Cyber Security Governance

Organizations require help to be cyber-threat intelligent to understand the extent of their threat environment, prioritize cyber threats, and explore available options for achieving protection. Effective Cyber Security controls helps to minimize the risk of sensitive business information from being lost, leaked, damaged, stolen and to ensure the continued availability of activities, information, systems, etc. A Cyber Security Governance review/ assessment provides assurance that adequate security controls are implemented in the organization.

We can conduct a Cyber Security review against a Cyber Security framework such as ISO27000, NIST, SANS Top 20 controls,etc. and also SAMA Cyber Security Framework and KSA National Cybersecurity Authority – Essential Cyber Security Controls.

Cyber Security Services – Vulnerability Assessment & Penetration Test

Organizations are realizing that traditional approaches to vulnerability management may not be comprehensive or may be too technology-focused and commoditized without taking into account the big picture.

We conduct an end to Red Teaming exercise. Our Vulnerability Assessment & Penetration Testing primarily focuses on corporate networks and Systems. Our testing will identify potential vulnerabilities exposed to a cyber adversary by designing different attack vectors/paths on each of the network segments.

Cyber Security Services – Web Application Security Test

Security within a web-application system (including ERPs) is key to a company’s internal control environment and to ensure availability and reliability of its data. A web-based system needs to be checked completely from end-to-end before it goes live for end users.

We conduct a controlled testing of in-scope web applications from an unauthenticated user’s perspective will be conducted with the primary objective of identifying potential vulnerabilities present in the applications and associated infrastructure.

Cyber Security Services – Mobile Application Security Test

Mobile client software acts as the front-end for the user. Testing on the client device usually requires a device that is rooted or jail broken emulator. The Mobile application server is typically a web server that hosts the mobile application and communicates with the client software.

A controlled testing of mobile applications from an unauthenticated user’s perspective will be conducted by our Cyber Security experts. This application server needs to be protected in the same way that a typical application server should be protected.

Cyber Security Services – Network Security Architecture Review

Identifying risks that arise from existing and future solution architecture design, and ensuring designs mitigate identified risks and adequate controls are applied across the solution is fundamental.

We can examine the existing network topology and deployment of the security controls within the organization like firewalls, IDS/IPS, network segmentation and make recommendations to increase the effectiveness of the security controls. Our team of cyber security experts can help in developing, designing and implementing secure architectures across IT systems, networks and applications.

Cyber Security Risk Assessment/ Management

Cybersecurity risk is the probability of exposure or loss resulting from a cyber-attack or data breach on your organization. The threat can be internal or external.

To ensure cyber security risks are properly managed to protect the confidentiality, integrity and availability of the organization’s information assets, it is vital to ensure the cyber security risk management process is aligned with the organization’s enterprise risk management process. We can help in developing a cyber security risk management process and also conduct a detailed Cyber Security Risk Register!

We have also helped our clients to develop a cyber security risk appetite against ISO27000 and regulatory requirements.

Third Party Assessment – Including Cloud Service Provider

There is a need to apply an appropriate framework for ensuring third parties are effectively managing their Service Level and Information Security risks. The IT Third Party / Vendor Management Assessment will provide assurance that services provided by the vendors are meeting the agreement and security controls are adequately implemented by these vendors.

Our security experts can conduct a cyber security risk assessment along with due diligence or cyber security audit for the third parties.

Assessment of key controls (in line with Service Organization Control reports 1,2 or 3 requirements) can also be conducted for organization or service providers.

Identity & Access Management

There is a need to ensure that IT provides only authorized and sufficient access privileges to approved users. Companies should restrict access to its information assets in line with their business requirements based on the need-to-have or need-to-know principles. Organizations therefore implement an Identity and Access Management solutions.

We can assess the security controls in organization’s IAM solution and advise on gaps and improvement. This can include Single Sign on, 2/Multi Factor authentication and High Privileged Access Management review.

Cyber Security Awareness

To create a cyber security risk-aware culture where staff, third parties and customers make effective risk-based decisions which protect the company’s information, a robust

We can develop a robust cyber security awareness program and test its effectiveness through a phishing exercise. We have a range of awareness solution which can meet organization’s risk and cost requirements. Our security experts can provide a bespoke session tailored to organization’s risk and adaptability needs.

Cyber / Information Security Strategy, Policies & Procedures

Cyber / Information Security (IS) policies are used to provide management direction and support for Information Security in accordance with business requirements and relevant laws and regulations. Without effective policies there is a risk that personal, customer, financial and other sensitive information could be compromised, having a significant impact to the organization.

We have helped a number of clients develop or update their Cyber policies and procedures. Our policies and procedures are aligned (and have a reference) with ISO 27000 and regulatory such as SAMA Cyber Security requirements. This helps the organization to review these polices easily for approval, meet the risk appetite and assist in implementing the security requirements effectively.

Information Technology Governance - Policies & Procedures

IT policies and procedures help the company in establishing the guidelines on how Information Technology are to be handled by its employees.

We can develop or update your IT policies and procedures. Our policies and procedures are aligned with ITIL, ISO 20000, COBIT and/or regulatory requirements (such as SAMA, Tadawul, etc.) This helps the organization to review these polices easily for approval and assist in implementation.

We deliver well thought, innovative and effective solutions

We deliver results by combining a people centric approach with analytics and leading practices to enact solutions based on deep understanding of organizations, its processes and culture.