Information Security Management

Under the IT management, your firm will need consultancy about ISO 27001, PCI DSS (Payment Card Industry Data Security Standards) and Security & Privacy Framework.

ISO27001 Compliance and  Information Security Management Consultancy

ISO 27001 is a quality management system. It follows a common approach with other quality and management systems. This system is aiming to sustain information security risk management for the firm. In ımplementing ISO 27001 standards and certification process, the maturity of the firm about information security and awareness will increase among all the firm’s entities. In Turkey local regulations obligate ISO 27001 for customs transactions.

In this context, you can receive support in the following areas:

o    ISO27001 Training

o    Attacks and Pentests

o    Social Engineering Tests

o    Awareness Analysis

o    Constituting Information Asset Inventory

o    Risk Analysis

o    Risk Remediation Plan and Implementation Roadmap Design

o    Preparing Information Security Policies and Processes

o    Internal Audit for ISO 27001

o    Planning and Performing Corrective and Preventive Actions


PCI DSS Compliance and  Information Security Management Consultancy  

The PCI DSS is a set of comprehensive requirements for enhancing payment account data security. It was developed by the founding payment brands of the PCI Security Standards Council, including American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International, to help facilitate the broad adoption of consistent data security measures on a global basis. Any merchant, acquirer and issuer bank, and service provider that processes, stores or transmits credit or debit card data, and any connected party to them.

o    Do you process credit card transactions?

o    Do you store credit card information? (paper or electronically)

o    Do you take online credit card payments?

o    Do you handle credit card information on paper, online, over the phone or via mail?

If any of your answer is yes, you must comply with PCI DSS.

PCI DSS consulting services:

·         Scope Identification

·         Risk Analysis

·         Gap Analysis on current controls

·         Remediation Plans

·         Designing PCI Controls

·         Evaluation of designed controls and checking implementability

·         Network Scanning 

Constituting Security and Privacy Framework

We are providing a consultancy service about identifying and mitigating risks in building security and privacy framework.


Business Goal

Security Implication

(‘bring your own’)

De-perimeterisation and loss of control of data and devices


Cross-channel, cross-platform sharing of large volumes of sensitive data

Technology innovation

Lack of understanding of risks introduced by new tools and processes

Commoditisation of IT (e.g. cloud computing)

Business functions can procure IT services outside of internal controls

Market trust

Reputational damage of a cyber attack destroys trust which is very hard to recover


New threats arising from expansion into new markets and new ways of working


Our methodology:

·       Prepare:

o    Anticipate, assess and plan (threat diagnostics’, simulations, security architecture, threat awareness)

·       Aware :

o    Interpret and monitor real-time, tailored cyber threat intelligence (vulnerability assessment, security operations, advanced threat management, Cyber Intelligence Centre)

·       Respond:

o    Prevent and limit damage (Crisis Management, Cyber Forensics, Business Continuity Management)

·       Transform:

o    Execute a step-change in the structure, governance and approach to security and privacy (assessment, business case, programme)

Infographics are listed below.

Technology Threat Actors

Constituting Security and Privacy Framework