SlideShare una empresa de Scribd logo

20161021 JS Cybersecurity Service Proposal

C
Carl Bradley Pate
1 de 39
Descargar para leer sin conexión
Proposal to provide cybersecurity services Accra & Abidjan
Content Background Your requirements Our Promise About Afrik Santa Cruz Our differentiating factors Our key clients Team experiences Quality assured Clear and continuous communication Our team and affiliates Contact details Annexure I – Our methodology Annexure II – Why you need cybersecurity Annexure III – Service Catalogue
 Afrik Santa Cruz is an indigenous engineering service company with affiliates in Africa, Americas and Asia. It offers wide range of services in the petroleum, housing and IT sectors.  It is managed by highly experienced professionals focused on tailored engineering solutions for optimum customer satisfaction. About us  Highly practical and advanced hybrid delivery model.  Strong delivery capability to take on any complex project as far as it is cybersecurity related.  We prefer holding hands to shaking hands.  Cybersecurity solution is our main focus. Theory of change  We are a true local company but with our global reach, we offer a very high level practical experience, know-how, contacts, and confidentiality.  Reasonably priced fees commensurate with high quality delivery.  Professional delivery as would be expected of a large multinational. Value proposition  Our goal is to change the engineering landscape in the Sub-Region by bringing, well-thought-out, innovative and expert driven solutions to our clients.  ASC aims to be an emerging market leader in engineering services. This is evident in its strategic alliance with top firms like, Alphabet Energy International and WaterFX, Tectonas Softsolutions etc. Mission Background… know us better…
Your requirements  You require a firm with not only demonstrable skills and experience in your sector, but also the ability to deliver seamless information security system and business support services that match your development plans;  You also want a solution provider that operates on a professional and personal level resulting in solutions tailored to your needs. While we operate in an environment that demands honed technical ability and a degree of formality, arising from the professional standards we observe, we regard ourselves as a flexible and responsive team that has client relationships at its heart; and  You need cybersecurity solution relevant for tomorrow's environment  You want experts who know their trade/specialty and are sincere about projects that do not fall within the bounds of their capabilities.
Our Promise Our professionalism is demonstrated in our;  Commitment; our management and staff are absolutely committed to client satisfaction. We are dedicated to the provision of unique, quality and distinguished client services. We do this by channeling our best resources to meet clients’ needs.  Understanding; our approach to services is driven largely by our ability to obtain a clear understanding of our clients’ specific needs. Our philosophy is to provide only services beneficial to our clients.  Support; our unique strength lies in drawing on a pool of specialists worldwide to supplement skills unavailable at specific locations to ensure total client satisfaction.  Efficiency; we provide services by riding on efficiency in a co-operative environment.
About Afrik Santa Cruz Ltd (ASC) ASC is a Ghanaian company that provides expert services by localizing international engineering solutions… To make life easier, it is a well-documented fact that humans are altering the usual ways of communicating at all scales and unprecedented rate. For this reason, everyone is a major stakeholder in the cyberspace. Enterprises rely on IT infrastructure to expand operations and enhance productivity. The increasing reliance on IT systems brings about many challenges from sophisticated IT support system requirement to increasing IT spending. To tackle these problems ASC adopts an innovative and no-nonsense engineering centered approach to solving problems. IT security can be defined as data breach/loss or reduced information system workflow that can adversely affect the achievement of organisation’s objectives. IT security issue can be both internally and externally generated. Unlike time past, security issues these days are fueled by economic reasons. When greed overtakes need, it spells trouble. These can stem from corrupt employees to shady investors seeking ways to exploit information systems for their advantage.
About Afrik Santa Cruz (cont…) Increased dependence on IT will only enhance the risks of doing business. In today’s world, IT security risks are not few. The reason companies so often fail to systematically manage these risks is rooted in the way they define and manage them. ASC has strong alliance with companies in the US and India to meet IT infrastructure problems. Together with its affiliate partners, ASC has a team of more than 130 dedicated and highly trained systems engineers who work on Kernel level modules, Mini Filter drivers, File Systems Drivers, Network drivers to deliver easy to use and highly secure systems. We are staffed with qualified professionals viz. BSc, CA, ACCA, CS, CISCO, CISSP, CISA, CRISC, and MSc etc.
About Afrik Santa Cruz (cont…) Products & Services Our product portfolio encompasses the following broad services; Under the above broad services, we proffer more than 25 specific cyber security related services. These explicit solutions are tailored suit clients’ environments. Our comprehensive service catalogue which spells out service deliverables is available upon request (Refer to appendix II for the abridged version). • Secure Remote Management • Data Leak Protection • Forensic and Security • Patch Management • Vulnerability assessment • IT Infrastructure Management • Desktop Monitoring • Asset Management • Change Management • Green Management • Firewall • IPS • Anti-Virus • Content Filtering • Surveillance System Management
Our Differentiating Factors • Value for Money • Strengths in relation to Business Model and Objectives – Track Record of Ethical Practice • Unique combination of international, senior, hands on industry experience, across all areas of requirement • Building enduring relationships with all our clients as trusted business partner • Strengths in relations to requirements – Track Record in geographical, Professional and Business areas • Adding value to client and protection their business is paramount • Strength in relation to Implementation Plan – Track Record in geographical, Professional areas Our highly analytical team will help: • Protect applications implemented on your IT systems • Protect your data or system’s ability to function • Enable safe collection and usage of data • Safeguard technology assets in use
Some of our Clients
Our Experiences
Quality Assurance Quality control and quality management is of paramount importance Our team is sufficiently resourced through our rigorous ethical values to develop and deliver quality services to our clients. Criminal background checks are conducted on employees by the Criminal Investigation Department of Ghana Police Service. Personnel adhere to standards of Integrity, Independence, Confidentiality and Objectivity. Our professionals are required to attend business specific continuing education courses, internal and external industry trainings. CONTINUOUS IMPROVEMENT Quality culture Analysis & Planning Our operating policies are based upon and are fully compliant with International Standards. In addition, there is a Quality Review Programme which ensures that our review process is in compliance with documented policies and procedures. Quality performance reviews are an integral component of our system of quality control. Delivery Measure Results HRM Processes Order
Clear Continuous Communication We are well aware of your confidentiality requirements hence we are committed to maintaining strict code of confidentiality. Our firm policy requires that affairs of clients be confidentially kept at all times. At ASC, open and honest communication is a Core Value. Our experience leaves us in no doubt that a successful relationship is based on trust and candid, proactive communication. Regular and open two-way communication is fundamental to all aspects of our services. As an initial priority, we will agree with you the Communication Plan for all our key meetings. This will help ensure there are formal and informal opportunities for all key stakeholders to be kept informed on issues of importance.
Our Team Credentials BradleyPate International Director – Afrik Santa Cruz  Accomplished Petroleum Engineer and a businessman.  More than 33 years Project Management and Petroleum Engineering  More than 25 international experience in every continent except Australia and Asia.  Led Projects with budget exceeding US$700 million JohnSelorm Principal – Afrik Santa Cruz  Accomplished Chartered Accountant.  Strong IT background and worked with top accounting firms in the world on client systems.  Worked with clients in a wide variety of industries including trading, retail and consumer goods, NGO, manufacturing and banking and finance. Major clients include banks, investment companies, manufacturing organizations etc
Our Team Credentials CharlesKane Chief Information Officer – Afrik Santa Cruz  Highly experienced IT professional  Over 13 years in IT resource management experience  Managed Information System’s projects on oil fields in Ghana, Cote D’Ivoire, Sierra Leonne etc.  Harvard college trained with diverse IT skills and professional qualification including; CISA, Red hat os/mail, web, satellite operation and installation, Cisco CCNA etc. PerryGreene Principal Consultant – Santa Cruz Energy  Highly accomplished IT security professional with experience across various industries in USA.  More than 11 years information security and compliance experience  Strong in vendor audits on ISO27001 and 27002 control and other compliance frameworks like COSO, COBIT, NIST, ISO etc.  Professional trainings include; six sigma, Cisco CCNA, CISSP, CISA, VMWare, Qualys, Archer, Qradar, CRISC, MCP, Arcserv, SAP PCI HIPAA SOX etc.
Our Team Credentials ShrutiPundalik Chief Consultant – Santa Cruz Energy  Accomplished IT security professional with experience in India and USA across various industries.  Designed and implemented effective and efficient projects similar to Uber booking systems  Conducted architecture and interface design on the admission system for University of Baltimore, Maryland and other projects such as Bitcoin.  Professional trainings include; Matlab, Keil Uvision, Verilog, Khazama, CodeVisionAVR, C++, C, PL/SQL, Eagle 5.6, Multisim etc. ManaChuri Chief Consultant – Santa Cruz Energy  Highly experienced IT security specialist with experience in India and USA across many industries.  Worked with Dell on security system projects including managing and mentoring different teams.  Worked as an engineer at CISC Source responsible for remote on-site engineers etc.  Professional skills include; Kerberos, SSL, IPSec, IDS, IPS, Firewalls, Application Proxy, Wireless Security, Cisco CCNA, CCNP Routing & Switching, DHCP, DNS, Cisco CCNA, CCNP Routing & Switching, DHCP, DNS, C++, C, Python etc.
Partners Credentials JoachimNessere Chief Consultant – Afrik Santa Cruz  Highly skilled IT security trainer and consultant.  Served as the IT security training consultant for GIMPA, IPMC, Zentech Ghana etc.  Designed and implemented advanced server infrastructure across different systems  Professional accreditations include: Novell Certified Linux Administrator , Net IQ Identity, security etc. expert, MSPRP member, IAMCT Member etc. RajeshTripathy CEO/COO – Tectonas Softsolution  Accomplished IT security engineer and a businessman.  Established and run IT security company in India for the past 17 years  Executed large IT security infrastructure solutions across Asia, Africa and the United States.  Developed IT security software across key industries in India, Asia etc.
Contacts Afrik Santa Cruz 2nd Fl00r Chataeu Dieu, Adenta, Estate Accra, Ghana Phone: +233 208 703 344 john.selorm@afriksantacruz.com Santa Cruz Energy 124 Dickens Dr Coppell, Texas 75019-2104 United States Phone: +128 170 019 139 Bradley.pate@santacruzenergy.com Afrik Santa Cruz Abidjan, Cote d’Ivoire Phone: +255 045 728 04 Charles.kane@afriksantacruz.com info@afriksantacruz.com www.afriksantacruz.com THANKS
ANNEXURE I – OUR METHODOLOGY
Our Methodology Our methodology is comprehensive and systematic which focuses on meeting clients’ organisational objectives. We fully recognise the need to provide assurance on your system stability. The key benefits of our approach are: o Comprehensive & systematic; o Focus on areas considered as potentially & most likely to lead to breach in data or system malfunction; o Our procedures are based on project planning techniques, including the use of automated processes and document templates, and the agreement of objectives, timetables, responsibilities and careful resource planning; o The focus of our reports are to generate constructive and value added advice; and o Identifies performance improvement and cost reduction opportunities Understanding Your Business Risk Assessment Planning Field Work Critical Issues Reporting/ Implementation
Our Methodology (Cont..) UNDERSTANDING THE BUSINESS Our top-down risk-based approach ensures that the focus is on the issues that are of greatest importance to you and that we are in the most appropriate position to respond to them. Our system audit starts with a detailed understanding of your industry and business. Our approach is based on a top-down examination of the key drivers and system workflow of your business. The output is a balanced picture of how the company interacts with customers and external industry forces. We consider the implications of this analysis and use it to identify significant risks. We use industry specific business models to gain information on: • industry background including major players, regulatory changes and trends, • risks and drivers, • geographic issues, • descriptions of business processes, • benchmarks and best practice and • system risks.
Our Methodology (Cont..) RISK ASSESSMENT In order to run your business, you develop processes in IT systems to manage the factors that drive performance and help meet your objectives. We focus on those processes and systems to help yield meaningful results. This phase of our work enables us to obtain information on the processes supporting the achievement of the company’s goals. STRATEGY AND PLANNING Based on the understanding of a client’s business we devise a strategy. We then develop detailed programs to improve and guard your systems. FIELD WORK The work flows from strategic planning and risk assessment. The key element is to review and test the high level controls embedded in your processes, as significant weaknesses in your key processes could cost, both in terms of data loss and reputational damage. REPORTING AND IMPLEMENTATION We identify and discuss all critical issues with management. We then determine whether the Company’s system stability meet our expectations. We provide report and any other deliverables to management.
Our Methodology (Cont..) Our focused IT audit methodologies and tools also help to evaluate and test whether the Company’s information systems are configured for data integrity, are secure and are effectively managing the business needs. Our highly skilled business and IT personnel help identify aspects of IT that pose the highest risk to the Company. We then conduct a systematic, detailed review of those areas in which we: o identify appropriate IT control objectives that map to key business processes; o identify relevant IT policies and procedures and/or industry IT standards; and o evaluate the design of controls and test whether they are in place and operating effectively.
Our Methodology (Cont..) METHODOLOGIES • Continuity management • System capabilities & availability • Back and recovery • Data storage • Network penetration testing • Information security assessment • Enterprise security architecture & integration • Ongoing monitoring • Process documentation • Control risk analysis • Control & design implementation • Project risk assessment • Quality assurance • Project management methodology • Programme management processes
Our Methodology (Cont..) INTELLIGENT USE OF TECHNOLOGY Technology is only one component of an integrated approach that combines methodology, knowledge and technology into our tailored service to you. We deliver our system audit services using a fully automated audit software. This software is designed specifically to integrate knowledge management into the audit process. Technology can never be a substitute for face-to-face communications and we continue to rely on meetings with management to identify, resolve and communicate issues. Technology Knowledge Methodology
ANNEXURE II – WHY YOU NEED CYBERSECURITY
Why you need cybersecurity In today’s global, digital world, data rule. Many of our daily activities involves data paths. Safeguarding intellectual property, financial information, and your company’s reputation is a crucial part of business strategy. Cybercrime has become a big business. Cybercrime is costing the global economy up to $450 billion annually and it is expected to exceed 1 Trillion by 2020 (Report by Hamilton Place Strategies). The report also warns that “if you’re in business today, it’s nearly a guarantee you’ll be hacked at some point over the next couple of years”, which makes these findings all the more significant. The TRUTH IS, YOUR DATA HAS PROBABLY BEEN BREACHED WITHOUT YOUR KNOWLEDGE…you will only be confronted with the consequences in the future. IT security is about defense in depth. Providing such a security involves physical security as well as a well- designed network, control over the users and processes on the host itself, and regular maintenance.
Why you need cybersecurity (Cont..) Some cyber threats your organisation maybe exposed to without cybersecurity include: Categories of Threat Examples Deliberate software attacks Viruses, worms, macros, denial-of-service Technical software failures or errors Bugs, code problems, unknown loopholes Technological obsolescence Antiquated or outdated technologies Deliberate acts of information extortion Blackmail of information disclosure Deliberate acts of espionage or trespass Unauthorised access or data collection Compromises of intellectual property Piracy, copyright infringement Acts of human error or failure Accidents, employee mistakes Forces of nature Fire, flood, earthquake, lightning Deliberate acts of sabotage Destruction of system or information Deliberate acts of theft Illegal confiscation of equipment or information
Why you need cybersecurity (Cont..) Some attack replication vectors your organisation maybe exposed to without cybersecurity include: Vector Description Web browsing If an infected system has write access to any web page, it makes all web content files (.html, .asp, .cgi, etc.) infectious, so that users who browse to those pages become infected. Simple Network Management Protocol Attacking program gaining control of a device due to widely known and common password employed in early version of protocols. Virus Infection through common executable files through virus code Mass mail If an infected email runs through an address book, infected machine infects many users. Subsequently, mail-reading programs also automatically run the program and infect other systems. Unprotected shares Using vulnerabilities in file systems and the way organisations share configure them, the infected machine copies the viral component to all locations it can reach IP scan and attack The infected system scans random or local range of IP addresses and targets any of several vulnerabilities known to hacker from previous exploits such as Code Red, Back Orifice, or PoizonBox.
ANNEXURE III – OUR SERVICE CATALOGUE
Service Description When to be Proposed to Customer/Client Activity Incident Tracking and Audit Customer has had a major cyber-security incident where they may have had data loss, data corruption or systems not being available to the users/customers/partners Investigate incident and provide Survey Reports for; affected users and systems Cyber Security Audit Customer wants to implement Cyber Security Policy as per their defined Policies in the organization. Survey of; • End Points (PCs), • Servers • Network Equipment • BOYD Patterns • Shadow IT • User Behaviour Service catalogue
Service Description When to be Proposed to Customer/Client Activity Cyber Security Policy Rollout Customer wants to implement Cyber Security Policy as per their defined Policies in the organization. • IT Systems Survey • End User Training • Delivery of Audit Systems Cyber Security Policy Creation Customer has no Cyber Security Policy and wants to start new. • Detailed Survey of IT Systems • Identify IT & User Control Points • Identify Compliance Check Points Forensic Audit Customer has no idea of their current Cyber Security Posture or if they are compromised or not compromised. • Log Analysis • ID Presence of internal/external malicious agents • Forensic analysis to assess if IT systems are compromised or IT system availability analysis Service catalogue (Cont…)
Service Description When to be Proposed to Customer/Client Activity Cyber Defence Integration Customer has many cyber defense systems like anti-virus, firewalls etc. And, these systems are not working in an integrated manner. • Integrate disparate systems to single Dashboard • Identify Cyber Security Chock Points. Firewall Induction. Client does not have a firewall and wants to implement a firewall. • Identify make and model of Firewall that best suits the Clients needs. Acquire, install and commission the firewall. Firewall Review and Configuration Client has an existing firewall and has performance and security issues. • Capacity/Performance of the firewall. • Check firewall addresses i.e. security + performance needs of the client. • Upgrade, changes and recommission the firewall. Service catalogue (Cont…)
Service Description When to be Proposed to Customer/Client Activity Intrusion Prevention System (IPS) Induction. Client does not have a IPS and wants to implement a IPS. • Identify make and model of IPS that best suits the Clients needs. Acquire, install and commission the IPS. IPS Review and Configuration. Client has an existing IPS and has performance and security issues. • Identify make and model of Firewall that best suits the Clients needs. Acquire, install and commission the firewall. Firewall Review and Configuration Client has an existing firewall and has performance and security issues. • Do a capacity + performance of the IPS, and check whether the same IPS addresses the security + performance needs of the client. If yes, identify changes to IPS configuration. Upgrade the changes and recommission the IPS. Service catalogue (Cont…)
Service Description When to be Proposed to Customer/Client Activity Patch Management Induction. Client does not have a Patch Management and wants to implement a Patch Management. • Identify make and model of Patch Management that best suits the Clients needs. Acquire, install and commission the Patch Management. Patch Management Review and Configuration. Client has an existing Patch Management and has performance and security issues. • Do a capacity + performance of the Patch Management, and check whether the same Patch Management addresses the security + performance needs of the client. If yes, identify changes to Patch Management configuration. Upgrade the changes and recommission the Patch Management. Proxy Induction. Client does not have a Proxy and wants to implement a Proxy. • Identify make and model of Proxy that best suits the Clients needs. Acquire, install and commission the Proxy. Service catalogue (Cont…)
Service Description When to be Proposed to Customer/Client Activity Proxy Review and Configuration Client has an existing Proxy and has performance and security issues. • Do a capacity + performance of the Proxy, and check whether the same Proxy addresses the security + performance needs of the client. If yes, identify changes to Proxy configuration. Upgrade the changes and recommission the Proxy. Singly Sign-on (SSO) Induction. Client does not have a SSO and wants to implement a SSO. • Identify make and model of SSO that best suits the Clients needs. Acquire, install and commission the SSO. SSO Review and Configuration. Client has an existing SSO and has performance and security issues. • Do a capacity + performance of the SSO, and check whether the same SSO addresses the security + performance needs of the client. If yes, identify changes to SSO configuration. Upgrade the changes and recommission the SSO. Service catalogue (Cont…)
Service Description When to be Proposed to Customer/Client Activity Anti-Virus Induction. Client does not have a Anti-Virus and wants to implement a Anti-Virus. • Identify make and model of Anti-Virus that best suits the Clients needs. Acquire, install and commission the Anti-Virus. Anti-Virus Review and Configuration Client has an existing Anti-Virus and has performance and security issues. • Do a capacity + performance of the Anti- Virus, and check whether the same Anti-Virus addresses the security + performance needs of the client. If yes, identify changes to Anti- Virus configuration. Upgrade the changes and recommission the Anti-Virus. Data Loss Prevention (DLP) Induction. Client does not have a DLP and wants to implement a DLP. • Identify make and model of DLP that best suits the Clients needs. Acquire, install and commission the DLP. Service catalogue (Cont…)
Service Description When to be Proposed to Customer/Client Activity Data Loss Prevention (DLP) Review and Configuration Client has an existing DLP and has performance and security issues. • Do a capacity + performance of the DLP, and check whether the same DLP addresses the security + performance needs of the client. If yes, identify changes to DLP configuration. Upgrade the changes and recommission the DLP. Threat Intelligence System. Client has existing Security Policy and Audit Framework and wants pro-active Cyber Security Threat Information. • Security Posture Study of the Organization and Business Vertical. • Complete capability assessment of Key Cyber Security Team. Ransomware Mitigation Client perceives that they can be targeted or other peer organizations of the client have been targeted using Ransomware. • IT Systems Survey • User IT usage profile • User Critical Data/Process Survey Service catalogue (Cont…)
Service Description When to be Proposed to Customer/Client Activity Vulnerability Assessment and Penetration Testing Client wants to have a regular Vulnerability Assessment and Penetration Testing done of their IT Infra-structure.. • IT Systems Survey. • Network Survey Service catalogue (Cont…) Thanks

Recomendados

Security Proposal for High Profile/Government Individual
Security Proposal for High Profile/Government IndividualSecurity Proposal for High Profile/Government Individual
Security Proposal for High Profile/Government IndividualDayo Olujekun
 
Sample network vulnerability analysis proposal
Sample network vulnerability analysis proposalSample network vulnerability analysis proposal
Sample network vulnerability analysis proposalDavid Sweigert
 
IT SECURITY ASSESSMENT PROPOSAL
IT SECURITY ASSESSMENT PROPOSALIT SECURITY ASSESSMENT PROPOSAL
IT SECURITY ASSESSMENT PROPOSALCYBER SENSE
 
STIX, TAXII, CISA: Impact of the Cybersecurity Information Sharing Act of 2015
STIX, TAXII, CISA: Impact of the Cybersecurity Information Sharing Act of 2015STIX, TAXII, CISA: Impact of the Cybersecurity Information Sharing Act of 2015
STIX, TAXII, CISA: Impact of the Cybersecurity Information Sharing Act of 2015Priyanka Aash
 
CyberSecurity Certifications | CyberSecurity Career | CyberSecurity Certifica...
CyberSecurity Certifications | CyberSecurity Career | CyberSecurity Certifica...CyberSecurity Certifications | CyberSecurity Career | CyberSecurity Certifica...
CyberSecurity Certifications | CyberSecurity Career | CyberSecurity Certifica...Edureka!
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPrime Infoserv
 
Cyber Security Maturity Assessment
Cyber Security Maturity Assessment Cyber Security Maturity Assessment
Cyber Security Maturity AssessmentDoreen Loeber
 
Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)MetroStar
 

Recomendados

Security Proposal for High Profile/Government Individual
Security Proposal for High Profile/Government IndividualSecurity Proposal for High Profile/Government Individual
Security Proposal for High Profile/Government IndividualDayo Olujekun
 
Sample network vulnerability analysis proposal
Sample network vulnerability analysis proposalSample network vulnerability analysis proposal
Sample network vulnerability analysis proposalDavid Sweigert
 
IT SECURITY ASSESSMENT PROPOSAL
IT SECURITY ASSESSMENT PROPOSALIT SECURITY ASSESSMENT PROPOSAL
IT SECURITY ASSESSMENT PROPOSALCYBER SENSE
 
STIX, TAXII, CISA: Impact of the Cybersecurity Information Sharing Act of 2015
STIX, TAXII, CISA: Impact of the Cybersecurity Information Sharing Act of 2015STIX, TAXII, CISA: Impact of the Cybersecurity Information Sharing Act of 2015
STIX, TAXII, CISA: Impact of the Cybersecurity Information Sharing Act of 2015Priyanka Aash
 
CyberSecurity Certifications | CyberSecurity Career | CyberSecurity Certifica...
CyberSecurity Certifications | CyberSecurity Career | CyberSecurity Certifica...CyberSecurity Certifications | CyberSecurity Career | CyberSecurity Certifica...
CyberSecurity Certifications | CyberSecurity Career | CyberSecurity Certifica...Edureka!
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPrime Infoserv
 
Cyber Security Maturity Assessment
Cyber Security Maturity Assessment Cyber Security Maturity Assessment
Cyber Security Maturity AssessmentDoreen Loeber
 
Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)MetroStar
 
Upgrade Your SOC with Cortex XSOAR & Elastic SIEM
Upgrade Your SOC with Cortex XSOAR & Elastic SIEMUpgrade Your SOC with Cortex XSOAR & Elastic SIEM
Upgrade Your SOC with Cortex XSOAR & Elastic SIEMElasticsearch
 
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | Edureka
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | EdurekaTop 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | Edureka
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | EdurekaEdureka!
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
 
Information Security Architecture: Building Security Into Your Organziation
Information Security Architecture: Building Security Into Your OrganziationInformation Security Architecture: Building Security Into Your Organziation
Information Security Architecture: Building Security Into Your OrganziationSeccuris Inc.
 
Conducting a NIST Cybersecurity Framework (CSF) Assessment
Conducting a NIST Cybersecurity Framework (CSF) AssessmentConducting a NIST Cybersecurity Framework (CSF) Assessment
Conducting a NIST Cybersecurity Framework (CSF) AssessmentNicholas Davis
 
Cybersecurity - Overview
Cybersecurity - OverviewCybersecurity - Overview
Cybersecurity - OverviewThanuja Seneviratne
 
Cybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSCybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSJohn Gilligan
 
Security Operations, MITRE ATT&CK, SOC Roles / Competencies
Security Operations, MITRE ATT&CK, SOC Roles / Competencies Security Operations, MITRE ATT&CK, SOC Roles / Competencies
Security Operations, MITRE ATT&CK, SOC Roles / Competencies Harry McLaren
 
FireEye Portfolio
FireEye PortfolioFireEye Portfolio
FireEye PortfolioPrime Infoserv
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architectureBirendra Negi ☁️
 
ISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdfISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Cybersecurity Assessment Framework - Slideshare.pptx
Cybersecurity Assessment Framework - Slideshare.pptxCybersecurity Assessment Framework - Slideshare.pptx
Cybersecurity Assessment Framework - Slideshare.pptxAzra'ee Mamat
 
McAfee - McAfee Active Response (MAR) - Endpoint Detection & Response (EDR)
McAfee - McAfee Active Response (MAR) - Endpoint Detection & Response (EDR)McAfee - McAfee Active Response (MAR) - Endpoint Detection & Response (EDR)
McAfee - McAfee Active Response (MAR) - Endpoint Detection & Response (EDR)Iftikhar Ali Iqbal
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 Erick Kish, U.S. Commercial Service
 
Build an Information Security Strategy
Build an Information Security StrategyBuild an Information Security Strategy
Build an Information Security StrategyAndrew Byers
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMEAlienVault
 
How To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation SlidesHow To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation SlidesSlideTeam
 
Exploring the Labyrinth: Deep dive into the Lazarus Group's foray into macOS
Exploring the Labyrinth: Deep dive into the Lazarus Group's foray into macOSExploring the Labyrinth: Deep dive into the Lazarus Group's foray into macOS
Exploring the Labyrinth: Deep dive into the Lazarus Group's foray into macOSMITRE ATT&CK
 
Cyber Security For Organization Proposal Powerpoint Presentation Slides
Cyber Security For Organization Proposal Powerpoint Presentation SlidesCyber Security For Organization Proposal Powerpoint Presentation Slides
Cyber Security For Organization Proposal Powerpoint Presentation SlidesSlideTeam
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellenceErik Taavila
 
EDU 673 Week 6 Journal 2015 version
EDU 673 Week 6 Journal 2015 versionEDU 673 Week 6 Journal 2015 version
EDU 673 Week 6 Journal 2015 versioncoitoabbot
 
מכתב המלצה לאנטון
מכתב המלצה לאנטוןמכתב המלצה לאנטון
מכתב המלצה לאנטוןAnton Simonenko
 

Más contenido relacionado

La actualidad más candente

Upgrade Your SOC with Cortex XSOAR & Elastic SIEM
Upgrade Your SOC with Cortex XSOAR & Elastic SIEMUpgrade Your SOC with Cortex XSOAR & Elastic SIEM
Upgrade Your SOC with Cortex XSOAR & Elastic SIEMElasticsearch
 
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | Edureka
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | EdurekaTop 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | Edureka
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | EdurekaEdureka!
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
 
Information Security Architecture: Building Security Into Your Organziation
Information Security Architecture: Building Security Into Your OrganziationInformation Security Architecture: Building Security Into Your Organziation
Information Security Architecture: Building Security Into Your OrganziationSeccuris Inc.
 
Conducting a NIST Cybersecurity Framework (CSF) Assessment
Conducting a NIST Cybersecurity Framework (CSF) AssessmentConducting a NIST Cybersecurity Framework (CSF) Assessment
Conducting a NIST Cybersecurity Framework (CSF) AssessmentNicholas Davis
 
Cybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSCybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSJohn Gilligan
 
Security Operations, MITRE ATT&CK, SOC Roles / Competencies
Security Operations, MITRE ATT&CK, SOC Roles / Competencies Security Operations, MITRE ATT&CK, SOC Roles / Competencies
Security Operations, MITRE ATT&CK, SOC Roles / Competencies Harry McLaren
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architectureBirendra Negi ☁️
 
Cybersecurity Assessment Framework - Slideshare.pptx
Cybersecurity Assessment Framework - Slideshare.pptxCybersecurity Assessment Framework - Slideshare.pptx
Cybersecurity Assessment Framework - Slideshare.pptxAzra'ee Mamat
 
McAfee - McAfee Active Response (MAR) - Endpoint Detection & Response (EDR)
McAfee - McAfee Active Response (MAR) - Endpoint Detection & Response (EDR)McAfee - McAfee Active Response (MAR) - Endpoint Detection & Response (EDR)
McAfee - McAfee Active Response (MAR) - Endpoint Detection & Response (EDR)Iftikhar Ali Iqbal
 
Build an Information Security Strategy
Build an Information Security StrategyBuild an Information Security Strategy
Build an Information Security StrategyAndrew Byers
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMEAlienVault
 
How To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation SlidesHow To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation SlidesSlideTeam
 
Exploring the Labyrinth: Deep dive into the Lazarus Group's foray into macOS
Exploring the Labyrinth: Deep dive into the Lazarus Group's foray into macOSExploring the Labyrinth: Deep dive into the Lazarus Group's foray into macOS
Exploring the Labyrinth: Deep dive into the Lazarus Group's foray into macOSMITRE ATT&CK
 
Cyber Security For Organization Proposal Powerpoint Presentation Slides
Cyber Security For Organization Proposal Powerpoint Presentation SlidesCyber Security For Organization Proposal Powerpoint Presentation Slides
Cyber Security For Organization Proposal Powerpoint Presentation SlidesSlideTeam
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellenceErik Taavila
 

La actualidad más candente (20)

Upgrade Your SOC with Cortex XSOAR & Elastic SIEM
Upgrade Your SOC with Cortex XSOAR & Elastic SIEMUpgrade Your SOC with Cortex XSOAR & Elastic SIEM
Upgrade Your SOC with Cortex XSOAR & Elastic SIEM
 
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | Edureka
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | EdurekaTop 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | Edureka
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | Edureka
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
 
Information Security Architecture: Building Security Into Your Organziation
Information Security Architecture: Building Security Into Your OrganziationInformation Security Architecture: Building Security Into Your Organziation
Information Security Architecture: Building Security Into Your Organziation
 
Conducting a NIST Cybersecurity Framework (CSF) Assessment
Conducting a NIST Cybersecurity Framework (CSF) AssessmentConducting a NIST Cybersecurity Framework (CSF) Assessment
Conducting a NIST Cybersecurity Framework (CSF) Assessment
 
Cybersecurity - Overview
Cybersecurity - OverviewCybersecurity - Overview
Cybersecurity - Overview
 
Cybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSCybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHS
 
Security Operations, MITRE ATT&CK, SOC Roles / Competencies
Security Operations, MITRE ATT&CK, SOC Roles / Competencies Security Operations, MITRE ATT&CK, SOC Roles / Competencies
Security Operations, MITRE ATT&CK, SOC Roles / Competencies
 
FireEye Portfolio
FireEye PortfolioFireEye Portfolio
FireEye Portfolio
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architecture
 
ISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdfISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdf
 
Cybersecurity Assessment Framework - Slideshare.pptx
Cybersecurity Assessment Framework - Slideshare.pptxCybersecurity Assessment Framework - Slideshare.pptx
Cybersecurity Assessment Framework - Slideshare.pptx
 
McAfee - McAfee Active Response (MAR) - Endpoint Detection & Response (EDR)
McAfee - McAfee Active Response (MAR) - Endpoint Detection & Response (EDR)McAfee - McAfee Active Response (MAR) - Endpoint Detection & Response (EDR)
McAfee - McAfee Active Response (MAR) - Endpoint Detection & Response (EDR)
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101
 
Build an Information Security Strategy
Build an Information Security StrategyBuild an Information Security Strategy
Build an Information Security Strategy
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SME
 
How To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation SlidesHow To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation Slides
 
Exploring the Labyrinth: Deep dive into the Lazarus Group's foray into macOS
Exploring the Labyrinth: Deep dive into the Lazarus Group's foray into macOSExploring the Labyrinth: Deep dive into the Lazarus Group's foray into macOS
Exploring the Labyrinth: Deep dive into the Lazarus Group's foray into macOS
 
Cyber Security For Organization Proposal Powerpoint Presentation Slides
Cyber Security For Organization Proposal Powerpoint Presentation SlidesCyber Security For Organization Proposal Powerpoint Presentation Slides
Cyber Security For Organization Proposal Powerpoint Presentation Slides
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellence
 

Destacado

EDU 673 Week 6 Journal 2015 version
EDU 673 Week 6 Journal 2015 versionEDU 673 Week 6 Journal 2015 version
EDU 673 Week 6 Journal 2015 versioncoitoabbot
 
מכתב המלצה לאנטון
מכתב המלצה לאנטוןמכתב המלצה לאנטון
מכתב המלצה לאנטוןAnton Simonenko
 
شهادة خبرة بافاريان English
شهادة خبرة بافاريان Englishشهادة خبرة بافاريان English
شهادة خبرة بافاريان EnglishMuhammad Saleh
 
WICF Grass Roots Compliance
WICF Grass Roots ComplianceWICF Grass Roots Compliance
WICF Grass Roots ComplianceEnergySec
 
Distributor information
Distributor informationDistributor information
Distributor informationSharleneGandhi
 
Te Connectivity Q4 2016 Earnings Presentation
Te Connectivity Q4 2016 Earnings PresentationTe Connectivity Q4 2016 Earnings Presentation
Te Connectivity Q4 2016 Earnings PresentationTEConnectivityltd
 
Self evaluation
Self evaluationSelf evaluation
Self evaluationaegeanlyq
 
Final curriculum project
Final curriculum projectFinal curriculum project
Final curriculum projectsuwonchoi
 
Curriculum Development Project
Curriculum Development ProjectCurriculum Development Project
Curriculum Development ProjectMarc Daly
 

Destacado (11)

EDU 673 Week 6 Journal 2015 version
EDU 673 Week 6 Journal 2015 versionEDU 673 Week 6 Journal 2015 version
EDU 673 Week 6 Journal 2015 version
 
מכתב המלצה לאנטון
מכתב המלצה לאנטוןמכתב המלצה לאנטון
מכתב המלצה לאנטון
 
RAMPZO PPT
RAMPZO PPTRAMPZO PPT
RAMPZO PPT
 
ada-timeline
ada-timelineada-timeline
ada-timeline
 
شهادة خبرة بافاريان English
شهادة خبرة بافاريان Englishشهادة خبرة بافاريان English
شهادة خبرة بافاريان English
 
WICF Grass Roots Compliance
WICF Grass Roots ComplianceWICF Grass Roots Compliance
WICF Grass Roots Compliance
 
Distributor information
Distributor informationDistributor information
Distributor information
 
Te Connectivity Q4 2016 Earnings Presentation
Te Connectivity Q4 2016 Earnings PresentationTe Connectivity Q4 2016 Earnings Presentation
Te Connectivity Q4 2016 Earnings Presentation
 
Self evaluation
Self evaluationSelf evaluation
Self evaluation
 
Final curriculum project
Final curriculum projectFinal curriculum project
Final curriculum project
 
Curriculum Development Project
Curriculum Development ProjectCurriculum Development Project
Curriculum Development Project
 

Similar a 20161021 JS Cybersecurity Service Proposal

Welcome to the World of the BPS Security Practice
Welcome to the World of the BPS Security PracticeWelcome to the World of the BPS Security Practice
Welcome to the World of the BPS Security PracticeEdwin Soares
 
All Covered Finance_Brochure
All Covered Finance_BrochureAll Covered Finance_Brochure
All Covered Finance_BrochureCarolyn Tarrant
 
Cleared Job Fair Job Seeker Handbook March 7, BWI, MD
Cleared Job Fair Job Seeker Handbook March 7, BWI, MDCleared Job Fair Job Seeker Handbook March 7, BWI, MD
Cleared Job Fair Job Seeker Handbook March 7, BWI, MDClearedJobs.Net
 
CI or FS Poly Cleared Job Fair Handbook | DC, MD, VA
CI or FS Poly Cleared Job Fair Handbook | DC, MD, VACI or FS Poly Cleared Job Fair Handbook | DC, MD, VA
CI or FS Poly Cleared Job Fair Handbook | DC, MD, VAClearedJobs.Net
 
Cyber Job Fair Job Seeker Handbook Oct 29, 2014, Baltimore, MD
Cyber Job Fair Job Seeker Handbook Oct 29, 2014, Baltimore, MDCyber Job Fair Job Seeker Handbook Oct 29, 2014, Baltimore, MD
Cyber Job Fair Job Seeker Handbook Oct 29, 2014, Baltimore, MDClearedJobs.Net
 
company profile for SH
company profile for SHcompany profile for SH
company profile for SHMadiha Asif
 
Companys Profile _ global matrix pvt ltd _Latest
Companys Profile _ global matrix pvt ltd _LatestCompanys Profile _ global matrix pvt ltd _Latest
Companys Profile _ global matrix pvt ltd _LatestAlok Dwivedi
 
Poly-Only Cleared Job Fair Job Seeker Handbook May 21, 2019, BWI, MD
Poly-Only Cleared Job Fair Job Seeker Handbook May 21, 2019, BWI, MDPoly-Only Cleared Job Fair Job Seeker Handbook May 21, 2019, BWI, MD
Poly-Only Cleared Job Fair Job Seeker Handbook May 21, 2019, BWI, MDClearedJobs.Net
 
CI or FS Poly Cleared Job Fair Handbook | May 18
CI or FS Poly Cleared Job Fair Handbook | May 18CI or FS Poly Cleared Job Fair Handbook | May 18
CI or FS Poly Cleared Job Fair Handbook | May 18ClearedJobs.Net
 
ID Tech PPT.pdf
ID Tech PPT.pdfID Tech PPT.pdf
ID Tech PPT.pdfCReddy7
 
Cleared Job Fair Handbook | October 5
Cleared Job Fair Handbook | October 5Cleared Job Fair Handbook | October 5
Cleared Job Fair Handbook | October 5ClearedJobs.Net
 
CI or FS Poly Cleared Job Fair Handbook | May 18
CI or FS Poly Cleared Job Fair Handbook | May 18 CI or FS Poly Cleared Job Fair Handbook | May 18
CI or FS Poly Cleared Job Fair Handbook | May 18 ClearedJobs.Net
 
IDC Technologies Presentation New
IDC Technologies Presentation NewIDC Technologies Presentation New
IDC Technologies Presentation NewVineet Mahajan
 
Brochure cott group
Brochure cott groupBrochure cott group
Brochure cott groupCOTT Group
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationWilliam McBorrough
 

Similar a 20161021 JS Cybersecurity Service Proposal (20)

Welcome to the World of the BPS Security Practice
Welcome to the World of the BPS Security PracticeWelcome to the World of the BPS Security Practice
Welcome to the World of the BPS Security Practice
 
All Covered Finance_Brochure
All Covered Finance_BrochureAll Covered Finance_Brochure
All Covered Finance_Brochure
 
Cleared Job Fair Job Seeker Handbook March 7, BWI, MD
Cleared Job Fair Job Seeker Handbook March 7, BWI, MDCleared Job Fair Job Seeker Handbook March 7, BWI, MD
Cleared Job Fair Job Seeker Handbook March 7, BWI, MD
 
Avalance Company Presentation 2016
Avalance Company Presentation 2016Avalance Company Presentation 2016
Avalance Company Presentation 2016
 
CI or FS Poly Cleared Job Fair Handbook | DC, MD, VA
CI or FS Poly Cleared Job Fair Handbook | DC, MD, VACI or FS Poly Cleared Job Fair Handbook | DC, MD, VA
CI or FS Poly Cleared Job Fair Handbook | DC, MD, VA
 
Cyber Job Fair Job Seeker Handbook Oct 29, 2014, Baltimore, MD
Cyber Job Fair Job Seeker Handbook Oct 29, 2014, Baltimore, MDCyber Job Fair Job Seeker Handbook Oct 29, 2014, Baltimore, MD
Cyber Job Fair Job Seeker Handbook Oct 29, 2014, Baltimore, MD
 
company profile for SH
company profile for SHcompany profile for SH
company profile for SH
 
Company Overview - Velocity Network Solutions
Company Overview - Velocity Network SolutionsCompany Overview - Velocity Network Solutions
Company Overview - Velocity Network Solutions
 
Companys Profile _ global matrix pvt ltd _Latest
Companys Profile _ global matrix pvt ltd _LatestCompanys Profile _ global matrix pvt ltd _Latest
Companys Profile _ global matrix pvt ltd _Latest
 
Poly-Only Cleared Job Fair Job Seeker Handbook May 21, 2019, BWI, MD
Poly-Only Cleared Job Fair Job Seeker Handbook May 21, 2019, BWI, MDPoly-Only Cleared Job Fair Job Seeker Handbook May 21, 2019, BWI, MD
Poly-Only Cleared Job Fair Job Seeker Handbook May 21, 2019, BWI, MD
 
CI or FS Poly Cleared Job Fair Handbook | May 18
CI or FS Poly Cleared Job Fair Handbook | May 18CI or FS Poly Cleared Job Fair Handbook | May 18
CI or FS Poly Cleared Job Fair Handbook | May 18
 
ID Tech PPT.pdf
ID Tech PPT.pdfID Tech PPT.pdf
ID Tech PPT.pdf
 
DEPL Consulting Brochure
DEPL Consulting BrochureDEPL Consulting Brochure
DEPL Consulting Brochure
 
Cleared Job Fair Handbook | October 5
Cleared Job Fair Handbook | October 5Cleared Job Fair Handbook | October 5
Cleared Job Fair Handbook | October 5
 
CI or FS Poly Cleared Job Fair Handbook | May 18
CI or FS Poly Cleared Job Fair Handbook | May 18 CI or FS Poly Cleared Job Fair Handbook | May 18
CI or FS Poly Cleared Job Fair Handbook | May 18
 
Infoprive Brochure
Infoprive Brochure Infoprive Brochure
Infoprive Brochure
 
IDC Technologies Presentation New
IDC Technologies Presentation NewIDC Technologies Presentation New
IDC Technologies Presentation New
 
Brochure cott group
Brochure cott groupBrochure cott group
Brochure cott group
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service Presentation
 
ARITA Brochure
ARITA Brochure ARITA Brochure
ARITA Brochure
 

20161021 JS Cybersecurity Service Proposal

  • 1. Proposal to provide cybersecurity services Accra & Abidjan
  • 2. Content Background Your requirements Our Promise About Afrik Santa Cruz Our differentiating factors Our key clients Team experiences Quality assured Clear and continuous communication Our team and affiliates Contact details Annexure I – Our methodology Annexure II – Why you need cybersecurity Annexure III – Service Catalogue
  • 3.  Afrik Santa Cruz is an indigenous engineering service company with affiliates in Africa, Americas and Asia. It offers wide range of services in the petroleum, housing and IT sectors.  It is managed by highly experienced professionals focused on tailored engineering solutions for optimum customer satisfaction. About us  Highly practical and advanced hybrid delivery model.  Strong delivery capability to take on any complex project as far as it is cybersecurity related.  We prefer holding hands to shaking hands.  Cybersecurity solution is our main focus. Theory of change  We are a true local company but with our global reach, we offer a very high level practical experience, know-how, contacts, and confidentiality.  Reasonably priced fees commensurate with high quality delivery.  Professional delivery as would be expected of a large multinational. Value proposition  Our goal is to change the engineering landscape in the Sub-Region by bringing, well-thought-out, innovative and expert driven solutions to our clients.  ASC aims to be an emerging market leader in engineering services. This is evident in its strategic alliance with top firms like, Alphabet Energy International and WaterFX, Tectonas Softsolutions etc. Mission Background… know us better…
  • 4. Your requirements  You require a firm with not only demonstrable skills and experience in your sector, but also the ability to deliver seamless information security system and business support services that match your development plans;  You also want a solution provider that operates on a professional and personal level resulting in solutions tailored to your needs. While we operate in an environment that demands honed technical ability and a degree of formality, arising from the professional standards we observe, we regard ourselves as a flexible and responsive team that has client relationships at its heart; and  You need cybersecurity solution relevant for tomorrow's environment  You want experts who know their trade/specialty and are sincere about projects that do not fall within the bounds of their capabilities.
  • 5. Our Promise Our professionalism is demonstrated in our;  Commitment; our management and staff are absolutely committed to client satisfaction. We are dedicated to the provision of unique, quality and distinguished client services. We do this by channeling our best resources to meet clients’ needs.  Understanding; our approach to services is driven largely by our ability to obtain a clear understanding of our clients’ specific needs. Our philosophy is to provide only services beneficial to our clients.  Support; our unique strength lies in drawing on a pool of specialists worldwide to supplement skills unavailable at specific locations to ensure total client satisfaction.  Efficiency; we provide services by riding on efficiency in a co-operative environment.
  • 6. About Afrik Santa Cruz Ltd (ASC) ASC is a Ghanaian company that provides expert services by localizing international engineering solutions… To make life easier, it is a well-documented fact that humans are altering the usual ways of communicating at all scales and unprecedented rate. For this reason, everyone is a major stakeholder in the cyberspace. Enterprises rely on IT infrastructure to expand operations and enhance productivity. The increasing reliance on IT systems brings about many challenges from sophisticated IT support system requirement to increasing IT spending. To tackle these problems ASC adopts an innovative and no-nonsense engineering centered approach to solving problems. IT security can be defined as data breach/loss or reduced information system workflow that can adversely affect the achievement of organisation’s objectives. IT security issue can be both internally and externally generated. Unlike time past, security issues these days are fueled by economic reasons. When greed overtakes need, it spells trouble. These can stem from corrupt employees to shady investors seeking ways to exploit information systems for their advantage.
  • 7. About Afrik Santa Cruz (cont…) Increased dependence on IT will only enhance the risks of doing business. In today’s world, IT security risks are not few. The reason companies so often fail to systematically manage these risks is rooted in the way they define and manage them. ASC has strong alliance with companies in the US and India to meet IT infrastructure problems. Together with its affiliate partners, ASC has a team of more than 130 dedicated and highly trained systems engineers who work on Kernel level modules, Mini Filter drivers, File Systems Drivers, Network drivers to deliver easy to use and highly secure systems. We are staffed with qualified professionals viz. BSc, CA, ACCA, CS, CISCO, CISSP, CISA, CRISC, and MSc etc.
  • 8. About Afrik Santa Cruz (cont…) Products & Services Our product portfolio encompasses the following broad services; Under the above broad services, we proffer more than 25 specific cyber security related services. These explicit solutions are tailored suit clients’ environments. Our comprehensive service catalogue which spells out service deliverables is available upon request (Refer to appendix II for the abridged version). • Secure Remote Management • Data Leak Protection • Forensic and Security • Patch Management • Vulnerability assessment • IT Infrastructure Management • Desktop Monitoring • Asset Management • Change Management • Green Management • Firewall • IPS • Anti-Virus • Content Filtering • Surveillance System Management
  • 9. Our Differentiating Factors • Value for Money • Strengths in relation to Business Model and Objectives – Track Record of Ethical Practice • Unique combination of international, senior, hands on industry experience, across all areas of requirement • Building enduring relationships with all our clients as trusted business partner • Strengths in relations to requirements – Track Record in geographical, Professional and Business areas • Adding value to client and protection their business is paramount • Strength in relation to Implementation Plan – Track Record in geographical, Professional areas Our highly analytical team will help: • Protect applications implemented on your IT systems • Protect your data or system’s ability to function • Enable safe collection and usage of data • Safeguard technology assets in use
  • 10. Some of our Clients
  • 12. Quality Assurance Quality control and quality management is of paramount importance Our team is sufficiently resourced through our rigorous ethical values to develop and deliver quality services to our clients. Criminal background checks are conducted on employees by the Criminal Investigation Department of Ghana Police Service. Personnel adhere to standards of Integrity, Independence, Confidentiality and Objectivity. Our professionals are required to attend business specific continuing education courses, internal and external industry trainings. CONTINUOUS IMPROVEMENT Quality culture Analysis & Planning Our operating policies are based upon and are fully compliant with International Standards. In addition, there is a Quality Review Programme which ensures that our review process is in compliance with documented policies and procedures. Quality performance reviews are an integral component of our system of quality control. Delivery Measure Results HRM Processes Order
  • 13. Clear Continuous Communication We are well aware of your confidentiality requirements hence we are committed to maintaining strict code of confidentiality. Our firm policy requires that affairs of clients be confidentially kept at all times. At ASC, open and honest communication is a Core Value. Our experience leaves us in no doubt that a successful relationship is based on trust and candid, proactive communication. Regular and open two-way communication is fundamental to all aspects of our services. As an initial priority, we will agree with you the Communication Plan for all our key meetings. This will help ensure there are formal and informal opportunities for all key stakeholders to be kept informed on issues of importance.
  • 14. Our Team Credentials BradleyPate International Director – Afrik Santa Cruz  Accomplished Petroleum Engineer and a businessman.  More than 33 years Project Management and Petroleum Engineering  More than 25 international experience in every continent except Australia and Asia.  Led Projects with budget exceeding US$700 million JohnSelorm Principal – Afrik Santa Cruz  Accomplished Chartered Accountant.  Strong IT background and worked with top accounting firms in the world on client systems.  Worked with clients in a wide variety of industries including trading, retail and consumer goods, NGO, manufacturing and banking and finance. Major clients include banks, investment companies, manufacturing organizations etc
  • 15. Our Team Credentials CharlesKane Chief Information Officer – Afrik Santa Cruz  Highly experienced IT professional  Over 13 years in IT resource management experience  Managed Information System’s projects on oil fields in Ghana, Cote D’Ivoire, Sierra Leonne etc.  Harvard college trained with diverse IT skills and professional qualification including; CISA, Red hat os/mail, web, satellite operation and installation, Cisco CCNA etc. PerryGreene Principal Consultant – Santa Cruz Energy  Highly accomplished IT security professional with experience across various industries in USA.  More than 11 years information security and compliance experience  Strong in vendor audits on ISO27001 and 27002 control and other compliance frameworks like COSO, COBIT, NIST, ISO etc.  Professional trainings include; six sigma, Cisco CCNA, CISSP, CISA, VMWare, Qualys, Archer, Qradar, CRISC, MCP, Arcserv, SAP PCI HIPAA SOX etc.
  • 16. Our Team Credentials ShrutiPundalik Chief Consultant – Santa Cruz Energy  Accomplished IT security professional with experience in India and USA across various industries.  Designed and implemented effective and efficient projects similar to Uber booking systems  Conducted architecture and interface design on the admission system for University of Baltimore, Maryland and other projects such as Bitcoin.  Professional trainings include; Matlab, Keil Uvision, Verilog, Khazama, CodeVisionAVR, C++, C, PL/SQL, Eagle 5.6, Multisim etc. ManaChuri Chief Consultant – Santa Cruz Energy  Highly experienced IT security specialist with experience in India and USA across many industries.  Worked with Dell on security system projects including managing and mentoring different teams.  Worked as an engineer at CISC Source responsible for remote on-site engineers etc.  Professional skills include; Kerberos, SSL, IPSec, IDS, IPS, Firewalls, Application Proxy, Wireless Security, Cisco CCNA, CCNP Routing & Switching, DHCP, DNS, Cisco CCNA, CCNP Routing & Switching, DHCP, DNS, C++, C, Python etc.
  • 17. Partners Credentials JoachimNessere Chief Consultant – Afrik Santa Cruz  Highly skilled IT security trainer and consultant.  Served as the IT security training consultant for GIMPA, IPMC, Zentech Ghana etc.  Designed and implemented advanced server infrastructure across different systems  Professional accreditations include: Novell Certified Linux Administrator , Net IQ Identity, security etc. expert, MSPRP member, IAMCT Member etc. RajeshTripathy CEO/COO – Tectonas Softsolution  Accomplished IT security engineer and a businessman.  Established and run IT security company in India for the past 17 years  Executed large IT security infrastructure solutions across Asia, Africa and the United States.  Developed IT security software across key industries in India, Asia etc.
  • 18. Contacts Afrik Santa Cruz 2nd Fl00r Chataeu Dieu, Adenta, Estate Accra, Ghana Phone: +233 208 703 344 john.selorm@afriksantacruz.com Santa Cruz Energy 124 Dickens Dr Coppell, Texas 75019-2104 United States Phone: +128 170 019 139 Bradley.pate@santacruzenergy.com Afrik Santa Cruz Abidjan, Cote d’Ivoire Phone: +255 045 728 04 Charles.kane@afriksantacruz.com info@afriksantacruz.com www.afriksantacruz.com THANKS
  • 19. ANNEXURE I – OUR METHODOLOGY
  • 20. Our Methodology Our methodology is comprehensive and systematic which focuses on meeting clients’ organisational objectives. We fully recognise the need to provide assurance on your system stability. The key benefits of our approach are: o Comprehensive & systematic; o Focus on areas considered as potentially & most likely to lead to breach in data or system malfunction; o Our procedures are based on project planning techniques, including the use of automated processes and document templates, and the agreement of objectives, timetables, responsibilities and careful resource planning; o The focus of our reports are to generate constructive and value added advice; and o Identifies performance improvement and cost reduction opportunities Understanding Your Business Risk Assessment Planning Field Work Critical Issues Reporting/ Implementation
  • 21. Our Methodology (Cont..) UNDERSTANDING THE BUSINESS Our top-down risk-based approach ensures that the focus is on the issues that are of greatest importance to you and that we are in the most appropriate position to respond to them. Our system audit starts with a detailed understanding of your industry and business. Our approach is based on a top-down examination of the key drivers and system workflow of your business. The output is a balanced picture of how the company interacts with customers and external industry forces. We consider the implications of this analysis and use it to identify significant risks. We use industry specific business models to gain information on: • industry background including major players, regulatory changes and trends, • risks and drivers, • geographic issues, • descriptions of business processes, • benchmarks and best practice and • system risks.
  • 22. Our Methodology (Cont..) RISK ASSESSMENT In order to run your business, you develop processes in IT systems to manage the factors that drive performance and help meet your objectives. We focus on those processes and systems to help yield meaningful results. This phase of our work enables us to obtain information on the processes supporting the achievement of the company’s goals. STRATEGY AND PLANNING Based on the understanding of a client’s business we devise a strategy. We then develop detailed programs to improve and guard your systems. FIELD WORK The work flows from strategic planning and risk assessment. The key element is to review and test the high level controls embedded in your processes, as significant weaknesses in your key processes could cost, both in terms of data loss and reputational damage. REPORTING AND IMPLEMENTATION We identify and discuss all critical issues with management. We then determine whether the Company’s system stability meet our expectations. We provide report and any other deliverables to management.
  • 23. Our Methodology (Cont..) Our focused IT audit methodologies and tools also help to evaluate and test whether the Company’s information systems are configured for data integrity, are secure and are effectively managing the business needs. Our highly skilled business and IT personnel help identify aspects of IT that pose the highest risk to the Company. We then conduct a systematic, detailed review of those areas in which we: o identify appropriate IT control objectives that map to key business processes; o identify relevant IT policies and procedures and/or industry IT standards; and o evaluate the design of controls and test whether they are in place and operating effectively.
  • 24. Our Methodology (Cont..) METHODOLOGIES • Continuity management • System capabilities & availability • Back and recovery • Data storage • Network penetration testing • Information security assessment • Enterprise security architecture & integration • Ongoing monitoring • Process documentation • Control risk analysis • Control & design implementation • Project risk assessment • Quality assurance • Project management methodology • Programme management processes
  • 25. Our Methodology (Cont..) INTELLIGENT USE OF TECHNOLOGY Technology is only one component of an integrated approach that combines methodology, knowledge and technology into our tailored service to you. We deliver our system audit services using a fully automated audit software. This software is designed specifically to integrate knowledge management into the audit process. Technology can never be a substitute for face-to-face communications and we continue to rely on meetings with management to identify, resolve and communicate issues. Technology Knowledge Methodology
  • 26. ANNEXURE II – WHY YOU NEED CYBERSECURITY
  • 27. Why you need cybersecurity In today’s global, digital world, data rule. Many of our daily activities involves data paths. Safeguarding intellectual property, financial information, and your company’s reputation is a crucial part of business strategy. Cybercrime has become a big business. Cybercrime is costing the global economy up to $450 billion annually and it is expected to exceed 1 Trillion by 2020 (Report by Hamilton Place Strategies). The report also warns that “if you’re in business today, it’s nearly a guarantee you’ll be hacked at some point over the next couple of years”, which makes these findings all the more significant. The TRUTH IS, YOUR DATA HAS PROBABLY BEEN BREACHED WITHOUT YOUR KNOWLEDGE…you will only be confronted with the consequences in the future. IT security is about defense in depth. Providing such a security involves physical security as well as a well- designed network, control over the users and processes on the host itself, and regular maintenance.
  • 28. Why you need cybersecurity (Cont..) Some cyber threats your organisation maybe exposed to without cybersecurity include: Categories of Threat Examples Deliberate software attacks Viruses, worms, macros, denial-of-service Technical software failures or errors Bugs, code problems, unknown loopholes Technological obsolescence Antiquated or outdated technologies Deliberate acts of information extortion Blackmail of information disclosure Deliberate acts of espionage or trespass Unauthorised access or data collection Compromises of intellectual property Piracy, copyright infringement Acts of human error or failure Accidents, employee mistakes Forces of nature Fire, flood, earthquake, lightning Deliberate acts of sabotage Destruction of system or information Deliberate acts of theft Illegal confiscation of equipment or information
  • 29. Why you need cybersecurity (Cont..) Some attack replication vectors your organisation maybe exposed to without cybersecurity include: Vector Description Web browsing If an infected system has write access to any web page, it makes all web content files (.html, .asp, .cgi, etc.) infectious, so that users who browse to those pages become infected. Simple Network Management Protocol Attacking program gaining control of a device due to widely known and common password employed in early version of protocols. Virus Infection through common executable files through virus code Mass mail If an infected email runs through an address book, infected machine infects many users. Subsequently, mail-reading programs also automatically run the program and infect other systems. Unprotected shares Using vulnerabilities in file systems and the way organisations share configure them, the infected machine copies the viral component to all locations it can reach IP scan and attack The infected system scans random or local range of IP addresses and targets any of several vulnerabilities known to hacker from previous exploits such as Code Red, Back Orifice, or PoizonBox.
  • 30. ANNEXURE III – OUR SERVICE CATALOGUE
  • 31. Service Description When to be Proposed to Customer/Client Activity Incident Tracking and Audit Customer has had a major cyber-security incident where they may have had data loss, data corruption or systems not being available to the users/customers/partners Investigate incident and provide Survey Reports for; affected users and systems Cyber Security Audit Customer wants to implement Cyber Security Policy as per their defined Policies in the organization. Survey of; • End Points (PCs), • Servers • Network Equipment • BOYD Patterns • Shadow IT • User Behaviour Service catalogue
  • 32. Service Description When to be Proposed to Customer/Client Activity Cyber Security Policy Rollout Customer wants to implement Cyber Security Policy as per their defined Policies in the organization. • IT Systems Survey • End User Training • Delivery of Audit Systems Cyber Security Policy Creation Customer has no Cyber Security Policy and wants to start new. • Detailed Survey of IT Systems • Identify IT & User Control Points • Identify Compliance Check Points Forensic Audit Customer has no idea of their current Cyber Security Posture or if they are compromised or not compromised. • Log Analysis • ID Presence of internal/external malicious agents • Forensic analysis to assess if IT systems are compromised or IT system availability analysis Service catalogue (Cont…)
  • 33. Service Description When to be Proposed to Customer/Client Activity Cyber Defence Integration Customer has many cyber defense systems like anti-virus, firewalls etc. And, these systems are not working in an integrated manner. • Integrate disparate systems to single Dashboard • Identify Cyber Security Chock Points. Firewall Induction. Client does not have a firewall and wants to implement a firewall. • Identify make and model of Firewall that best suits the Clients needs. Acquire, install and commission the firewall. Firewall Review and Configuration Client has an existing firewall and has performance and security issues. • Capacity/Performance of the firewall. • Check firewall addresses i.e. security + performance needs of the client. • Upgrade, changes and recommission the firewall. Service catalogue (Cont…)
  • 34. Service Description When to be Proposed to Customer/Client Activity Intrusion Prevention System (IPS) Induction. Client does not have a IPS and wants to implement a IPS. • Identify make and model of IPS that best suits the Clients needs. Acquire, install and commission the IPS. IPS Review and Configuration. Client has an existing IPS and has performance and security issues. • Identify make and model of Firewall that best suits the Clients needs. Acquire, install and commission the firewall. Firewall Review and Configuration Client has an existing firewall and has performance and security issues. • Do a capacity + performance of the IPS, and check whether the same IPS addresses the security + performance needs of the client. If yes, identify changes to IPS configuration. Upgrade the changes and recommission the IPS. Service catalogue (Cont…)
  • 35. Service Description When to be Proposed to Customer/Client Activity Patch Management Induction. Client does not have a Patch Management and wants to implement a Patch Management. • Identify make and model of Patch Management that best suits the Clients needs. Acquire, install and commission the Patch Management. Patch Management Review and Configuration. Client has an existing Patch Management and has performance and security issues. • Do a capacity + performance of the Patch Management, and check whether the same Patch Management addresses the security + performance needs of the client. If yes, identify changes to Patch Management configuration. Upgrade the changes and recommission the Patch Management. Proxy Induction. Client does not have a Proxy and wants to implement a Proxy. • Identify make and model of Proxy that best suits the Clients needs. Acquire, install and commission the Proxy. Service catalogue (Cont…)
  • 36. Service Description When to be Proposed to Customer/Client Activity Proxy Review and Configuration Client has an existing Proxy and has performance and security issues. • Do a capacity + performance of the Proxy, and check whether the same Proxy addresses the security + performance needs of the client. If yes, identify changes to Proxy configuration. Upgrade the changes and recommission the Proxy. Singly Sign-on (SSO) Induction. Client does not have a SSO and wants to implement a SSO. • Identify make and model of SSO that best suits the Clients needs. Acquire, install and commission the SSO. SSO Review and Configuration. Client has an existing SSO and has performance and security issues. • Do a capacity + performance of the SSO, and check whether the same SSO addresses the security + performance needs of the client. If yes, identify changes to SSO configuration. Upgrade the changes and recommission the SSO. Service catalogue (Cont…)
  • 37. Service Description When to be Proposed to Customer/Client Activity Anti-Virus Induction. Client does not have a Anti-Virus and wants to implement a Anti-Virus. • Identify make and model of Anti-Virus that best suits the Clients needs. Acquire, install and commission the Anti-Virus. Anti-Virus Review and Configuration Client has an existing Anti-Virus and has performance and security issues. • Do a capacity + performance of the Anti- Virus, and check whether the same Anti-Virus addresses the security + performance needs of the client. If yes, identify changes to Anti- Virus configuration. Upgrade the changes and recommission the Anti-Virus. Data Loss Prevention (DLP) Induction. Client does not have a DLP and wants to implement a DLP. • Identify make and model of DLP that best suits the Clients needs. Acquire, install and commission the DLP. Service catalogue (Cont…)
  • 38. Service Description When to be Proposed to Customer/Client Activity Data Loss Prevention (DLP) Review and Configuration Client has an existing DLP and has performance and security issues. • Do a capacity + performance of the DLP, and check whether the same DLP addresses the security + performance needs of the client. If yes, identify changes to DLP configuration. Upgrade the changes and recommission the DLP. Threat Intelligence System. Client has existing Security Policy and Audit Framework and wants pro-active Cyber Security Threat Information. • Security Posture Study of the Organization and Business Vertical. • Complete capability assessment of Key Cyber Security Team. Ransomware Mitigation Client perceives that they can be targeted or other peer organizations of the client have been targeted using Ransomware. • IT Systems Survey • User IT usage profile • User Critical Data/Process Survey Service catalogue (Cont…)
  • 39. Service Description When to be Proposed to Customer/Client Activity Vulnerability Assessment and Penetration Testing Client wants to have a regular Vulnerability Assessment and Penetration Testing done of their IT Infra-structure.. • IT Systems Survey. • Network Survey Service catalogue (Cont…) Thanks