Services
We work hard to offer Customer-Oriented services and solutions
Our experience through diverse sectors: Government, Commerce, Education, Healthcare and others, and many implementations, including on-premises and cloud services, guided us to focus on our customers' needs and avoid One-Size-Fits-All solutions. We utilize problem-solving and industry-based frameworks and solutions to solve your pains
ISO 27001 Implementation
This service is specific for organizations seeking be ISO/IEC 27001 certification, by creating and maintaining ISMS in their premises. Our services start with Risk Assessments, conducting Gap Analysis, creating Statement of Applicability (SoA) to identify missing controls or controls that need to implemented to mitigate identified gaps and risks.
Our service continues after internal and external audits, to ensure all findings are resolved, till the organization gets the certification.
Security Assessments
We help organizations to assess current security weaknesses in their business processes, infrastructure and applications. We use structured frameworks and tools to discover existing vulnerabilities, and assess current defenses and controls to mitigate these risks. This will help organizations to better understand their security posture and effectively plan for their security investments to secure their business and platforms.
This service is provided as a standalone service or part of a bigger engagements, e.g., ISO 27001 or SAMA compliance, and Business Continuity and Disaster Recovery programs.
Product Security Reviews: Web, Mobile and APIs
Experienced developers continuously build and create functional applications and systems to serve business needs of their customers and clients. Usually, applications are not built based on Secure-by-Design or Security in Mind basis. Developers may create software structures that might expose organizations’ data and services to malicious and bad adversaries, including hackers and cyber criminals.
Using our expertise accumulated over years, aided by advanced tools, and in compliance with international best practices, including OWASP and CIS, we can review these applications, either they are Mobile, Web or APIs to identify and report weaknesses in these applications, and assess whether applied mitigations are effective or not. We provide recommendations to fix these weaknesses so organizations can proactively protect their applications and provide their customers with more confidence that your data and services are secure.
To achieve this, we apply architecture reviews, threat modelling, application and code scans, security testing and we can leverage penetration testing as part of the engagement. This will save time and efforts to fix your security problems in your applications and secure data and services from being exploited by hackers.
Cloud Security
Many organizations tend to move their infrastructure and operations to Cloud to maintain service resilience and cutting operation costs as part of their Digital Transformation strategies. With years of experience, especially on AWS, we can share our learnings to your organization to assess your cloud deployments for security best practices (e.g., AWS Well-Architected Framework) and ensure migration projects from physical data centers into cloud are running securely.
We assess Access Management, Cloud Configurations, Encryption and Storage, Network Architecture (segmentation, security groups, VPCs, peering...etc.), containers, serverless architecture applications, certificate services, database (SQL and NoSQL) … DDoS protections, WAF deployments and many others. We can provide you list of recommendations and required solutions to secure your cloud based on assessment results. Moreover, we can help also to achieve required compliance to your cloud based on the required regulations/standards.
Security Architecture
We help to review and analyze current security architecture(s) in our customers to check and advise on any opportunities and recommendations for improvement, and to better plan for future security investments. We document current (baseline) security architecture, understand and define target security architecture and assess current gaps that are summarized in future implementation plans. We utilize international ESA frameworks, e.g. Open Enterprise Security Architecture (OESA) and TOGAF 9.2 to achieve this, aided by industry standards like NIST and ISO 27001
Business Continuity and Disaster Recovery
We work with organizations to initiate, develop, and maintain BC and DR capabilities, based on ISO 22301, to ensure organizations continue to operate their services in case of any incident or attack that can impact availability of their services and data, e.g., natural disasters (earthquakes, hurricanes, ice, floods, storms...etc.), urban disasters (lockdowns, traffics, act of war, power and internet disruptions) and manmade disasters (cybercrimes, ransomware, DDoS...etc.).
We help organizations build robust plans, using administrative and technical controls, that aggregates efforts of different departments. We cover Backups, High Availability, Disaster Recovery, Load Balancing, on different layers, including servers, databases, networks, VPNs, Storage and many other components.
Depending on the scope, our service includes delivery of BC/DR Strategy, BCP/DRP, BC Policy, Procedures, Playbooks, BC/DR Awareness and Drills, Risk Assessments, RFPs required to acquire mitigation services and solutions, implementation on Cloud based solutions and many more.
Privacy Impact Assessments (PIA)
Many applications handle sensitive information related to our customers, including Personally Identifiable Information (PII) which is protected by law. Privacy is an emerging requirement that is being actively needed to do online business, especially when it comes to Privacy compliance, e.g., GDPR. The Privacy Impact Assessment (PIA) is a decision tool aims to identify and mitigate privacy risks:
· What Personally Identifiable Information (PII) the organization is collecting
· Why the PII is being collected
· How the PII will be collected, used, accessed, shared, safeguarded and stored
A PIA should accomplish three goals
· Ensure conformance with applicable legal, regulatory, and policy requirements for privacy
· Determine the risks and effects
· Evaluate protections and alternative processes to mitigate potential privacy risks
This service should be conducted and provided when the organization is:
· Developing or procuring any new technologies or systems that handle or collect PII
· Creating a new program, system, technology, or information collection that may have privacy implications
· Updating a system that results in new privacy risks
· Issuing a new or updated rulemaking that entails the collection of PII