infosecforce security services
TRANSCRIPT
Title:
INFOSECFORCE llc Cyber SECURITY SERVICES
804-855-4988
INFOSECFORCE
15 Sept 2008
“ Balancing security controls to business requirements “
Bill Ross and INFOSECFORCE llc Security Service Offering
Here is a list of security services that INFOSECFORCE llc can plan, build, implement and manage for any corporation or any organization no matter its size and business type.
Predict Prevent Detect Respond Research and white
papers Cyber Intelligence
design and implementation
Rebuilding security programs. For example, changing from a SOC based operation to a Cyber Intelligence Operations Center
Cyber Intelligence Framework development
Predictive Intelligence analyses patterns
Big Data security management program
Virtual and Cloud Security Programs
Cyber Security as a Service (CSaaS)
Security Policy Management design and implementation
Security Architecture baseline, design, and road maps
Secure Software Development
Corporate Security Management design and implementation
Personnel Security Management design and implementation
Information Access Management design and implementation
Cryptography Policy Management design and implementation Physical Security
Organizational Asset Management design and implementation
Management design and implementation Supplier Relationship
Management design and implementation
Security policy, process, procedures, and standards design and implementation
Design and engineering documentation design and implementation
Secure Development process and
Operational Security Management design and implementation
Network Security Management design and implementation
System Security Management design and implementation
Rigorous and exact Vulnerability testing
Rigorous and exact Pen testing
Rigorous and exact Software testing
Organizational Asset Management design and implementation
Security Continuous Management design and implementation
Security Compliance Management design and implementation
Patch management and security hardening engineering
Building vulnerability assessment programs
Information Assurance design and implementation Security daily newsletters and services with corporate branding logo
Security Incident Management design and implementation
Security program alignment with ITIL
All facets of security training
Logging architecture design
Cyber Incident Response
Cyber Incident Root Cause Analyses
Cyber Incident Forensics
Connectivity to government and industry Cyber Threat Warning advisories
procedures design and implementation
Security baselines design and implementation
PCI, NIST, SOX, FISM, ISO 27001, SANS TO 20 compliance baselines and plan, build, deploy and operate services
Risk Management Framework design and implementation
Cyber and physical access control
Comprehensive Control Framework (NIST, SANS, ISO 27001)
Information Risk Architecture Framework
System Security Planning
Information Assurance Program
MASTER SERVICE LIT
1. Cyber Intelligence Framework development2. Predictive Intelligence analyses patterns3. Big Data security management program4. Virtual and Cloud Security Programs5. Cyber Security as a Service (CSaaS) 6. Cyber Incident Response7. Cyber Incident Root Cause Analyses8. Cyber Incident Forensics9. Secure software development10. Rigorous and exact Vulnerability testing11. Rigorous and exact Pen testing12. Rigorous and exact Software testing13. Connectivity to government and industry Cyber Threat Warning advisories14. Cyber and physical access control15. System Security Plans16. Information Assurance Program17. Risk Management Framework18. Comprehensive Control Framework (NIST, SANS, ISO 27001)
19. Information Risk Architecture Framework20. ISMS 27001 plan, do, check and act cycle design and implementation21. Security Architecture baseline, design, and road maps22. Security Policy Management design and implementation 23. Corporate Security Management design and implementation 24. Personnel Security Management design and implementation 25. Organizational Asset Management design and implementation 26. Information Access Management design and implementation 27. Cryptography Policy Management design and implementation 28. Physical Security Management design and implementation 29. Operational Security Management design and implementation 30. Network Security Management design and implementation 31. System Security Management design and implementation 32. Supplier Relationship Management design and implementation 33. Security Incident Management design and implementation 34. Security Continuity Management design and implementation 35. Security Compliance Management design and implementation 36. Security policy, process, procedures, and standards design and implementation37. Security program alignment with ITIL 38. Design and engineering documentation design and implementation 39. Secure Development process and procedures design and implementation 40. Security baselines design and implementation 41. PCI, NIST, SOX, FISM, ISO 27001, SANS TO 20 compliance baselines and plan, build,
deploy and operate services42. Risk Management Framework design and implementation 43. Information Assurance design and implementation44. Research and white papers45. Security daily newsletters and services with corporate branding logo46. Cyber Intelligence design and implementation 47. Rebuilding security programs. For example, changing from a SOC based operation to a
Cyber Intelligence Operations Center48. All facets of security training49. Logging architecture design50. Patch management and security hardening engineering51. Building vulnerability assessment programs52. ISMS 27001 plan, do, check and act cycle design and implementation
INFOSECFORCE basis its development and implementation work on the plan, do, check, act cycle.
The 2002 version of BS 7799-2 introduced the Plan-Do-Check-Act (PDCA) cycle (Deming cycle), aligning it with quality standards such as ISO 9000. 27001:2005 applies this to all the processes in ISMS.
Plan (establishing the ISMS)Establish the policy, the ISMS objectives, processes and procedures related to risk management and the improvement of information security to provide results in line with the global policies and objectives of the organization.
Do (implementing and workings of the ISMS)
Implement and exploit the ISMS policy, controls, processes and procedures.Check (monitoring and review of the ISMS)
Assess and, if applicable, measure the performances of the processes against the policy, objectives and practical experience and report results to management for review.
Act (update and improvement of the ISMS)Undertake corrective and preventive actions, on the basis of the results of the ISMS internal audit and management review, or other relevant information to continually improve the said system.