 |
Enterprises are inevitably increasing dependent on information and the related systems to
make quality decisions, and that an efficient and effective information infrastructure is
critical to business survival and success in the knowledge-based economy.
Nowadays, security and control risks are continually changing and can easily outpace the
learning curve of even the best CIO, CISO and CAE. Failures in information systems not
just adversely affect the reputation and existence of the business entity, the management
may also violate relevant regulatory requirements and even incur legal liabilities.
Capitalize on 50 years of aggregated security and IT auditing experiences in banking,
insurance, securities, government, and hi-tech manufacturing sectors, i-TotalSecurity offers
a full-spectrum consultancy services on the governance of IT and information security, so as
to help enterprises discharge their fiduciary, regulatory or even legal responsibilities on
IT control and security.
Our 360-degree IT and information security governance consultancy includes:
ISO 27001 Certification Consultancy
ISO 27001 is the International Standard for Information Security Management. It specifies the requirements of an Information Security Management System (ISMS) and
provides a comprehensive set of 133 security controls. Implementing a world-class ISMS in the organization and get it certified are definitely a competitive advantage.
Based on our successful implementation experiences, i-TotalSecurity provides the ISO 27001 Certification Consultancy service to ensure a smooth development,
implementation, and certification of ISO 27001 in your organization. This service covers all stages of an ISO 27001 project starting from project
planning, ISMS scoping, risk assessment, policies & procedures development, control selection & implementation, pre-certification auditing until
successful accreditation.
ISO 20000 Certification Consultancy
ISO 20000 defines the requirements of an IT Service Management to enable the effective management and implementation of all IT services in any organization.
The internation standard also specifies specifies a number of closely related service management processes, namely service delivery, release, control, resolution, and relationship
processes, that can be implemented as part of the ITSMS. In the world of hyper competition, implementing and certifying a world-class ITSMS in the organization are definitively a competitive advantage.
Based on our previous successful cases, i-TotalSecurity provides the ISO 20000 Certification Consultancy service to ensure a smooth development,
implementation, and certification of ISO 20000 in your organization. This service covers all stages of an ISO 20000 project starting from project
planning, scoping and training, policies & procedures development, quality control implementation, continous monitoring, pre-certification auditing until
successful accreditation.
Penetration Testing
By using the latest tools and techniques available from the hacker community, i-TotalSecurity
simulates controlled physical or logical attacks and provides a snapshot of an organization's
security posture.
Through a 4-phase testing process: passive reconnaissance, active scanning, controlled penetration,
and controlled vulnerability exploitation, i-Total Security validates the effectiveness of
security safeguards and controls currently in place, demonstrates the existing risks to an
organization's wired & wireless networks, Windows, Linux & AIX systems, intranet and Web applications, and provides detailed remediation steps that can be
taken to prevent future exploitation.
IT Governance Audit
Ride on our vast experiences on IT auditing, i-TotalSecurity evaluates the controls of IT
functions at organizational, managerial, planning, and operational levels, benchmarks it
against the international IT governance standard COBIT (Control Objectives for Information
Related Technology from the IT Governance Institute), and recommends improvement initiatives,
so as to help ensure the efficiency and effectiveness IT functions.
Security Architecture Design & Implementation
Proper installation and implementation of your firewalls, intrusion detection / prevention
system, antivirus, antispams, and other security measures are the keys to protect your organization's assets from
security threats. While there are many products that can help, they can only be effective
when they are part of a carefully planned process.
Our Security Architecture Design &
Implementation Service offers you our experiences to assess your proposed wired and wireless network,
Internet and intranet architectures for potential security threats and vulnerabilities.
Security Policy Development & Deployment
Security policies not only demonstrate enterprise management's commitment toward information
security, but also lay down the framework for subsequent security enforcement. Our specialists
can analyze your security requirements, and establish effective policies, standards and
management architecture principles to guide your organizational security decisions.
Besides,
we help implement your policies and standards by defining formal security processes and
designing specific secure solutions / configurations on firewall, intrusion detection/
prevention system, operating system, and application system levels.
End-to-End Security Auditing
With ever-changing intrusion techniques and business & regulatory requirements, your systems
may be operating under a false sense of security if the security status is not evaluated
regularly.
i-TotalSecurity conducts effective security audits that examine all the critical
components that setting up the perimeter security, the internal network security, the operating
systems security, application security, and the operational controls. Above all, we also
review the overall security management policies and practices.
Security Incident Response & Forensic Investigations
In the event of suspected security incidents, having a competent and knowledgeable incident
handler and investigator enables timely and precise protection, gathering and analysis of
critical evidences, as well as determination of the who, what, where, when, why and how
surrounding the incidents. The specialists in i-TotalSecurity can provide the necessary support
to help your organization to survive the hard times and increase the chance to successfully
identifying and prosecuting the offender.
Security Awareness & Competency Training
People are the heart of effective security deployment and no enterprise can implement its
security processes and systems without training its people. i-Total Security offers both
personal tutorial for senior executives (i.e CEO, CFO, CIO, CISO, CAE, COO), onsite seminars and public
classes on the subject ranging from IT governance, information security governance, network security,
operating systems/application software security, to hands-on firewall, intrusion detection / prevention system,
ethical hacking and digital forensics training.
Enquiry
Call +852 2965.4445 or e-mail info@i-TotalSecurity.net
to discuss how we can help to improve your IT & infoSec governance.
|
 |
