 |
Enterprises are inevitably increasing dependent on information and the related systems to
make quality decisions, and that an efficient and effective information infrastructure is
critical to business survival and success in the knowledge-based economy.
Nowadays, security and control risks are continually changing and can easily outpace the
learning curve of even the best CIO, CISO and CAE. Failures in information systems not
just adversely affect the reputation and existence of the business entity, the management
may also violate relevant regulatory requirements and even incur legal liabilities.
Capitalize on 50 years of aggregated security and IT auditing experiences in banking,
insurance, securities, government, and hi-tech manufacturing sectors,
A & S Consulting Ltd (ANSCL) offers
a full-spectrum consultancy services on the governance of IT and information security, so as
to help enterprises discharge their fiduciary, regulatory or even legal responsibilities on
IT control and security.
Our 360-degree IT and information security governance consultancy includes:
IT Governance Audit
Ride on our vast experiences on IT auditing,
ANSCL evaluates the controls of IT
functions at organizational, managerial, planning, and operational levels, benchmarks it
against the international IT governance standard COBIT (Control Objectives for Information
Related Technology from the IT Governance Institute), and recommends improvement initiatives,
so as to help ensure the efficiency and effectiveness IT functions.
BS7799 Gap Analysis and Certification Consultancy
BS 7799/ISO 17799 is the standard code of best practice upon the information security management.
ANSCL benchmarks the existing security practices against the 127 security controls
of BS7799 to identify the precise safeguards that are most appropriate to a particular
business or specific areas of responsibility, and identify improvement initiatives in
security management aspects.Security Architecture Design & Implementation
Proper installation and implementation of your firewalls, intrusion detection / prevention
system, antivirus, antispams, and other security measures are the keys to protect your organization's assets from
security threats. While there are many products that can help, they can only be effective
when they are part of a carefully planned process.
Our Security Architecture Design &
Implementation Service offers you our experiences to assess your proposed wired and wireless network,
Internet and intranet architectures for potential security threats and vulnerabilities.
Security Policy Development & Deployment
Security policies not only demonstrate enterprise management's commitment toward information
security, but also lay down the framework for subsequent security enforcement. Our specialists
can analyze your security requirements, and establish effective policies, standards and
management architecture principles to guide your organizational security decisions.
Besides,
we help implement your policies and standards by defining formal security processes and
designing specific secure solutions / configurations on firewall, intrusion detection/
prevention system, operating system, and application system levels.
End-to-End Security Auditing
With ever-changing intrusion techniques and business & regulatory requirements, your systems
may be operating under a false sense of security if the security status is not evaluated
regularly.
ANSCL conducts effective security audits that examine all the critical
components that setting up the perimeter security, the internal network security, the operating
systems security, application security, and the operational controls. Above all, we also
review the overall security management policies and practices.
Penetration Testing
By using the latest tools and techniques available from the hacker community,
ANSCL simulates controlled physical or logical attacks and provides a snapshot of an organization's
security posture.
Through a 4-phase testing process: passive reconnaissance, active scanning, controlled penetration,
and controlled vulnerability exploitation,
ANSCL validates the effectiveness of
security safeguards and controls currently in place, demonstrates the existing risks to an
organization's wired & wireless networks and systems, and provides detailed remediation steps that can be
taken to prevent future exploitation.
Security Incident Response & Forensic Investigations
In the event of suspected security incidents, having a competent and knowledgeable incident
handler and investigator enables timely and precise protection, gathering and analysis of
critical evidences, as well as determination of the who, what, where, when, why and how
surrounding the incidents. The specialists in
ANSCL can provide the necessary support
to help your organization to survive the hard times and increase the chance to successfully
identifying and prosecuting the offender.
Security Awareness & Competency Training
People are the heart of effective security deployment and no enterprise can implement its
security processes and systems without training its people.
ANSCL offers both
personal tutorial for senior executives (i.e CEO, CFO, CIO, CISO, CAE, COO), onsite seminars and public
classes on the subject ranging from IT governance, information security governance, network security,
operating systems/application software security, to hands-on firewall, intrusion detection / prevention system,
ethical hacking and digital forensics training.
Enquiry
Call +852 2965.4445 or e-mail
info@anscl.com
to discuss how we can help to improve your IT & infoSec governance.
|
 |