Cyber Security & IT Governance
The rapid pace of change in technology has provided huge opportunities for organizations to develop new models, services and products. But while the digital revolution has evolved the way we do business, it has also created a sophisticated and complex set of security issues. Assets that were once physically protected are accessible online; customer channels are vulnerable to disruption; criminals have new opportunities for theft and fraud.
Security & Privacy Services
Our Security and Privacy team is designed to provide practical support to our clients. Our professionals serve clients in all aspects of IT security.
We provide services in all aspects of information security and privacy to our clients to reveal how client data are protected, including:
- Penetration testing and Vulnerability assessment
- Security Risk Assessment
- Information security design
- Data Leakage/Loss Prevention (DLP)
Computer Forensic Services
- Incident response
- Computer forensics
- Fraud investigation
Should the evaluated systems be Internet facing or internal ones, web-based or client/server applications, run on mainframe or Intel-based system, our team is capable to provide the highest quality to check their real security controls.
IS & IT Governance
We provide services related to governance in the Information Security and IT areas by way of:
- Gap Analysis: gain an understanding over where the organization currently is in relation to the requirements regarding governance
- Action Plan and Implementation: develop the approach and execute the tasks to achieve compliance
- Quality Assurance: ensure that governance is achieved in the most efficient way.
Amongst other standards, the most important drivers in governance are:
- ISO27001 – Information Security Management Systems - formally specifies a management system that is intended to bring information security under explicit management control; being a formal specification means that it mandates specific requirements.
- COBIT - helps enterprises create optimal value from IT by maintaining a balance between realizing benefits and optimizing risk levels and resource use.
- ISO 22301 / BS 25999-2– Business Continuity Management - designed to protect business from potential disruption.
IT Service Management
ISO/IEC 20000:2005 is the first worldwide standard specifically aimed at IT service management. It describes an integrated set of management processes for the effective delivery of services to the business and its customers.
The ISO/IEC 20000 series draws a distinction between the best practices of processes, which are independent of organizational form or size and organizational names and structures. The ISO/IEC 20000 series applies to both large and small service providers, and the requirements for best practice service management processes do not change according to the organizational form that provides the management framework within which processes are followed.
The ISO/IEC 20000-1:2005 standard sets requirements for an IT Service Management system, including the expectation that the organization follows the necessary processes to deliver effective, consistent and high quality IT services. The focus on services, management systems and controls helps to ensure an integrated process approach to providing managed services. The standard is aligned with the IT Infrastructure Library (ITIL) framework, globally recognized as the set of best practices for IT Service Management. Certification under ISO/IEC 20000-1:2005 is the only objective way for an organization to demonstrate that its processes are compliant with ITIL.
IT Audit & Compliance
In the current climate of uncertainty, IT control is at the top of the executive agenda. Executives realize that just being compliant does not mean all your risks are well controlled. Stakeholders are increasingly focusing on the need for controls that drive and protect shareholder value, brand, margin, and critical assets.
When management knows they have the right controls, they act more confidently, they understand the impact of their actions, and they can rely on those controls to manage the risks that they take.
Without risk there is no reward, and the ability of an organization to control the risks it takes is critical to its continued success. The right controls do more than stop things going wrong, they help things go right.
Benefits of getting this right:
- Reduced surprises
- Better IT cost control
- Brand protection
- Regulatory compliance
- Stakeholder confidence
- Better quality and timely performance reporting
- Optimal resource allocation.
Third Party Compliance audits assess whether key third party risks are identified and efficiently addresses by the internal control infrastructure within the client’s extended enterprise. Specifically, we can assess sufficiency of our client’s design of controls and those of their business partners to mitigate key risks and support compliance with their contractual obligations.
MCSI Order 389/2007
FSI – Banking
CSA Order no. 18/2009
FSI – Insurance
FSI - Banking
CNVM Regulation no. 5 / 2010
CNVM Instruction no. 2 / 2011
CNVM - regulated entities