Information Security

Information and the systems that handle it are critical to the operation of virtually all organizations. Access to reliable information has become an indispensable component of conducting business; indeed, in a growing number of organizations, information is the business. Information security ensures the confidentiality, integrity and availability of the information.

Information Security Risk Management

Using best practices and standards, we analyze business and technical risks; we evaluate the effectiveness of the existing controls and introduce processes and technologies that can help mitigate the risks. (see also FAIR Methodology)

Information Security Governance

We assess, analyze and develop information security organizations, strategies, policies and procedures, and align them with enterprise business goals, international standards such as ISO 27001, and regulatory requirements such as SOX, BASEL II and PCI.

Information Security, Monitoring, and Incident Management (SIEM/SOC)

Using our unique methodology, IT Risk Orientated Analysis and Design (IT-ROAD), we analyze business and IT risks, and identify monitoring rules to be used with Security Information and Event Management (SIEM) solutions. These solutions enable the collection of information from applications, infrastructure as well as security devices. We define processes, roles and responsibilities for Security Operation Centers (SOC), as well as incident response procedures.

Identity Management (IdM)

We analyze, design and select identity management processes, architecture and platforms for managing user identities and controlling access to organizational information assets. Our business oriented and risk- based approach ensures quick wins and successful IdM projects.

Role Management

We assist organizations with efficiently managing access to their organizational information assets using Role-Based Access Control (RBAC). We analyze and define roles (role mining) using both bottom-up and top-down approaches. We design role management and role authorization processes.