Cyber Security

Organizations require help to be cyber-threat intelligent to understand the extent of their threat environment, prioritize cyber threats, and explore available options for achieving protection. Effective Cyber Security controls helps to minimize the risk of sensitive business information from being lost, leaked, damaged, stolen and to ensure the continued availability of activities, information, systems, etc. A Cyber Security Governance review/ assessment provides assurance that adequate security controls are implemented in the organization.

We can conduct a Cyber Security review against a Cyber Security framework such as ISO27000, NIST, SANS Top 20 controls,etc. and also SAMA Cyber Security Framework and KSA National Cybersecurity Authority – Essential Cyber Security Controls.

Security within a web-application system (including ERPs) is key to a company’s internal control environment and to ensure availability and reliability of its data. A web-based system needs to be checked completely from end-to-end before it goes live for end users.

We conduct a controlled testing of in-scope web applications from an unauthenticated user’s perspective will be conducted with the primary objective of identifying potential vulnerabilities present in the applications and associated infrastructure.

Mobile client software acts as the front-end for the user. Testing on the client device usually requires a device that is rooted or jail broken emulator. The Mobile application server is typically a web server that hosts the mobile application and communicates with the client software.

A controlled testing of mobile applications from an unauthenticated user’s perspective will be conducted by our Cyber Security experts. This application server needs to be protected in the same way that a typical application server should be protected.

Identifying risks that arise from existing and future solution architecture design, and ensuring designs mitigate identified risks and adequate controls are applied across the solution is fundamental.

We can examine the existing network topology and deployment of the security controls within the organization like firewalls, IDS/IPS, network segmentation and make recommendations to increase the effectiveness of the security controls. Our team of cyber security experts can help in developing, designing and implementing secure architectures across IT systems, networks and applications.

Cybersecurity risk is the probability of exposure or loss resulting from a cyber-attack or data breach on your organization. The threat can be internal or external.

To ensure cyber security risks are properly managed to protect the confidentiality, integrity and availability of the organization’s information assets, it is vital to ensure the cyber security risk management process is aligned with the organization’s enterprise risk management process. We can help in developing a cyber security risk management process and also conduct a detailed Cyber Security Risk Register!

We have also helped our clients to develop a cyber security risk appetite against ISO27000 and regulatory requirements.

There is a need to apply an appropriate framework for ensuring third parties are effectively managing their Service Level and Information Security risks. The IT Third Party / Vendor Management Assessment will provide assurance that services provided by the vendors are meeting the agreement and security controls are adequately implemented by these vendors.

Our security experts can conduct a cyber security risk assessment along with due diligence or cyber security audit for the third parties.

Assessment of key controls (in line with Service Organization Control reports 1,2 or 3 requirements) can also be conducted for organization or service providers.

There is a need to ensure that IT provides only authorized and sufficient access privileges to approved users. Companies should restrict access to its information assets in line with their business requirements based on the need-to-have or need-to-know principles. Organizations therefore implement an Identity and Access Management solutions.

We can assess the security controls in organization’s IAM solution and advise on gaps and improvement. This can include Single Sign on, 2/Multi Factor authentication and High Privileged Access Management review.

To create a cyber security risk-aware culture where staff, third parties and customers make effective risk-based decisions which protect the company’s information, a robust

We can develop a robust cyber security awareness program and test its effectiveness through a phishing exercise. We have a range of awareness solution which can meet organization’s risk and cost requirements. Our security experts can provide a bespoke session tailored to organization’s risk and adaptability needs.

IT policies and procedures help the company in establishing the guidelines on how Information Technology are to be handled by its employees.

We can develop or update your IT policies and procedures. Our policies and procedures are aligned with ITIL, ISO 20000, COBIT and/or regulatory requirements (such as SAMA, Tadawul, etc.) This helps the organization to review these polices easily for approval and assist in implementation.