security

Information Security Consulting Services

Our vast experience in Information Security domains will add value and help in achieving the desired maturity levels where effective Security controls are implemented and Risk levels are reduced. The essence of our consulting services is focused on GRC (Governance, Risk and Compliance) concept, our services are accordingly mapped to GRC model, as following;

Governance Services

  • Gap Assessment and maturity assessments
  • Identification and establishment of policies, procedures, processes, guidelines, framework, Security Standards
  • Development of Information Security Strategy and Roadmap
  • Information Security Periodic Reporting and Dashboard
  • Development of Information Security KPIs, KRIs, and Scorecard.
  • Maturity Assessment and effectiveness measurement
  • Information Security Roles and Responsibilities and Job Description
  • Exception Management Framework, Governing model and framework

Risk Management Services

  • Risk Framework development, Recommendations, and Roadmap development.
  • Asset, scenario, application, product, service-based Risk Assessment.
  • Risk Treatment options, support, recommendations and consultation
  • Risk Management Process Automation
  • Customized Risk Assessment based on:
    • ISO27001, ISO 31000, NIST, OCTAVE, PCI, CoBIT, etc.
    • Business Impact Analysis (BIA)
    • Project / Vendor
    • Major Change

Compliance Services

Regulatory Compliance such as NESA SIA- NCRMF, Dubai ISR v2, SAMA CSF, PCI-DSS, NIST, NCA, Tadawul, MADA, SWIFT, SARIE ISO27001, GDPR, etc.

  • Gap and maturity Assessments, Roadmap and Recommendations
  • Program Management, roadmap, continuous Regulatory assessment and Support
  • Certification preparation for International standards, implementation, and audit of the integrated management system
  • Continuous Regulatory assessment and Support
  • Compliance Process Automation