INFORMATION SECURITY GOVERNANCE, RISK & COMPLIANCE CLOUD CONSULTING SERVICES CIO & CISO SERVICES. forebrook

Transcription

1 INFORMATION SECURITY GOVERNANCE, RISK & COMPLIANCE CLOUD CONSULTING SERVICES CIO & CISO SERVICES forebrook

2 INFRASTRUCTURE ASSESSMENT SECURITY ASSESSMENT RISK ASSESSMENT VULNERABILITY ASSESSMENT PENETRATION TESTS DISASTER RECOVERY PLANNING SECURITY POLICY COBIT ISO 27001:2013 SERVICE MANAGEMENT ITIL SECURITY STRATEGY CLOUD SERVICES STRATEGY INFORMATION SECURITY MANAGEMENT SYSTEMS COMPLIANCE PCI DSS V3.1 INFRASTRUCTURE DOCUMENTATION IT GOVERNANCE ISO AWARENESS ASSET INVENTORY DIAGRAMS INFOGRAPHICS REMEDIATION ROADMAP ISA/IEC WIRELESS SECURITY VIRTUALISATION NETWORK SECURITY VIRTUALISATION OPTIMISATION DATACENTRE OPTIMISATION AMAZON/AZURE/GOOGLE CLOUD SERVICES CIO SERVICES CISO SERVICES GAP ANALYSIS OWASP DUBAI ISR AUDIT NESA ADNIC ISS2 AUDIT SECURITY GOVERNANCE SECURITY OPERATIONS CENTRE NETWORK OPERATIONS CENTRE SECURITY BASELINE SECURITY REVIEW RISK REGISTER RISK PRIORITISATION CLOUD SECURITY CYBER FORENSICS CLOUD ADVISORY SERVICES FEASIBILITY STUDIES BUSINESS IMPACT ANALYSIS BCP/DR STRATEGY MATURITY ASSESSMENT IMPLEMENTATION ADVICE NETWORK DESIGN & ARCHITECTURE SECURITY ARCHITECTURE SECURITY INCIDENT MANAGEMENT ITG FRAMEWORK INFRASTRUCTURE ASSESSMENT SECURITY ASSESSMENT RISK ASSESSMENT VULNERABILITY ASSESSMENT PENETRATION TESTS DISASTER RECOVERY PLANNING SECURITY POLICY COBIT ISO 27001:2013 SERVICE MANAGEMENT ITIL SECURITY STRATEGY CLOUD SERVICES STRATEGY INFORMATION SECURITY MANAGEMENT SYSTEMS COMPLIANCE PCI DSS V3.1 INFRASTRUCTURE DOCUMENTATION IT GOVERNANCE ISO AWARENESS ASSET INVENTORY DIAGRAMS INFOGRAPHICS REMEDIATION ROADMAP ISA/IEC WIRELESS SECURITY VIRTUALISATION NETWORK SECURITY VIRTUALISATION OPTIMISATION DATACENTRE OPTIMISATION AMAZON/AZURE/GOOGLE CLOUD SERVICES CIO SERVICES CISO SERVICES GAP ANALYSIS OWASP DUBAI ISR AUDIT NESA ADNIC ISS2 AUDIT SECURITY GOVERNANCE SECURITY OPERATIONS CENTRE NETWORK OPERATIONS CENTRE SECURITY BASELINE SECURITY REVIEW RISK REGISTER RISK PRIORITISATION CLOUD SECURITY CYBER FORENSICS CLOUD ADVISORY SERVICES FEASIBILITY STUDIES BUSINESS IMPACT ANALYSIS BCP/DR STRATEGY MATURITY ASSESSMENT IMPLEMENTATION ADVICE NETWORK DESIGN & ARCHITECTURE SECURITY ARCHITECTURE SECURITY INCIDENT MANAGEMENT ITG FRAMEWORK INFRASTRUCTURE ASSESSMENT SECURITY ASSESSMENT RISK ASSESSMENT VULNERABILITY ASSESSMENT PENETRATION TESTS DISASTER RECOVERY PLANNING SECURITY POLICY COBIT ISO 27001:2013 SERVICE MANAGEMENT ITIL SECURITY STRATEGY CLOUD SERVICES STRATEGY INFORMATION SECURITY MANAGEMENT SYSTEMS COMPLIANCE PCI DSS V3.1 INFRASTRUCTURE DOCUMENTATION IT GOVERNANCE ISO AWARENESS ASSET INVENTORY DIAGRAMS INFOGRAPHICS REMEDIATION ROADMAP ISA/IEC WIRELESS SECURITY VIRTUALISATION NETWORK SECURITY VIRTUALISATION OPTIMISATION DATACENTRE OPTIMISATION AMAZON/AZURE/GOOGLE CLOUD SERVICES CIO SERVICES CISO SERVICES GAP ANALYSIS OWASP DUBAI ISR AUDIT NESA ADNIC ISS2 AUDIT SECURITY GOVERNANCE SECURITY OPERATIONS CENTRE NETWORK OPERATIONS CENTRE SECURITY BASELINE SECURITY REVIEW RISK REGISTER RISK PRIORITISATION CLOUD SECURITY CYBER FORENSICS CLOUD ADVISORY SERVICES FEASIBILITY STUDIES BUSINESS IMPACT ANALYSIS BCP/DR STRATEGY MATURITY ASSESSMENT IMPLEMENTATION ADVICE NETWORK DESIGN & ARCHITECTURE SECURITY ARCHITECTURE SECURITY INCIDENT MANAGEMENT ITG FRAMEWORK INFRASTRUCTURE ASSESSMENT SECURITY ASSESSMENT RISK ASSESSMENT VULNERABILITY ASSESSMENT PENETRATION TESTS DISASTER RECOVERY PLANNING SECURITY POLICY COBIT ISO 27001:2013 SERVICE MANAGEMENT ITIL SECURITY STRATEGY CLOUD SERVICES STRATEGY INFORMATION SECURITY MANAGEMENT SYSTEMS COMPLIANCE PCI DSS V3.1 INFRASTRUCTURE DOCUMENTATION IT GOVERNANCE ISO AWARENESS ASSET INVENTORY DIAGRAMS INFOGRAPHICS REMEDIATION ROADMAP ISA/IEC WIRELESS SECURITY VIRTUALISATION NETWORK SECURITY VIRTUALISATION OPTIMISATION DATACENTRE OPTIMISATION AMAZON/AZURE/GOOGLE CLOUD SERVICES CIO SERVICES CISO SERVICES GAP ANALYSIS OWASP DUBAI ISR AUDIT NESA ADNIC ISS2 AUDIT SECURITY GOVERNANCE SECURITY OPERATIONS CENTRE NETWORK OPERATIONS CENTRE SECURITY BASELINE SECURITY REVIEW RISK REGISTER RISK PRIORITISATION CLOUD SECURITY CYBER FORENSICS CLOUD ADVISORY SERVICES FEASIBILITY STUDIES BUSINESS IMPACT ANALYSIS BCP/DR STRATEGY MATURITY ASSESSMENT IMPLEMENTATION ADVICE NETWORK DESIGN & ARCHITECTURE SECURITY ARCHITECTURE SECURITY INCIDENT MANAGEMENT ITG FRAMEWORK INFRASTRUCTURE ASSESSMENT SECURITY ASSESSMENT RISK ASSESSMENT VULNERABILITY ASSESSMENT IT GOVERNANCE PENETRATION TESTS DISASTER RECOVERY PLANNING SECURITY POLICY COBIT ISO 27001:2013 SERVICE MANAGEMENT ITIL SECURITY STRATEGY CLOUD SERVICES STRATEGY INFORMATION SECURITY MANAGEMENT SYSTEMS COMPLIANCE PCI DSS V3.1 INFRASTRUCTURE DOCUMENTATION IT GOVERNANCE ISO AWARENESS ASSET INVENTORY DIAGRAMS INFOGRAPHICS REMEDIATION ROADMAP ISA/IEC WIRELESS SECURITY VIRTUALISATION NETWORK SECURITY VIRTUALISATION OPTIMISATION DATACENTRE OPTIMISATION AMAZON/AZURE/GOOGLE CLOUD SERVICES CIO SERVICES CISO SERVICES GAP ANALYSIS OWASP DUBAI ISR AUDIT NESA ADNIC ISS2 AUDIT SECURITY GOVERNANCE SECURITY OPERATIONS CENTRE NETWORK OPERATIONS CENTRE SECURITY BASELINE SECURITY REVIEW RISK REGISTER RISK PRIORITISATION CLOUD SECURITY CYBER FORENSICS CLOUD ADVISORY SERVICES FEASIBILITY STUDIES BUSINESS IMPACT ANALYSIS BCP/DR STRATEGY MATURITY ASSESSMENT IMPLEMENTATION ADVICE NETWORK DESIGN & ARCHITECTURE SECURITY ARCHITECTURE SECURITY INCIDENT MANAGEMENT ITG FRAMEWORK INFRASTRUCTURE ASSESSMENT SECURITY ASSESSMENT RISK ASSESSMENT VULNERABILITY ASSESSMENT PENETRATION TESTS DISASTER RECOVERY PLANNING SECURITY POLICY COBIT ISO 27001:2013 SERVICE MANAGEMENT ITIL SECURITY STRATEGY CLOUD SERVICES STRATEGY INFORMATION SECURITY MANAGEMENT SYSTEMS COMPLIANCE PCI DSS V3.1 INFRASTRUCTURE DOCUMENTATION IT GOVERNANCE ISO AWARENESS ASSET INVENTORY DIAGRAMS INFOGRAPHICS REMEDIATION ROADMAP ISA/IEC WIRELESS SECURITY VIRTUALISATION NETWORK SECURITY VIRTUALISATION OPTIMISATION DATACENTRE OPTIMISATION AMAZON/AZURE/GOOGLE CLOUD SERVICES CIO SERVICES CISO SERVICES GAP ANALYSIS OWASP DUBAI ISR AUDIT NESA ADNIC ISS2 AUDIT SECURITY GOVERNANCE SECURITY OPERATIONS CENTRE NETWORK OPERATIONS CENTRE SECURITY BASELINE SECURITY REVIEW RISK REGISTER RISK PRIORITISATION CLOUD SECURITY CYBER FORENSICS CLOUD ADVISORY SERVICES FEASIBILITY STUDIES BUSINESS IMPACT ANALYSIS BCP/DR STRATEGY MATURITY ASSESSMENT IMPLEMENTATION ADVICE NETWORK DESIGN & ARCHITECTURE SECURITY ARCHITECTURE SECURITY INCIDENT MANAGEMENT ITG FRAMEWORK INFRASTRUCTURE ASSESSMENT SECURITY ASSESSMENT RISK ASSESSMENT VULNERABILITY ASSESSMENT PENETRATION TESTS DISASTER RECOVERY PLANNING SECURITY POLICY COBIT ISO 27001:2013 SERVICE MANAGEMENT ITIL SECURITY STRATEGY CLOUD SERVICES STRATEGY INFORMATION SECURITY MANAGEMENT SYSTEMS COMPLIANCE PCI DSS V3.1 INFRASTRUCTURE DOCUMENTATION IT GOVERNANCE ISO AWARENESS ASSET INVENTORY DIAGRAMS INFOGRAPHICS REMEDIATION ROADMAP ISA/IEC WIRELESS SECURITY VIRTUALISATION NETWORK SECURITY VIRTUALISATION OPTIMISATION DATACENTRE OPTIMISATION AMAZON/AZURE/GOOGLE CLOUD SERVICES CIO SERVICES CISO SERVICES GAP ANALYSIS OWASP DUBAI ISR AUDIT NESA ADNIC ISS2 AUDIT SECURITY GOVERNANCE SECURITY OPERATIONS CENTRE NETWORK OPERATIONS CENTRE SECURITY BASELINE SECURITY REVIEW RISK REGISTER RISK PRIORITISATION CLOUD SECURITY CYBER FORENSICS CLOUD ADVISORY SERVICES FEASIBILITY STUDIES BUSINESS IMPACT ANALYSIS BCP/DR STRATEGY MATURITY ASSESSMENT IMPLEMENTATION ADVICE NETWORK DESIGN & ARCHITECTURE SECURITY ARCHITECTURE SECURITY INCIDENT MANAGEMENT ITG FRAMEWORK INFRASTRUCTURE ASSESSMENT SECURITY ASSESSMENT RISK ASSESSMENT VULNERABILITY ASSESSMENT PENETRATION TESTS DISASTER RECOVERY PLANNING SECURITY POLICY COBIT ISO 27001:2013 SERVICE MANAGEMENT ITIL SECURITY STRATEGY CLOUD SERVICES STRATEGY INFORMATION SECURITY MANAGEMENT SYSTEMS COMPLIANCE PCI DSS V3.1 INFRASTRUCTURE DOCUMENTATION IT GOVERNANCE ISO AWARENESS ASSET INVENTORY DIAGRAMS INFOGRAPHICS REMEDIATION ROADMAP ISA/IEC WIRELESS SECURITY VIRTUALISATION NETWORK SECURITY VIRTUALISATION OPTIMISATION DATACENTRE OPTIMISATION AMAZON/AZURE/GOOGLE CLOUD SERVICES CIO SERVICES CISO SERVICES GAP ANALYSIS OWASP DUBAI ISR AUDIT NESA ADNIC ISS2 AUDIT SECURITY GOVERNANCE SECURITY OPERATIONS CENTRE NETWORK OPERATIONS CENTRE SECURITY BASELINE SECURITY REVIEW RISK REGISTER RISK PRIORITISATION CLOUD SECURITY CYBER FORENSICS CLOUD ADVISORY SERVICES FEASIBILITY STUDIES BUSINESS IMPACT ANALYSIS BCP/DR STRATEGY MATURITY ASSESSMENT IMPLEMENTATION ADVICE NETWORK DESIGN & ARCHITECTURE SECURITY ARCHITECTURE SECURITY INCIDENT MANAGEMENT ITG FRAMEWORK INFRASTRUCTURE ASSESSMENT SECURITY ASSESSMENT RISK ASSESSMENT VULNERABILITY ASSESSMENT PENETRATION TESTS DISASTER RECOVERY PLANNING SECURITY POLICY COBIT ISO 27001:2013 SERVICE MANAGEMENT ITIL SECURITY STRATEGY CLOUD SERVICES STRATEGY INFORMATION SECURITY MANAGEMENT SYSTEMS COMPLIANCE PCI DSS V3.1 INFRASTRUCTURE DOCUMENTATION IT GOVERNANCE ISO AWARENESS ASSET INVENTORY DIAGRAMS INFOGRAPHICS REMEDIATION ROADMAP ISA/IEC WIRELESS SECURITY VIRTUALISATION NETWORK SECURITY VIRTUALISATION OPTIMISATION DATACENTRE OPTIMISATION AMAZON/AZURE/GOOGLE CLOUD SERVICES CIO SERVICES CISO SERVICES GAP ANALYSIS OWASP DUBAI ISR AUDIT NESA ADNIC ISS2 AUDIT SECURITY GOVERNANCE SECURITY OPERATIONS CENTRE NETWORK OPERATIONS CENTRE SECURITY BASELINE SECURITY REVIEW RISK REGISTER RISK PRIORITISATION CLOUD SECURITY CYBER FORENSICS CLOUD ADVISORY SERVICES FEASIBILITY STUDIES BUSINESS IMPACT ANALYSIS BCP/DR STRATEGY MATURITY ASSESSMENT IMPLEMENTATION ADVICE NETWORK DESIGN & ARCHITECTURE SECURITY ARCHITECTURE SECURITY INCIDENT MANAGEMENT ITG FRAMEWORK INFRASTRUCTURE ASSESSMENT SECURITY ASSESSMENT RISK ASSESSMENT VULNERABILITY ASSESSMENT PENETRATION TESTS DISASTER RECOVERY PLANNING SECURITY POLICY COBIT ISO 27001:2013 SERVICE MANAGEMENT ITIL SECURITY STRATEGY CLOUD SERVICES STRATEGY INFORMATION SECURITY MANAGEMENT SYSTEMS COMPLIANCE PCI DSS V3.1 INFRASTRUCTURE DOCUMENTATION IT GOVERNANCE ISO AWARENESS ASSET INVENTORY DIAGRAMS INFOGRAPHICS REMEDIATION ROADMAP ISA/IEC WIRELESS SECURITY VIRTUALISATION NETWORK SECURITY VIRTUALISATION OPTIMISATION DATACENTRE OPTIMISATION AMAZON/AZURE/GOOGLE CLOUD SERVICES CIO SERVICES CISO SERVICES GAP ANALYSIS OWASP DUBAI ISR AUDIT NESA ADNIC ISS2 AUDIT SECURITY GOVERNANCE SECURITY OPERATIONS CENTRE NETWORK OPERATIONS CENTRE SECURITY BASELINE SECURITY REVIEW RISK INFORMATION SECURITY CLOUD CONSULTING RISK COMPLIANCE CIO / CISO SERVICES REGISTER RISK PRIORITISATION CLOUD SECURITY CYBER FORENSICS CLOUD ADVISORY SERVICES FEASIBILITY STUDIES BUSINESS IMPACT ANALYSIS BCP/DR STRATEGY MATURITY ASSESSMENT IMPLEMENTATION ADVICE NETWORK DESIGN & ARCHITECTURE SECURITY ARCHITECTURE SECURITY INCIDENT MANAGEMENT ITG FRAMEWORK INFRASTRUCTURE ASSESSMENT SECURITY ASSESSMENT RISK ASSESSMENT VULNERABILITY ASSESSMENT PENETRATION TESTS DISASTER RECOVERY PLANNING SECURITY POLICY COBIT ISO 27001:2013 SERVICE MANAGEMENT ITIL SECURITY STRATEGY CLOUD SERVICES STRATEGY INFORMATION SECURITY MANAGEMENT SYSTEMS COMPLIANCE PCI DSS V3.1 INFRASTRUCTURE DOCUMENTATION IT GOVERNANCE ISO AWARENESS ASSET INVENTORY DIAGRAMS INFOGRAPHICS REMEDIATION ROADMAP ISA/IEC WIRELESS SECURITY VIRTUALISATION NETWORK SECURITY VIRTUALISATION OPTIMISATION DATACENTRE OPTIMISATION AMAZON/AZURE/GOOGLE CLOUD SERVICES CIO SERVICES CISO SERVICES GAP ANALYSIS OWASP DUBAI ISR AUDIT NESA ADNIC ISS2 AUDIT SECURITY GOVERNANCE SECURITY OPERATIONS CENTRE NETWORK OPERATIONS CENTRE SECURITY BASELINE SECURITY REVIEW RISK REGISTER RISK PRIORITISATION CLOUD SECURITY CYBER FORENSICS CLOUD ADVISORY SERVICES FEASIBILITY STUDIES BUSINESS IMPACT ANALYSIS BCP/DR STRATEGY MATURITY ASSESSMENT IMPLEMENTATION ADVICE NETWORK DESIGN & ARCHITECTURE SECURITY ARCHITECTURE SECURITY INCIDENT MANAGEMENT ITG FRAMEWORK INFRASTRUCTURE ASSESSMENT SECURITY ASSESSMENT RISK ASSESSMENT VULNERABILITY ASSESSMENT PENETRATION TESTS DISASTER RECOVERY PLANNING SECURITY POLICY COBIT ISO 27001:2013 SERVICE MANAGEMENT ITIL SECURITY STRATEGY CLOUD SERVICES STRATEGY INFORMATION SECURITY MANAGEMENT SYSTEMS COMPLIANCE PCI DSS V3.1 INFRASTRUCTURE DOCUMENTATION IT GOVERNANCE ISO AWARENESS ASSET INVENTORY DIAGRAMS INFOGRAPHICS REMEDIATION ROADMAP ISA/IEC WIRELESS SECURITY VIRTUALISATION NETWORK SECURITY VIRTUALISATION OPTIMISATION DATACENTRE OPTIMISATION AMAZON/AZURE/GOOGLE CLOUD SERVICES CIO SERVICES CISO SERVICES GAP ANALYSIS OWASP DUBAI ISR AUDIT NESA ADNIC ISS2 AUDIT SECURITY GOVERNANCE SECURITY OPERATIONS CENTRE NETWORK OPERATIONS CENTRE SECURITY BASELINE SECURITY REVIEW RISK REGISTER RISK PRIORITISATION CLOUD SECURITY CYBER FORENSICS CLOUD ADVISORY SERVICES FEASIBILITY STUDIES BUSINESS IMPACT ANALYSIS BCP/DR STRATEGY MATURITY ASSESSMENT IMPLEMENTATION ADVICE NETWORK DESIGN & ARCHITECTURE SECURITY ARCHITECTURE SECURITY INCIDENT MANAGEMENT ITG FRAMEWORK INFRASTRUCTURE ASSESSMENT SECURITY ASSESSMENT RISK ASSESSMENT VULNERABILITY ASSESSMENT PENETRATION TESTS DISASTER RECOVERY PLANNING SECURITY POLICY COBIT ISO 27001:2013 SERVICE MANAGEMENT ITIL SECURITY STRATEGY CLOUD SERVICES STRATEGY INFORMATION SECURITY MANAGEMENT SYSTEMS COMPLIANCE PCI DSS V3.1 INFRASTRUCTURE DOCUMENTATION IT GOVERNANCE ISO AWARENESS ASSET INVENTORY DIAGRAMS INFOGRAPHICS REMEDIATION ROADMAP ISA/IEC WIRELESS SECURITY VIRTUALISATION NETWORK SECURITY VIRTUALISATION OPTIMISATION DATACENTRE OPTIMISATION AMAZON/AZURE/GOOGLE CLOUD SERVICES CIO SERVICES CISO SERVICES GAP ANALYSIS OWASP DUBAI ISR AUDIT NESA ADNIC ISS2 AUDIT SECURITY GOVERNANCE SECURITY OPERATIONS CENTRE NETWORK OPERATIONS CENTRE SECURITY BASELINE SECURITY REVIEW RISK REGISTER RISK PRIORITISATION CLOUD SECURITY CYBER FORENSICS CLOUD ADVISORY SERVICES FEASIBILITY STUDIES BUSINESS IMPACT ANALYSIS BCP/DR STRATEGY MATURITY ASSESSMENT IMPLEMENTATION ADVICE NETWORK DESIGN & ARCHITECTURE SECURITY ARCHITECTURE SECURITY INCIDENT MANAGEMENT ITG FRAMEWORK INFRASTRUCTURE ASSESSMENT SECURITY ASSESSMENT RISK ASSESSMENT VULNERABILITY ASSESSMENT PENETRATION TESTS DISASTER RECOVERY PLANNING SECURITY POLICY COBIT ISO 27001:2013 SERVICE MANAGEMENT ITIL SECURITY STRATEGY CLOUD SERVICES STRATEGY INFORMATION SECURITY MANAGEMENT SYSTEMS COMPLIANCE PCI DSS V3.1 INFRASTRUCTURE DOCUMENTATION IT GOVERNANCE ISO AWARENESS ASSET INVENTORY DIAGRAMS INFOGRAPHICS REMEDIATION ROADMAP ISA/IEC WIRELESS SECURITY VIRTUALISATION NETWORK SECURITY VIRTUALISATION OPTIMISATION DATACENTRE forebrook OPTIMISATION AMAZON/AZURE/GOOGLE CLOUD SERVICES CIO SERVICES CISO SERVICES GAP ANALYSIS OWASP DUBAI ISR AUDIT NESA ADNIC ISS2 AUDIT SECURITY GOVERNANCE SECURITY OPERATIONS CENTRE NETWORK OPERATIONS CENTRE SECURITY BASELINE SECURITY REVIEW RISK REGISTER RISK PRIORITISATION CLOUD SECURITY CYBER FORENSICS CLOUD ADVISORY SERVICES FEASIBILITY STUDIES BUSINESS IMPACT ANALYSIS BCP/DR STRATEGY MATURITY ASSESSMENT IMPLEMENTATION ADVICE NETWORK DESIGN & ARCHITECTURE SECURITY ARCHITECTURE SECURITY INCIDENT MANAGEMENT ITG FRAMEWORK INFRASTRUCTURE ASSESSMENT SECURITY ASSESSMENT RISK ASSESSMENT VULNERABILITY ASSESSMENT PENETRATION TESTS DISASTER RECOVERY PLANNING SECURITY POLICY COBIT ISO 27001:2013 SERVICE MANAGEMENT ITIL SECURITY STRATEGY CLOUD SERVICES STRATEGY INFORMATION SECURITY MANAGEMENT SYSTEMS COMPLIANCE PCI DSS V3.1 INFRASTRUCTURE DOCUMENTATION IT GOVERNANCE ISO AWARENESS ASSET INVENTORY DIAGRAMS INFOGRAPHICS REMEDIATION ROADMAP ISA/IEC WIRELESS SECURITY VIRTUALISATION NETWORK SECURITY VIRTUALISATION OPTIMISATION DATACENTRE OPTIMISATION AMAZON/AZURE/GOOGLE CLOUD SERVICES CIO SERVICES CISO SERVICES GAP ANALYSIS OWASP DUBAI ISR AUDIT NESA ADNIC ISS2 AUDIT SECURITY GOVERNANCE SECURITY OPERATIONS CENTRE NETWORK OPERATIONS CENTRE SECURITY BASELINE SECURITY REVIEW RISK REGISTER RISK PRIORITISATION CLOUD SECURITY CYBER FORENSICS CLOUD ADVISORY SERVICES FEASIBILITY STUDIES BUSINESS IMPACT ANALYSIS BCP/DR STRATEGY MATURITY ASSESSMENT IMPLEMENTATION ADVICE NETWORK DESIGN & ARCHITECTURE SECURITY ARCHITECTURE SECURITY INCIDENT MANAGEMENT ITG FRAMEWORK INFRASTRUCTURE ASSESSMENT SECURITY ASSESSMENT RISK ASSESSMENT VULNERABILITY ASSESSMENT PENETRATION TESTS DISASTER RECOVERY PLANNING SECURITY POLICY COBIT ISO 27001:2013 AWARENESS

3 Forebrook offers a range of information security, governance, IT systems and infrastructure related services. We conduct IT infrastructure assessments, security and risk assessments, vulnerability assessments and penetration tests. We design and implement information security programmes, review and develop information security architectures, security policies, business continuity strategies and disaster recovery plans. We assist organisations in preparing for certification audits such as ISO27001:2013, PCI-DSS, ISO 20000; we conduct compliance reviews for international and regional standards including ADSIC ISS 2.0 and Dubai Information Security Regulation (ISR) or the latest NESA standard. Forebrook is a vendor-independent firm based in Dubai specialising in Information Security and IT-Governance consulting. Our biggest strength is our team of experienced consultants, who have worked in large enterprises, banks and government organisations. Our senior consultants have years experience in information technology and hold multiple industry certifications such as CISSP, CISA, CISM, CRISC, CGEIT, COBIT, ITIL, ISO27001, ISO20000, TOGAF9, PMP, MCSE, MCITP, MCT. Security Assessments Security assessments should be conducted on a regular basis, and should be included in the strategy. Major international standards include third-party assessments as an important requirement. The goal of assessments is to ensure that necessary and adequate security controls are implemented to protect information assets from unauthorised access, use, disclosure, disruption, modification, recording or destruction. We, at Forebrook, conduct comprehensive assessments based on best-practices and international standards. In addition to using latest tools for vulnerability assessments, we also check, inspect, observe and analyse information systems in a holistic manner covering technology, people, policies, processes, procedures. As an integral part of assessments, we conduct interviews with individuals and groups in the organisation to understand the infrastructure, security objectives and strategies, and assess security controls for effectiveness and adequacy. Additionally, penetration tests will be conducted for public-facing IPs. Our Security/Risk Assessments culminate in extensive reports and recommendations for remediation along with roadmaps to implement controls. Security Policies Data Classification Risk Management Topology, Data Flow Access Control VPN/Remote Access Network Access Control Application Configuration Database Configuration Change Control Patching & Anti-Virus Logging / SIEM Intrusion Detection Physical Security BCP/DR Vulnerability Assessment & PT VA/PT is a requirement for compliance with standards such as PCI-DSS, or as a part of risk assessment for ISO 27001; regardless, conducting regular VA/PT is deemed a good practice and is usually included in well-designed security programmes. VAPT is included in our security assessments, but we also offer a separate service for specific objectives such as reports for compliance audits. We use VA scanning tools according to the need of the organisation and analyse reports to extract actionable intelligence. In addition to the summary report, we submit recommendations for remediation and a prioritised list of remediation activities.

4 Compliance We assist organisations in implementing ISMS based on good practices and international standards. Organisations are required to obtain independent certification of their information security management systems against the ISO standard. The ISO27000 suite of standards specifies requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System (ISMS), using a continual improvement approach. We help organisations prepare for certification by doing risk assessment, gap-analysis and design an integrated ISMS covering all the domains described in the standard: Information Security Policies Organisation of Information Security Human Resources Security Asset Management Access Control Cryptography Physical and Environmental Security Operations Security Communications Security Systems Acquisition, Development, Maintenance Supplier Relationships Security Incident Management Business Continuity Compliance ISO 27001:2013 ISO PCI-DSS 3.1/3.2 COBIT 5 Review and Implementation Dubai-ISR Applicability Review ADSIC ISS 2.0 Review NESA Assessment ISA/IEC Infrastructure Assessments IT infrastructure assessment is required from time to time as an input to decision making - for strategic investments in technologies or for process improvement and optimisation. Organisations engage external parties to do health-checks and assessments for an independent opinion. Typical assessments are generally conducted in the following major phases: 1. Survey and Data Gathering 2. Documentation and Assessment of the Infrastructure 3. Gap Analysis vis-à-vis good practices 4. Recommendations for improvement, configuration changes etc. 5. Presentation of findings, reports; and workshops. Based on the maturity level, and business requirements (gathered during interviews), we make recommendations or highlight areas which require attention whether configuration changes, upgrades or a complete overhaul of the systems in question. These recommendations will be guided by good practices, taking into consideration latest technologies and security enhancements, for the overall improvement of IT services. Services and Applications Data Centres / Locations System Infrastructure Network and Wireless Infrastructure Virtualisation Infrastructure Storage and Backup Infrastructure Printers and Peripherals Communication Lines Access Control and CCTV Audio/Video Infrastructure Security Infrastructure Recommendations will be made in alignment with enterprise architecture, if a formal definition exists in the organisation; if not, these recommendations will be conducive for such a design in the future. In addition to various documents, we also produce engaging infographics as a part of deliverables.

5 Governance of Enterprise IT Whether you are planning to build an ITG framework or seek to revise an existing governance model, we can help you review, revise and update ITG processes, policies and procedures. We prepare documentation in accordance with standards and prepare your organisation for audits by performing health-checks and gap analysis against frameworks such as COBIT 5. Source: COBIT 5, figure ISACA All rights reserved. Source: COBIT 5, figure ISACA All rights reserved. Maturity Assessment COBIT Health-Check Build/Review ITG Framework Document ITG Processes IT Architecture Review Business-IT Alignment Review Resource Review Benefits Realisation Gap Analysis Disaster Recovery All organisations are vulnerable to disruptions of many kinds: from human error to utilities failure to natural disasters to terrorist attacks. Even though it is impossible to eliminate risks completely, they can be minimized to a level acceptable to the organisation. One of the strategies of managing such risks is to have a contingency plan, in case of a disruption. It is essential for organisations to have a comprehensive contingency plan, which can be invoked during such a disruptive event. Such a contingency plan should be updated regularly and tested frequently for readiness and efficacy. Disaster recovery planning is composed of the processes, policies and procedures related to preparing for recovery or continuation of technology infrastructure critical to an organisation after a natural or human-induced disaster. We conduct reviews to examine the capability and accuracy of DR plans and recovery strategies. If you are in the process of building one, we can help you draft a sound strategy and compile comprehensive plans that cover infrastructure, applications, data, people, processes, procedures and policies. We conduct tests to validate plans and prepare the staff to efficiently respond in case of a disaster. Virtualisation technologies have simplified the technology aspect of disaster recovery and also drastically reduced the costs for robust DR implementations. We explore and recommend latest technologies for cost-efficient and agile disaster recovery strategies. Business Impact Analysis Drafting a DR/BCP Strategy Draft Disaster Recovery Plan Review / Update DR Plans DR Training and Workshops Failover and Fail-back Testing Implement DR Technology Health-check of DRP/BCP

6 IT Optimisation Virtualisation and cloud computing have revolutionised IT; yet, many organisations are not ready to take the big leap. Sprawling and outdated infrastructures without updated or accurate documentation contribute greatly to the fear of the unknown. CIOs, CTOs and IT planners understand that virtualisation is not only about optimisation of hardware but also about the agility of the organisation in provisioning of services and better Feasibility Studies IT Optimisation Assessment security. We help organisations to examine, explore, review Virtualisation Implementations and upgrade their infrastructures and conduct feasibility Virtualisation Design and Architecture studies to move towards fully virtualised infrastructures. Documentation We believe that we are among the very few, if not the only service provider in the region offering documentation as a Systems Documentation separate service. The importance of documentation and the Network Documentation associated risk in absence of documentation for critical systems is well-known and commonly acknowledged. IT documentation is incomplete or outdated for a variety of Process Documentation Procedures / SOPs reasons. We can assist your in documentation of applications, Systems/Process Diagrams infrastructures, Manuals / User-Guides processes and procedures. We manuals, detailed diagrams, user-guides and SOPs. prepare

7 Cloud Consulting Services Cloud computing is revolutionising enterprise IT. Deployment of cutting-edge technologies has become faster and easier than traditional on-premise systems - at a fraction of the cost. Whether you plan to deploy production systems, or just offload test and development systems to the cloud, you need to analyse your requirements and plan accordingly. A sound cloud strategy is not just numbers that show savings; rather, it should be modelled on business objectives and consideration of overall risk. Business benefits are many: operational optimisations and ease of provisioning increases agility and cost efficiencies. Forebrook will assist you in your cloud computing strategy, by doing assessments, identifying areas which can leverage cloud platforms, identifying potential risks, undertaking feasibility studies and computing total costs including hidden costs - providing intelligence to decide on private, public or hybrid clouds. Whether you wish to use SaaS solutions or PaaS/IaaS for optimising datacentres, our comprehensive assessments and studies can help you make an informed choice. If you wish, we can also help you deploy and maintain your public cloud infrastructure or train your staff to manage those resources. Feasibility Studies Cloud Strategy Cloud Design and Architecture Deployment & Management of SaaS Deployment & Management of PaaS/IaaS Cloud Solutions in a DR Strategy Cloud Computing for Testing & Development Cloud Security Feature/Capability Comparison CIO / CISO Services Many organisations may not require a full-time CIO/CISO - and even those organisations with CIO/CISO may need to offload certain tasks from time to time. Forebrook can assist your organisation by performing some or all CIO/CISO tasks by drawing from a pool of experienced professionals. Apart from hiring the right resource, retaining highly-competent and experienced professionals is a major challenge. With Forebrook, you can avail the services of senior consultants for a fraction of the cost of hiring such resources. Define systems architecture to support strategy. Define security architecture. Produce blueprints network and security infrastructure. Align business goals and IT infrastructure. Align technology objectives to business goals. Ensure quality and security through the System Life Cycle. Document reference architectures, patterns, roadmaps related to IT. Communicate architecture to stakeholders. Advocate and justify investment to support infrastructure. Perform requirement analysis and planning. Subject Matter Expertise on all IT related matters. Work with senior management to propose improvements to the business infrastructure and report progress on various projects. Conduct research on emerging technologies, and recommend technologies that will provide right-sized security posture, operational efficiency, infrastructure flexibility and operational stability. IT Strategy & Roadmap IT Portfolio Review Due Diligence Feasibility Analysis IT Project Management Change Management Office Automation Optimising IT / Cost Optimisation IT Infrastructure Optimisation IT Financial Management / Budgeting Procurement / Vendor Management IT Policies and Procedures Recruitment, Interviews Performance Management Managing IT Outsourcing Cloud Technologies/Services Business IT Alignment Enterprise Architecture IT Governance & Compliance IT Risk Management Information Security Review Business Continuity / Disaster Recovery

8 forebrook FOREBROOK CONSULTING Office M-02, Mezzanine Floor, Sunshine Building, Garhoud, Dubai, United Arab Emirates Tel: Fax: PO Box forebrook.com