We follow international best practices [USA's NIST framework and ISO standards] and generally accpeted industry principles and process to deliver our consulting solutions to secure your valuable information and information systems.
The security process we use to implement information security solutions are the recommended method an organisation uses to implement and achieve its security objectives. The process is designed to identify, measure, manage and control the risks to system and data availability, integrity, and confidentiality, and ensure accountability for system actions. Our international consultants are available to support your organisation throughout the process. The process includes five areas that serve as the framework for our "Total Solution"
1- Information Security Risk Assessment —A process we use to identify threats, vulnerabilities, attacks, probabilities of occurrence, and outcomes.
2 - Information Security Strategy —A plan to mitigate risk that integrates technology, policies, procedures and training. The plan should be reviewed and approved by the board of directors.
3 - Security Controls Implementation —The acquisition and operation of technology, the specific assignment of duties and responsibilities to managers and staff, the deployment of risk-appropriate controls, and assurance that management and staff understand their responsibilities and have the knowledge, skills, and motivation necessary to fulfill their duties.
4 - Security Testing —The use of various methodologies to gain assurance that risks are appropriately assessed and mitigated. These testing methodologies should verify that significant controls are effective and performing as intended.
5 - Monitoring and Updating —The process of continuously gathering and analyzing information regarding new threats and vulnerabilities, actual attacks on the institution or others combined with the effectiveness of the existing security controls. This information is used to update the risk assessment, strategy, and controls. Monitoring and updating makes the process continuous instead of a one-time event.
Security risk variables include threats, vulnerabilities, attack techniques, the expected frequency of attacks, financial institution operations and technology, and the financial institution’s defensive posture. All of these variables change constantly. Therefore, an institution’s management of the risks requires an ongoing process.
CIS helps organistions to continuously monitor and evaluate thier security policies, strategies and tools. Using the above process, we help organisations to
:: Draft and develop various types of security policies
eg... Internet policy, email policy, security policy, computer usage policy, network policy
:: Draft and develop procedures and guidelines to protect your information and information systems.
:: Help the authority tasked with developing standards to formulate information security standards for a specific country or region.