It Security

Organizations are inevitably increasing dependent on information and the related systems to make quality decisions, and that an efficient and effective information infrastructure is critical to business survival and success in the knowledge-based economy.

Nowadays, security and control risks are continually changing and can easily outpace the learning curve of even the best CIO, CISO and CAE. Failures in information systems not just adversely affect the reputation and existence of the business entity, the management may also violate relevant regulatory requirements and even incur legal liabilities.

We provide consultancy services in the following information security areas:

IT Security Policy and Development and Implementation

 
Security policies not only demonstrate enterprise management's commitment toward information security, but also lay down the framework for subsequent security enforcement. Our specialists can analyze your security requirements, and establish effective policies, standards and management architecture principles to guide your organizational security decisions.

Besides, we help implement your policies and standards by defining formal security processes and designing specific secure solutions / configurations on firewall, intrusion detection/ prevention system, operating system, and application system levels.

ISO 27001 Certification Consultancy

ISO 27001 is the International Standard for Information Security Management. It specifies the requirements of an Information Security Management System (ISMS) and provides a comprehensive set of 133 security controls. Implementing world-class ISMS in the organization and get it certified are definitely a competitive advantage.

Based on our experiences we provide the ISO 27001 Certification Consultancy service to ensure a smooth development, implementation, and certification of ISO 27001 in your organization. This service covers all stages of an ISO 27001 project starting from project planning, ISMS scoping, risk assessment, policies & procedures development, control selection & implementation, pre-certification auditing until successful accreditation

IT Security Procedures

Developing detailed security controls and procedures for IT environments to comply with the ISO/IEC 1 7799:2000 - Code of Practice for Information Security Management. ISO/IEC 1 7799 and Gap Analysis and Healthcheck reviews of Security operating procedures.

IT Vulnerability Assessment and Penetration Testing

The Vulnerability Assessment is the combination of a network security penetration test and examination of potential internal vulnerabilities of your key network servers, such as your email server, web server and application servers. The test will determine if your existing firewall and/or IDS can be penetrated using the latest intrusion tools and, if so, provide you with a detailed picture of what vulnerabilities could be identified on your system servers. We will provide a professional report documenting all vulnerabilities found and suggested corrective action. The report will also provide a management overview, potential risks and suggested actions.

The RCG Penetration Test is a live test mimicking the actions of real life attackers. We have certified ethical hackers with remarkable experience in Penetration Testing. Conducting a Penetration Test is a valuable experience in evaluating your security and preparing your defenses against the real thing. As detailed in the summary below, this fully managed; service far exceeds standard Security 'Checks' provided by other companies.

The boundaries of a Penetration Test must be defined. More comprehensive steps we can take include Internal Security Audits, and Security Policy Reviews. Working with us, you can test the detection and response capability of your organization in a consequence free exercise.

IT Security Awareness and Training

People are the heart of effective security deployment and no enterprise can implement its security processes and systems without training its people. RCG offers personal tutorial for senior executives, Middle management, technical staff and general staff, onsite seminars and public classes on the subject ranging from IT governance, information security governance, network security, operating systems/application software security, to hands-on firewall, intrusion detection / prevention system, ethical hacking and digital forensics training.

Security Architecture Design & Implementation

Proper installation and implementation of your firewalls, intrusion detection / prevention system, antivirus, antispams, and other security measures are the keys to protect your organization's assets from security threats. While there are many products that can help, they can only be effective when they are part of a carefully planned process

Our Security Architecture Design & Implementation Service offers you our experiences to assess your proposed wired and wireless network, Internet and intranet architectures for potential security threats and vulnerabilities