Organizations are inevitably increasing dependent on information
and the related systems to make quality decisions, and that
an efficient and effective information infrastructure is critical
to business survival and success in the knowledge-based economy.
Nowadays,
security and control risks are continually changing and can
easily outpace the learning curve of even the best CIO, CISO
and CAE. Failures in information systems not just adversely
affect the reputation and existence of the business entity,
the management may also violate relevant regulatory requirements
and even incur legal liabilities.
We provide consultancy services in the following information
security areas:
IT Security Policy and
Development and Implementation
Security policies not only demonstrate enterprise management's
commitment toward information security, but also lay down the
framework for subsequent security enforcement. Our specialists
can analyze your security requirements, and establish effective
policies, standards and management architecture principles to
guide your organizational security decisions.
Besides,
we help implement your policies and standards by defining formal
security processes and designing specific secure solutions /
configurations on firewall, intrusion detection/ prevention
system, operating system, and application system levels.
ISO 27001 Certification
Consultancy
ISO 27001 is the International Standard for Information Security
Management. It specifies the requirements of an Information
Security Management System (ISMS) and provides a comprehensive
set of 133 security controls. Implementing world-class ISMS
in the organization and get it certified are definitely a competitive
advantage.
Based
on our experiences we provide the ISO 27001 Certification Consultancy
service to ensure a smooth development, implementation, and
certification of ISO 27001 in your organization. This service
covers all stages of an ISO 27001 project starting from project
planning, ISMS scoping, risk assessment, policies & procedures
development, control selection & implementation, pre-certification
auditing until successful accreditation
IT Security Procedures
Developing detailed security controls and procedures for IT
environments to comply with the ISO/IEC 1 7799:2000 - Code of
Practice for Information Security Management. ISO/IEC 1 7799
and Gap Analysis and Healthcheck reviews of Security operating procedures.
IT Vulnerability Assessment and Penetration
Testing
The Vulnerability Assessment is the combination of a network
security penetration test and examination of potential internal
vulnerabilities of your key network servers, such as your email
server, web server and application servers. The test will determine
if your existing firewall and/or IDS can be penetrated using
the latest intrusion tools and, if so, provide you with a detailed
picture of what vulnerabilities could be identified on your
system servers. We will provide a professional report documenting
all vulnerabilities found and suggested corrective action. The
report will also provide a management overview, potential risks
and suggested actions.
The
RCG Penetration Test is a live test mimicking the actions of
real life attackers. We have certified ethical hackers with
remarkable experience in Penetration Testing. Conducting a Penetration
Test is a valuable experience in evaluating your security and
preparing your defenses against the real thing. As detailed
in the summary below, this fully managed; service far exceeds
standard Security 'Checks' provided by other companies.
The
boundaries of a Penetration Test must be defined. More comprehensive
steps we can take include Internal Security Audits, and Security
Policy Reviews. Working with us, you can test the detection
and response capability of your organization in a consequence
free exercise.
IT Security Awareness and Training
People are the heart of effective security deployment and no
enterprise can implement its security processes and systems
without training its people. RCG offers personal tutorial for
senior executives, Middle management, technical staff and general
staff, onsite seminars and public classes on the subject ranging
from IT governance, information security governance, network
security, operating systems/application software security, to
hands-on firewall, intrusion detection / prevention system,
ethical hacking and digital forensics training.
Security Architecture Design & Implementation
Proper
installation and implementation of your firewalls, intrusion
detection / prevention system, antivirus, antispams,
and other security measures are the keys to protect your organization's
assets from security threats. While there are many products
that can help, they can only be effective when they are part
of a carefully planned process
Our Security Architecture Design & Implementation Service
offers you our experiences to assess your proposed wired and
wireless network, Internet and intranet architectures for potential
security threats and vulnerabilities