedures and internal controls are common vulnerabilities that fraudsters can target. The compliance with IT security and financial standards and regulations, i.e.: BS7799/ ISO 27001, SOX, Basel II, etc, becomes more and more very popular in the region. Hence, the demand for Security Policies and Procedures, Security Awareness, Risk and Vulnerability Assessment, Penetration Testing, Security Audit and Consultancy Services, will definitely be on the rise. 1
Our Vision Secor s vision is to be the recognized leading information security services provider in the Middle East and North Africa, and the driving force in promoting the values of Information, as an important asset, and the vital role it plays in the region s new economy. Our Mission Secor s mission is to capitalize on its long expertise in the information security in MENA region, to bring a peace of mind to people and organizations throughout the Arab world, including banks, governmental institutions, small, medium, and large businesses. This can be achieved by raising the level of security awareness among the different market sectors, and by spreading the culture of Confidentiality, Privacy, and information Integrity and Availability. These are the pillars that Secor uses to build any information security strategy. Secor is committed to providing quality and cost effective information security services and solutions ranging from Security Audit, Developing Policies and Procedures, Risk and Vulnerability Assessment, Penetration Testing, BS7799/ISO 27001 Consultancy, Business Continuity Planning and Training. Team Expertise SECOR has an exceptionally experienced and qualified team. The level of know-how and specialization is extremely high and has been assessed by many international organizations and security consultants. Secor's consultants and security specialists, trained in Europe and the Middle East, have been certified in various subjects and products including the following: CISSP certification from (ISC)2 BS 7799/ ISO 27001 Audit certification from IRCA BS25999 BCM consultancy SCNP certifications from SCP Symantec RSA Security Websense Internet Security Systems (ISS) Microsoft Trend Micro Watchguard Strohl Systems Team Background The strength of Secor's team stems from a combined expertise in information security s technical, operational and management controls. This has produced outstanding results over 2
the past years especially in making people more aware about the threats involved and the importance of being secured. In addition, the leadership and the quick adaptability of our team have resulted in the establishment of broad and flexible goals designed to meet the ever-changing demands of the fast moving marketplace which requires these types of services. This is evident when the team responds to situations requiring new and innovative capabilities. Security Services Security Risk Assessment Risk assessment is a systematic approach for identifying and quantifying the harm related to organizations operations that might occur due to any security breach, taking into account the potential consequences of a loss of confidentiality, integrity and availability. Secor s risk assessment addresses the risks and threats associated to assets, and the countermeasures needed to alleviate them to an acceptable level. IT Security Audit Security Audit is an independent review of internal policies and procedures, network topologies, access controls, hardware, software and utilities that could possibly compromise critical information of an organization, to ensure that appropriate security controls are implemented. Upon defining the audit criteria (ISO 17799, FIPS, customized checklists, etc ), Secor performs a thorough audit of the existing controls, to determine the level of threats that an organization is exposed to, and to provide the proper recommendations. Vulnerability Assessment and Penetration Testing A thorough and regular security assessment for an organization covering corporate systems, network & Internet access is very essential. Penetration testing, being part of the technical audit, locates at a single point of time, the presence of any potential security related vulnerabilities. The examination of each security issue discovered will determine if an actual security risk exists and ensure that the appropriate security improvements will be implemented in order to maintain a good level of security protection. Penetration testing is more like a snapshot in time of the current security of an organization s systems and business processes. Secor s penetration testing utilizes the latest techniques from black to gray-box testing, in addition to a tiger team approach to identify risks and vulnerabilities. A complete detailed report is provided including the countermeasures needed to alleviate the risks and vulnerabilities found. Consultancy Consultancy is a step-by-step set of recommendations of what needs to be done to secure the critical assets of an organization. The information, considered as an important asset, requires suitable protection against various threats. Secor, being specialized in information security, provides organizations with the suitable protection for their information based on their needs. Secor s consultancy will encompass the management, technical and operational controls. 3
Security Policies and Procedures Information security policies are essential and crucial for the operating environment of the organizations. They shape the definition of roles and responsibilities for employees, and sensitize staff to the potential problems associated with modern information systems. They help minimize the cost of security incidents, accelerate the development of new application systems, and assure the consistent implementation of controls across organizations information systems. Procedures are plans, processes or operations that address the details of how to perform a particular action. Security procedures complement and supersede the security policies, they instruct and guide IT staff members on the appropriate execution of tasks in accordance with the security policies using the best practices. Based on security standards, Secor develops customized security policies and procedures for organizations addressing their security needs and requirements. BS7799/ ISO 27001 Consultancy and Audit The BS7799-2/ ISO 27001 standard promotes a systematic and proactive approach to the management of any organization, by building an Information Security Management Systems (ISMS), where risks are anticipated, controlled and monitored. It also promotes the continual improvement of the ISMS and performance through the setting of objectives and the implementation of corrective and preventive actions. In the Middle East, few organizations are BS7799 certified, and very few Information Security companies are capable of delivering such a service. Secor, being a leading company in the Information Security consultancy and services in the Middle East, was among the first to help leading organizations to achieve the BS7799 certification. Business Continuity Management- BS 25999 Business Continuity Management (BCM) is an ongoing process whereby organizations ensure the resiliency, maintenance or recovery of business operations, when confronted with adverse events such as natural disasters, technological failures, human error, or terrorism. In short it is about ensuring that a crisis is managed effectively before it escalates to a disaster and to be able to quickly be back on track to 'business as usual' It involves two distinct areas: Business Continuity Planning (BCP), where a plan is developed, implemented, tested and exercised to ensure that it will perform as anticipated. Disaster Recovery (DR) is the process of getting back to business operations in the shortest delays, based on the BCP. Secor will assist organizations in building and implementing BCM strategies tailored to their business needs in light of BS25999 and Basel II requirements. Security Services & Support Contracts An ongoing review of client security safeguards and procedures will determine compliance with previously set policies and protection against new methods that compromise systems. Information security is a constantly moving target. New methods to break into systems are being discovered every week. Secor recommends an on-going security services and support program. On regular basis, Secor will send to the clients security alerts and updates, monitor their systems for new security holes, and test new hacker methods of penetration and security compromise. Security Training and Awareness Programs The Management, the MIS staff and the end users of a company are the first level of defense against security breaches. They are generally the first to be impacted by security incidents, and their compliance with security policies can make or break a security program. 4
Secor, based on its expertise and knowledge, can provide the following: - Basic and advanced IT security courses for MIS staff. - Management security courses for top executives. - Security awareness campaigns for end users. This complete education program, allows a company to protect itself and to grow securely. 5