Services
Information Security Management
Under the IT management, your firm will need consultancy about ISO 27001, PCI DSS (Payment Card Industry Data Security Standards) and Security & Privacy Framework.
ISO27001 Compliance and Information Security Management Consultancy
ISO 27001 is a quality management system. It follows a common approach with other quality and management systems. This system is aiming to sustain information security risk management for the firm. In ımplementing ISO 27001 standards and certification process, the maturity of the firm about information security and awareness will increase among all the firm’s entities. In Turkey local regulations obligate ISO 27001 for customs transactions.
In this context, you can receive support in the following areas:
o ISO27001 Training
o Attacks and Pentests
o Social Engineering Tests
o Awareness Analysis
o Constituting Information Asset Inventory
o Risk Analysis
o Risk Remediation Plan and Implementation Roadmap Design
o Preparing Information Security Policies and Processes
o Internal Audit for ISO 27001
o Planning and Performing Corrective and Preventive Actions
PCI DSS Compliance and Information Security Management Consultancy
The PCI DSS is a set of comprehensive requirements for enhancing payment account data security. It was developed by the founding payment brands of the PCI Security Standards Council, including American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International, to help facilitate the broad adoption of consistent data security measures on a global basis. Any merchant, acquirer and issuer bank, and service provider that processes, stores or transmits credit or debit card data, and any connected party to them.
o Do you process credit card transactions?
o Do you store credit card information? (paper or electronically)
o Do you take online credit card payments?
o Do you handle credit card information on paper, online, over the phone or via mail?
If any of your answer is yes, you must comply with PCI DSS.
PCI DSS consulting services:
· Scope Identification
· Risk Analysis
· Gap Analysis on current controls
· Remediation Plans
· Designing PCI Controls
· Evaluation of designed controls and checking implementability
· Network Scanning
Constituting Security and Privacy Framework
We are providing a consultancy service about identifying and mitigating risks in building security and privacy framework.
Business Goal |
Security Implication |
Consumerisation |
De-perimeterisation and loss of control of data and devices |
Collaboration |
Cross-channel, cross-platform sharing of large volumes of sensitive data |
Technology innovation |
Lack of understanding of risks introduced by new tools and processes |
Commoditisation of IT (e.g. cloud computing) |
Business functions can procure IT services outside of internal controls |
Market trust |
Reputational damage of a cyber attack destroys trust which is very hard to recover |
Globalisation |
New threats arising from expansion into new markets and new ways of working |
Our methodology:
· Prepare:
o Anticipate, assess and plan (threat diagnostics’, simulations, security architecture, threat awareness)
· Aware :
o Interpret and monitor real-time, tailored cyber threat intelligence (vulnerability assessment, security operations, advanced threat management, Cyber Intelligence Centre)
· Respond:
o Prevent and limit damage (Crisis Management, Cyber Forensics, Business Continuity Management)
· Transform:
o Execute a step-change in the structure, governance and approach to security and privacy (assessment, business case, programme)
Infographics are listed below.