infosecforce llc security services
Post on 16-Jul-2015
74 Views
Preview:
TRANSCRIPT
Title:
INFOSECFORCE llc Cyber SECURITY SERVICES
804-855-4988
bill.ross@infosecforce.com
“ Balancing security controls to business requirements “
15 Sept 2008
INFOSECFORCE
Bill Ross and INFOSECFORCE llc Security Service Offering
Here is a list of security services that INFOSECFORCE llc can plan, build,
implement and manage for any corporation or any organization no matter its size and business type.
Predict Prevent Detect Respond
Research and white papers
Cyber Intelligence design and implementation
Rebuilding security programs. For example, changing from a SOC based operation to a Cyber Intelligence Operations Center
Cyber Intelligence Framework development
Predictive Intelligence analyses patterns
Big Data security management program
Virtual and Cloud Security Programs
Cyber Security as a Service (CSaaS)
Security Policy Management design and implementation
Security Architecture baseline, design, and road maps
Secure Software Development
Corporate Security Management design and implementation
Personnel Security Management design and implementation
Information Access Management design and implementation
Cryptography Policy Management design and implementation Physical Security
Organizational Asset Management design and implementation
Management design and implementation Supplier Relationship
Management design and implementation
Security policy, process, procedures, and standards design and implementation
Design and engineering documentation design and implementation
Secure Development process and
Operational Security Management design and implementation
Network Security Management design and implementation
System Security Management design and implementation
Rigorous and exact Vulnerability testing
Rigorous and exact Pen testing
Rigorous and exact Software testing
Organizational Asset Management design and implementation
Security Continuous Management design and implementation
Security Compliance Management design and implementation
Patch management and security hardening engineering
Building vulnerability assessment programs
Information Assurance design and implementation Security daily newsletters and services with corporate branding logo
Security Incident Management design and implementation
Security program alignment with ITIL
All facets of security training
Logging architecture design
Cyber Incident Response
Cyber Incident Root Cause Analyses
Cyber Incident Forensics
Connectivity to government and industry Cyber Threat Warning advisories
procedures design and implementation
Security baselines design and implementation
PCI, NIST, SOX, FISM, ISO 27001, SANS TO 20 compliance baselines and plan, build, deploy and operate services
Risk Management Framework design and implementation
Cyber and physical access control
Comprehensive Control Framework (NIST, SANS, ISO 27001)
Information Risk Architecture Framework
System Security Planning
Information Assurance Program
MASTER SERVICE LIT 1. Cyber Intelligence Framework development 2. Predictive Intelligence analyses patterns 3. Big Data security management program 4. Virtual and Cloud Security Programs 5. Cyber Security as a Service (CSaaS) 6. Cyber Incident Response 7. Cyber Incident Root Cause Analyses 8. Cyber Incident Forensics 9. Secure software development 10. Rigorous and exact Vulnerability testing 11. Rigorous and exact Pen testing 12. Rigorous and exact Software testing 13. Connectivity to government and industry Cyber Threat Warning advisories 14. Cyber and physical access control 15. System Security Plans 16. Information Assurance Program 17. Risk Management Framework 18. Comprehensive Control Framework (NIST, SANS, ISO 27001)
19. Information Risk Architecture Framework 20. ISMS 27001 plan, do, check and act cycle design and implementation 21. Security Architecture baseline, design, and road maps 22. Security Policy Management design and implementation 23. Corporate Security Management design and implementation 24. Personnel Security Management design and implementation 25. Organizational Asset Management design and implementation 26. Information Access Management design and implementation 27. Cryptography Policy Management design and implementation 28. Physical Security Management design and implementation 29. Operational Security Management design and implementation 30. Network Security Management design and implementation 31. System Security Management design and implementation 32. Supplier Relationship Management design and implementation 33. Security Incident Management design and implementation 34. Security Continuity Management design and implementation 35. Security Compliance Management design and implementation 36. Security policy, process, procedures, and standards design and implementation 37. Security program alignment with ITIL 38. Design and engineering documentation design and implementation 39. Secure Development process and procedures design and implementation 40. Security baselines design and implementation 41. PCI, NIST, SOX, FISM, ISO 27001, SANS TO 20 compliance baselines and plan, build,
deploy and operate services 42. Risk Management Framework design and implementation 43. Information Assurance design and implementation 44. Research and white papers 45. Security daily newsletters and services with corporate branding logo 46. Cyber Intelligence design and implementation 47. Rebuilding security programs. For example, changing from a SOC based operation to a
Cyber Intelligence Operations Center 48. All facets of security training 49. Logging architecture design 50. Patch management and security hardening engineering 51. Building vulnerability assessment programs 52. ISMS 27001 plan, do, check and act cycle design and implementation
INFOSECFORCE basis its development and implementation work on the plan, do,
check, act cycle.
The 2002 version of BS 7799-2 introduced the Plan-Do-Check-Act (PDCA) cycle (Deming cycle), aligning it with quality standards such as ISO 9000. 27001:2005 applies this to all the processes in ISMS.
Plan (establishing the ISMS)
Establish the policy, the ISMS objectives, processes and procedures related to risk management and the improvement of information security to provide results in line with the global policies and objectives of the organization.
Do (implementing and workings of the ISMS)
Implement and exploit the ISMS policy, controls, processes and procedures. Check (monitoring and review of the ISMS)
Assess and, if applicable, measure the performances of the processes against the policy, objectives and practical experience and report results to management for review.
Act (update and improvement of the ISMS)
Undertake corrective and preventive actions, on the basis of the results of the ISMS internal audit and management review, or other relevant information to continually improve the said system.
top related