ICT CONSULTANCY:
  
USEFUL LINKS:
Javascript DHTML Drop Down Menu Powered by dhtml-menu-builder.com

 

Subscribe to our Mailing List:
   
Name:


Email:
   
 

 

  

Information Security:
Information in an organization is a vital entity for the success of any business. Most of the information like details about their employees, customers, products, finance etc are collected, processed and stored in digital format. These information needs to be protected from falling in to the hands of the competitor, disgruntled employees, hackers, interested parties etc, as this may push the organization to face business loss, lawsuits and even bankruptcy. Evolution of internet and business need for remote connectivity to their business partners and customers have made it inevitable to protect this information for Confidentiality, Integrity and Availability (CIA). Protecting confidential information is a business requirement, and in many cases, it is also a legal requirement.
Information security is an ongoing process of exercising due care and due diligence to protect information and information systems from unauthorized access, use, disclosure, destruction, modification, or disruption. Information security involves assessment, protection, monitoring & detection, regular awareness training, incident response & repair, documentation, and review.
K-90 will help you align your Information Security requirements with business strategy and goal.

Risk Assessment
The very basic purpose of Risk Assessment is to get an overview of the security posture of an organization. Our risk assessment service determines the extent of the potential threat and the risk associated with the Information assets. The output of this process helps to identify the appropriate controls for reducing or eliminating the risk during the risk mitigation process.
We use the internationally recommended and accepted risk assessment methodology that encompasses the following nine primary steps,

  1. System Characterization
  2. Threat Identification
  3. Vulnerability Identification
  4. Control Analysis
  5. Likelihood Determination
  6. Impact Analysis
  7. Risk Determination
  8. Control Recommendations
  9. Results Documentation

SO 27001 Consulting

ISO 27001 (previously BS 7799) is a structured set of guidelines and specifications for assisting organizations in developing their own information security framework. The standard relates to all information assets in an organization regardless of the media on which it is stored, or where it is located. The standard assists organizations in developing their own information security framework.
ISO 27001 suggests development and implementation of a structured Information Security Management System (ISMS), which governs the security implementation and monitoring in an enterprise. The standard is designed to serve as a single 'reference point for identifying the range of controls needed for most situations where information systems are used'.

Benefits of Implementing ISO 27001

Some of the benefits of implementing the ISO 27001 standard are as follows:

  • Brings your organization to compliance with legal, regulatory, and statutory requirements.
  • Market differentiation due to positive influence on company prestige.
  • Increases vendor status of your organization.
  • Increase in overall organizational efficiency and operational performance.
  • Minimizes internal and external risks to business continuity.
  • ISO 27001 certification is recognized on a worldwide basis.
  • Significantly limits security and privacy breaches.
  • Provides a process for Information Security and Corporate Governance.
  • Reduces operational risk while threats are assessed and vulnerabilities are mitigated.
  • Provides your organization with continuous protection that allows for a flexible, effective, and defensible approach to security and privacy.

K-90  Approach:

Our ISO 27001 consulting services is one of the best and proven. Our consultants are experienced and certified. We have divided our approach in to stages for methodical implementation and easy management.

  • Detailed study of business functions
  • Data Gathering
  • Risk assessment
  • Risk Treatment Strategy
  • Design or Modify
  • Information Security Plan

BCP / DRP
BCP/DRP solutions aim to make organizational capability to build resilience in business processes and IT infrastructure. Business Continuity Plan can be considered the all-encompassing corporate plan that describes the processes and procedures an organization puts in place to ensure that all the aspects of business can resume and be recovered should a disruption occur. A business continuity plan covers more than just computer systems and data at a few physical sites. Critical areas such as employee safety, relocation plans, communication systems and others are also covered in a BCP solutions.
Your disaster recovery plan should be customized to meet the requirements of your business and the values you place on your data. Performing a business impact analysis and risk assessment can help to identify the real needs of the business and direct the creation of the disaster recovery plan
K-90  BCP/DRP solutions services provides,

  • Business impact analysis
  • Risk Assessment
  • Recovery options analysis and recovery strategy formulation
  • BCP / DRP document development
  • BCP/ DRP training
  • Assistance in BCP/DRP testing

MONITOR AND REVIEW

Security Audit

K-90  Security Audits services are based on industry-accepted standards and best practices such as ISO 27001, CoBIT, and Regulatory compliance requirements specific to the industry and country. Our Auditing method is designed to secure the all aspects of information security including People, Processes and Technology. We have a team of consultants who are certified as CISSP, CISA, ISO 27001 (BS 7799), and having wide knowledge in Information Technology hardware, software and the related process like ITIL.

  • Information Security Audit
  • IT Audit

Information Security Audit

K-90  information security audit covers an assessment of security of an organization's networked infrastructure comprising of computer systems, networks, operating system software and application software. Auditing of information security includes auditing of the physical security of an organization's to the auditing logical security of databases and highlights key components to be looked into using different methods for auditing. IS audit is a specified process designed to assess the security risks facing an organization's and the controls or countermeasures adopted by the organization's to mitigate those risks.
As a part of the IS audit, our auditors will

  • Interview key personnel
  • Conduct vulnerability assessments & penetration testing
  • Review existing security policies and controls
  • Examine IT assets with the help of latest technology & tools

Information Technology Audit

Information Technology Audit is a review of the controls (security policy) within an organization's' information technology infrastructure. K-90 information technology audit is the process of evaluating an organization's' information systems, policies, procedures, practices, and operations. Evaluation of the controls ensures whether the organization's' information system safeguards the assets, maintains data integrity, and is operating effectively and efficiently to achieve the organization's' goals.
Information Technology Audit covers an assessment of an organization's' information system assets by

  • Interview key personnel
  • Review existing security policies and controls
  • Conduct vulnerability assessments & penetration testing
  • Examine IT assets.

Security Testing

The Internet has brought about many changes in the way the organizations and individuals conduct business, and it would be difficult to operate effectively without the added efficiency and communications of the Internet and Extranet. These technological advancements has drawbacks in the form of intruder attacks, both manual and automated, that could cost organizations excessive amounts of money in damages and lost efficiency. Thus, organizations need to find methods for achieving their mission goals in using the Internet and at the same time keeping their Internet and Extranet sites secure from these attacks.
We help organizations to evaluate their current security posture through our specially designed testing methodologies. These tests are broadly classified as,

  1. Penetration Testing
  2. Vulnerability Assessment

Penetration Testing

Penetration testing is a security testing in which our security testing professionals attempt to circumvent the security features of a system based on their understanding of the system design and implementation. They will do the penetration testing to identify the methods of gaining access to a system by using common tools and techniques used by attackers and hackers. K-90 security team will perform penetration testing after a careful consideration, notification, and planning.
Penetration testing is an invaluable technique to any organization's information security program. And also it is a very labor-intensive activity and requires great expertise to minimize the risk to the targeted systems. We have certified efficient and dedicated professionals to carry out these testing.
We use both external testing and internal testing to find the security flaws in the organization's network. Based on the knowledge of the target being tested our penetration tests are categorized as

  • Black Box Testing - Zero Knowledge Test
  • Grey Box testing - Partial Knowledge test
  • White Box testing - Full Knowledge test

Vulnerability Assessment

Organizations should conduct vulnerability scanning, to validate that the operating systems and major applications are up to date on security patches and software versions. Vulnerability scanning is a somewhat labor-intensive activity that requires a high degree of human involvement in interpreting the results.
VA helps to highlight those vulnerabilities which could be exploited by a remote unauthorized attacker. K-90 vulnerability assessment service is a highly creative, out-of-the-box engagement.

Incident Management

Computer security incident was thought of as a security-related adverse event in which there was a loss of data confidentiality, disruption of data or system integrity, or disruption or denial of availability. New types of computer security incidents have emerged since then, need of an expanded definition of an incident.
An incident can be as a violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security practices.
K-90 Incident response services includes,

  • Responding to incidents systematically
  • Assisting personnel to recover quickly and efficiently from security incidents, minimizing loss or theft of information, and disruption of services
  • Analyzing information gained during incident handling to better prepare for handling future incidents and to provide stronger protection for systems and data
  • Dealing properly with legal issues that may arise during incidents.

Digital Forensics

K-90 digital forensics team is well-trained and experienced in forensics investigation, analysis, and interpretation.

  
©2011 K-Ninety East Africa Limited| All Rights Reserved |
Check Mail Web Solution By Hilasoft Systems