si infosecmiddleeastlr0516
TRANSCRIPT
![Page 1: Si InfoSecMiddleEastLR0516](https://reader031.vdocuments.pub/reader031/viewer/2022020301/588174921a28abf7478b693f/html5/thumbnails/1.jpg)
Security | Engineering | Technology
INFORMATION SECURITY MANAGED SECURITY SERVICES
PROFESSIONAL SECURITY SERVICESCOMPLIANCE CONSULTING
![Page 2: Si InfoSecMiddleEastLR0516](https://reader031.vdocuments.pub/reader031/viewer/2022020301/588174921a28abf7478b693f/html5/thumbnails/2.jpg)
CONTENTS
Solutions & Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Managed Security Services . . . . . . . . . . . . . . . . . . . . . . . . . 2
Managed Firewall & Managed SIEM . . . . . . . . . . . . . . . . . 4
SOC-in-a-Box . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Assisted SOC Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Customer dashboards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
White Labeled Managed Services . . . . . . . . . . . . . . . . . .12
Advanced Threat Protection and Malware Detection . .14
Managed Honeypot Active Defense . . . . . . . . . . . . . . . .16
Managed SCADA Security . . . . . . . . . . . . . . . . . . . . . . . . .17
Continuous Threat Defense Service
Machine Learnt Behavioural Anomalytics . . . . . . . . . . . .18
Benefits of Engaging an MSS Provider . . . . . . . . . . . . . .20
Si CSIRT Teams . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22
Professional Security Services . . . . . . . . . . . . . . . . . . . . . .24
Vulnerability Assessments . . . . . . . . . . . . . . . . . . . . . . . . .26
Penetration Testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27
Web Application Security Testing . . . . . . . . . . . . . . . . . . .28
Network Risk Assessments . . . . . . . . . . . . . . . . . . . . . . . . .29
Firewall Migration Services . . . . . . . . . . . . . . . . . . . . . . . .30
Network Architecture Review . . . . . . . . . . . . . . . . . . . . . . 31
BYOD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .32
Compliance Consulting . . . . . . . . . . . . . . . . . . . . . . . . . . .34
ISMS - ISO 27001 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .36
BCP & Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .37
PCI Compliance & PCIS . . . . . . . . . . . . . . . . . . . . . . . . . . . .38
Compliance & Security Skills Training . . . . . . . . . . . . . . .39
Contact Us . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .40
OBJECTIVE
Born out of a common vision... “we deliver to our clients the very best security services by using innovation, professionalism and our depth of expertise.“
We deliver on our promise to enhance our clients’ information security posture, lower their total cost of ownership and
demonstrate compliance through our managed security and professional services, day in, day out 24 x 7.
Managed Services• Managed IDS & IPS
• Firewall management
• Managed application firewall
• Log monitoring
• Log retention
• SIEM as a service
• CSIRT (Computer Security Incident Response)
Professional Services• Vulnerability management & testing
• Penetration testing
• Web application security
• Network risk assessment
• Device configuration & mitigation reviews
• Cyber forensics
• BYOD
Compliance• PCI consulting
• PCI scanning
• ISO 27001
• Polices & procedures
• ITIL readiness & training
• Business continuity planning
ABOuT uS
Si is driven by a desire to offer our clients the highest degree of protection against todays cyber threats . We do this by delivering
the most customizable approach to security managed services available and by providing a highly tailored and responsive
approach for each client . We protect all IT assets including virtual assets, cloud and traditional infrastructure using our team of
over 150 dedicated security experts from our Security Operations Centres in London, New York, Dubai and Mumbai .
Established in 2003 with over a decade in Security and Cyber Security consulting and management services, our objective is
to place the power of our SOC team into our clients’ hands to provide complete visibility of security events and threats within
their environments . Our aim is to become an extension of our clients’ internal teams as a trusted partner .
Why us?• Dedicated security specialist
• Global SOC’s across 4 continents
• Powered by industry best technology
• Powered by industry experts and analysts
Solutions & Services
Si provides Managed Security and Professional Security Consulting services to thousands of end customers . Our delivery
model utilizes a cloud based information security and compliance solution, which requires no capital expenditure from our
clients and is accessible via a secure and innovative customer platform .
![Page 3: Si InfoSecMiddleEastLR0516](https://reader031.vdocuments.pub/reader031/viewer/2022020301/588174921a28abf7478b693f/html5/thumbnails/3.jpg)
“Establish a monitoring strategy and develop supporting policies,
taking into account previous security incidents and attacks, and
your organisation’s incident management policies. Continuously
monitor inbound and outbound network traffic to identify unusual
activity or trends that could indicate attacks and the compromise
of data”
Extract from the “10 Steps to Cyber Security”, CESG information security arm of GCHQ
We provide the following Managed Security Services: • Design of security operations centres (SOCs)
• Onsite operation of our clients’ SOCs
• White labeled MSSP solutions
• A cloud based managed firewall + SIEM service
• On demand Security Incident Response Teams (SIRT)
Si enhances the operational efficiency of our clients’ information systems with our Managed Security Services . By optimizing
IT asset utilization, risk management and compliance we improve uptime and availability .
We design, build and operate security operation centres either onsite at our customers’ locations or in the cloud through our
network of security operation centres .
We have built and we operate security operation centres across London, New York, Dubai and Mumbai . This gives us a
proactive 360o view of global threats .
We are dedicated to serving a range of customers across
verticals such as financial services, telecoms, retail and
healthcare with 80% of our global clients comprising
blue-chip Fortune 500 and Government organisations .
Services Description
Managed Firewall24x7 monitoring and managing of customers security devices (FW, IPS, UTM, WAF and more)
Managed SIEM24x7 monitoring of customer assets and event correlation (network, servers, apps, databases, FW, IPS)
Advanced Threat Protection and Malware Detection Supply & management of advance next generation FW’s, IPS’s and malware detection probes with advanced correlation
Managed SCADA Security Supply and management of SCADA firewalls for critical infra, oil & gas
Advanced Threat Management Supply and correlation of commercial threat feeds (e .g Norse) .
Managed Vulnerability Management Vulnerability Management
Honeypot Active DefenseActive defense utilising honeypot infrastructure correlated with SIEM for proactive management
Managed Web Application FirewallSupply & management of web application firewalls utilising Citrix Netscaler for defense of web environments
Continuous Threat DefenseAdvanced behaviour analysis using cyberflow anormalytics to detect malicious activity
SOC-in-a-Box + 24X7 MonitoringSupply & management of SOC infrastructure onto a customer site including the 24 x 7 monitoring of all event sources
SOC Staffing Outsource - OnsiteOnsite provision of staffing to monitor, administer and manage customer deployed and owned SOC infrastructure and event sources
SOC Staffing Outsource - OffsiteOffsite provision of staffing to monitor customer deployed and owned SOC infrastructure and event sources
![Page 4: Si InfoSecMiddleEastLR0516](https://reader031.vdocuments.pub/reader031/viewer/2022020301/588174921a28abf7478b693f/html5/thumbnails/4.jpg)
INFORMATION SECURITY | CAPABILITY STATEMENT | 5
MAnAgED FIrEWAll & MAnAgED SIEM
Managing and monitoring security devices is a highly skilled operation that can be a time consuming and resource intensive
process . Our managed security services allow our clients to focus on their core business while we concentrate on providing
secured networks and systems .
The service we offer is 24x7 and is scalable, compliant and cost effective. This service is designed for banking, government and
enterprise clients that wish to outsource SIEM services against strict SLA’s and compliance requirements .
With over 20,000 devices under management, our cloud based service is secured across our redundant global SOCs and offers
a resilient and dependable service .
Summary Features
MANAGED FIREWALL & MANAGED SIEM
24 X 7 Security Monitoring In Country Log Retention Real Time Incident ResponseAdvanced Event Correlation
Event Storage For Forensic Analysis
ISO 270001, SANS 20 Compliance Reports
15 Minute SLA Response Time
SIEM Powered By LogRhythm
Web Based Customer Dashboards
Policy & Signature Configuration Changes
Weekly Reports Performance, Availability & Threat Management
What do we manage?
Servers & System OS, Applications & Databases
Core Network Equipment Network Security Equipment
Security Managed Servers (Windows, Linux, Unix, ESX)
Network Routers / Switches Managed Firewalls
Applications Network Wireless LAN Managed Network IDS or IPS
Databases Network Load-Balancers / Accelerators Managed Network VPN Routers
Email Servers Managed Network AntiSpam / Proxys
Managed UTMs
Firewall / IDS / IPS / network Devices / Server
Security Services Feature Set Monitor Manage
Threat Management
24x7 Proactive Security Incident Monitoring, Detection & Notification
SIEM & Correlation
Security Policy Consultation
Incident Management
Configuration ManagementMaintain Device Inventory Database
Backup of Device Configuration
Fault Management
Availability Monitoring
Fault Detection & Notification
Fault Diagnosis & Resolution
Vendor Management
Change Management
Maintain Documentation
Policy & Signature Configuration Changes
OS Updates, Patches & Signatures
Maintain CMDB
Operating System Upgrades
ReportingBasic Reporting
Advanced Reporting
Web PortalWeb Based Portal
Access to Threat Feeds
Log Retention120 days online log retention 12 months archival (Customisable)
VPN SECURE
Customer Network
Managed firewall /UTM / IDS
Managed server
Business application monitoring
Managed switch / router
Global Security Operations Center.
VPN SECURE
SOCCo-location center
TIER 3 D.CAll logs stay in country
![Page 5: Si InfoSecMiddleEastLR0516](https://reader031.vdocuments.pub/reader031/viewer/2022020301/588174921a28abf7478b693f/html5/thumbnails/5.jpg)
INFORMATION SECURITY | CAPABILITY STATEMENT | 7SOC-IN-A-BOX
SOC-In-A-BOx
Si recognises that many clients have a business demand to locate our Security Operations Centre on their premises / data centres . We offer a rapid deployment solution to enable our clients to become operational in a matter of days including people, processes and technology components . At the heart of the SOC lies an industry leading SIEM (LogRhythm Security Analytics Platform) that is closely coupled with additional modules which may be added at the customer request to include full SOC functionality .
Technology Elements
Our SOC-in-a-Box deployment represents an agnostic approach to the component architecture and provides the choice of vendor to our customers from the following matrix .
People (Staffing) Elements
The heart of an effective SOC operation is the quality of staffing together with
robust and tested SOC policies and processes . In all cases, a 24x7 SOC operation
is required to ensure a continuous level of monitoring and defence and whilst
this can be cost prohibitive for many organisations we offer three options to
achieve this objective .
Options: Staffing
Option 1: Remote 24x7 monitoring from our Global Security Operations Centre .
Option 2: Onsite 24x7 monitoring at our customer’s site location
Option 3: Hybrid – Onsite (8x5) team, offsite (evening shift, weekends and public holidays)
In all cases we ensure that all security logs stay onsite at the customers SOC infrastructure .
SOC Component Technology
Core Component: LogRhythm Security Analytics Platform
Module 1: Incident Response Workflow Handling Request Tracker
Module 2: Vulnerability Management Rapid7, Nessus or Qualys
Module 3: Advanced Threat DefencePalo Alto, Cisco Sorcefire or ThreatTrack
Module 4: Advanced Threat Intelligence Norse
Module 5: Honey Pot Active defence Honeypot Infrastructure - HoneyDrive
Module 6: Web Application Defence LogRhythm Web Application Defense Suite + Third party WAF (Optional)
Module 7: Continuous Threat Defence CyberFlow Anormalytics Suite - Anomaly Detection system
SOC and Incident response Processes
Si’s team has been designing, operating and consulting on SOC deployments globally for over 10 years and a particular
strength is our ability to develop and optimise SOC and Incident Response processes . Whilst this element is often overlooked
we believe this is the single most important ingredient to consistent successes and predictable results . Our clients will benefit
from this experience when they partner with Si to deliver our SOC-in-a-Box offering .
Service Delivery Architecture
STEP 1Select Technology
OPTIOn 1:LogRhythm Onsite – Buy
24x7 Outsource Onsite Team
Si Soc Processes
Customer Soc Processes24x7 Remote Monitoring Offsite Team
24x7 Hybrid Team Day shift - Onsite Team Night Shift - Remote Offsite
OPTIOn 2:LogRhythm Onsite – Lease
OPTIOn 3:Soc in a box
STEP 2Select Staffing
STEP 3Select Processes
![Page 6: Si InfoSecMiddleEastLR0516](https://reader031.vdocuments.pub/reader031/viewer/2022020301/588174921a28abf7478b693f/html5/thumbnails/6.jpg)
INFORMATION SECURITY | CAPABILITY STATEMENT | 9
ASSISTED SOC SErVICES
Empowered SIEM
Technology itself is not enough; an efficient SOC team requires a critical balance of people, process and technology . Si partners with LogRhythm to empower our customers to leverage their existing SIEM investments by providing a 24 x 7 Monitoring service offering .
The Operational Challenge
SOC ops require highly skilled security professionals to investigate security incidents, perform incident response and forensics and help keep an organization afloat amid a data breach .
An enterprise looking to operate a SOC needs to evaluate whether it has the expertise in-house to deliver effective monitoring . The option is to transfer the risk to a specialist SOC operator and we provide services to support these challenges .
ASSISTED SOC SERVICES
Key Questions
Does outsourcing make sense? It does when expertise is not available in-house, or when budget does not allow for investment needed to employ, house, and train a 24 x 7 SOC team .
Can building a self-contained, well-staffed SOC become cost-prohibitive for many? The answer is yes primarily due to the resource cost of providing a 24x7 team, after all cyber never sleeps! However if budget does not allow for an onsite team then a remote service to deliver log analysis and event monitoring can be an economical option .
Service level Assurance All services are backed by an SLA: Incidents - 15 minute response Availability - 99 .999 Uptime Change Management - 4 hr MTTR
Security Services Feature Set Monitor
Threat Management
24x7 Proactive Security Incident Monitoring, Detection & Notification
SIEM Event Management & Correlation
Security Policy Consultation
Configuration ManagementMaintain Device Inventory Database
Backup of Device Configuration
Fault ManagementAvailability Monitoring
Fault Detection & Notification
Change Management Maintain Documentation
Reporting Reporting
Web PortalWeb Based Portal
Access to Threat Feeds
Log Retention Log Management and Archival
SLA15 Minute Response Time Service Credit Backing
Dedicated Account Manager Dedicated technical account manager
Benefits – Cost & Performance
The adoption of “Assisted SOC” is motivated by three key messages: “Less Cost”, “Increased Performance” and “Service
Assurance (SLA)” . We demonstrate to our customers that we deliver SOC monitoring services better and for less than the cost
of an in-house service .
Sample use Case – Customer x
A customer requires a 24x7 monitoring service to support their LogRhythm Security Intelligence platform with an average
MPS throughput of 1,000 MPS .
Cost Assumptions
The following cost assumptions are used for the cost benefit assessment .
Options
We recognize that not all businesses are the same and so we support the following deployment models:
• Onsite SOC Teams
• Offsite Remote SOC Team (Remote Monitoring)
• Hybrid – Day Shift Onsite / Nightshift Offsite
SOC Operator (l1)Salary ($50,000/yr): $4,166 / mth
Overhead (20% Salary): $818 / mth
Desk Space $921 / mth
Others $767 / mth
Total Cost to Employ $6,672 / mthNote that a 24x7 operation requires a 5 shift model and a
minimum of 5 dedicated SOC operators .
What is Included?
Cost /mth of 24x7 monitoring team
Performance + Skills level
SlA response
Customer x: In house team
5 X $6,672 = $33,360
Difficult to achieve with
in house team
? Difficult to track and
manage
result: Expensive, no service
guarantee + performance risk + staff risks
Si remote outsource team
$7,000
Si dedicated security
professionals
15 minute response
result: Less cost + better service
assurance
![Page 7: Si InfoSecMiddleEastLR0516](https://reader031.vdocuments.pub/reader031/viewer/2022020301/588174921a28abf7478b693f/html5/thumbnails/7.jpg)
INFORMATION SECURITY | CAPABILITY STATEMENT | 11
CuSTOMEr DAShBOArDS
Si’s customer dashboards offer end-to-end support to the operations of SOCs and Managed Security Service Providers (MSSP) .
It has unique features to help Service Providers setup their operations in minimum time .
Unified Interface for Operations
Si provides a unified interface for the monitoring &
management of one or more networks for multiple aspects .
The portal is able to collate & analyse customer logs & data
and integrates security intelligence tapped from global
sources with analytical tools .
Customer specific information:
• Customer account information
• Security incidents & events
• Availability of critical hosts and services
• Performance of vital systems and network interfaces
• Vulnerabilities on critical systems and applications
• Incident & change management
High Scalability & Technology Agnostic
Si’s customer dashboards are highly scalable and can
integrate with almost any Java, ASP or Web based
application:
• Technology agnostic interface to normalized
information
• Improved operational efficiency through ease of
analysis & automation
• Enhanced Web 2 .0 features for user collaboration
• Flexibility to integrate with other security & network
products and appliances
Vulnerability Posture Dashboard
A high level view of the security posture across an enterprise based on scans performed on
the infrastructure, patch level, miss configurations and categorisation of vulnerability .
Service Management
Management and tracking of performance against service level agreements .
Knowledge Base
Database of over 100,000 vulnerabilities and 15,000 signatures, with in-built correlation
engine to assist incident management and forensics .
Security News Feeds Current security trends and news feeds validated in real-time through various sources and
security advisory organizations .
Security Incident Management
Complete tracking of incident handling through a triage of identification, prioritization
and remediation .
Customizable Dashboard
The customizable dashboard presents an overview of security incidents across the
enterprise . Key statistics of infrastructure areas that either require more attention or events
that provide a larger picture .
Service Centre Service centre for opening, tracking and drill downs from incident details to resolution .
Single portal for change management .
Security Threat Analysis The Dashboard provides a high level summary of how incidents are categorized based on
their severity and the location that needs more attention .
CUSTOMER DASHBOARDS
Non-customer specific information:• Integrated analytical tools for forensic analysis
• Access to reliable security intelligence
• Geographical information
![Page 8: Si InfoSecMiddleEastLR0516](https://reader031.vdocuments.pub/reader031/viewer/2022020301/588174921a28abf7478b693f/html5/thumbnails/8.jpg)
INFORMATION SECURITY | CAPABILITY STATEMENT | 13
WhITE lABElED MAnAgED SErVICES
We provide a service that allows our Partners to re-sell our managed security services as a white labled service . Our process
& technology allow our Partners to deliver ‘in the cloud’ IT services, with no capital investment, to provide a world class, 24x7
managed security service . Si takes care of the technology and the expertise using our global operations centres allowing our
partners to take care of their customers’ security needs .
Customised with our end customer’s logo
Customer Platform
Our partners benefit from our innovative Customer Platform that enables complete account management for reporting,
ticketing, fault management, threat & vulnerability management, customized dashboards, news and knowledge base .
Our web user interface sets the benchmark globally for customer interfacing and allows both partners & end customers a live
360o view of their assets, service fulfilment and SLA performance .
News, dashboards & knowledge base
Reliant & proactive analytics & reports
Complete SLA management & incident workflows
Customised with our partner’s logos and colours
Drag and drop dashboard builderEasily customisable dashboards...
Customisable dashboards
global Security Operation Centres
Easy change request workflows
Customised Platform
Our clients’ end customers benefit from our unique multi-
service delivery platform that can customize the services
they like to offer, define the look and feel and set up their
SLA support and escalation procedures .
Our MSSP partners are traditionally telecoms operators
and security hardware vendors who seek to offer managed
services to their existing client base .
MSSP Services
We can facilitate our partners to provide their end customers with:
• Managed firewall• Managed UTM and IDS• Managed switch and router• Application management• Vulnerability management• Threat management• Fault management
One click management reports
WHITE LABELED MANAGED SERVICES
![Page 9: Si InfoSecMiddleEastLR0516](https://reader031.vdocuments.pub/reader031/viewer/2022020301/588174921a28abf7478b693f/html5/thumbnails/9.jpg)
INFORMATION SECURITY | CAPABILITY STATEMENT | 15
ADVAnCED ThrEAT PrOTECTIOn AnD MAlWArE DETECTIOn
Si defends our customer networks against threats by using a market leading Next Generation Intrusion Prevention System and deep integration into our SIEM platform (Powered by LogRhythm) to provide multi-dimensional behavioural analytics, extended visibility and continuous monitoring for real-time threat detection & response .
The Next Generation Firewalls which we support or supply include: • Palo Alto
• Cisco Sourcefire
• ThreatTrack
• Fortinet
Summary Features
The feature set summary is provided as follows: • 24 x 7 monitoring & management
• Real time incident response system
• Advanced malware protection & next generation IPS
• Packet level forensics and sandboxing
• Network behaviour analysis
• Integration with our next Gen SIEM for behavioural analytics
• Behavioural whitelisting
• Statistical baselining
• Real-time threat management
• Continuous Compliance
• Host & network forensics
• Real-time contextual awareness
Use case &
LogRhythm incorporates Next Gen FW security and advanced malware protection via the secure eStreamer API and correlates it against other security device and machine logs to deliver multi-dimensional behavioural analytics, extended visibility and continuous monitoring for real-time threat detection & response .
The integration provides: • Deeper visibility and contextual awareness into network events with advanced correlation to deliver enterprise-wide
threat detection
• Threat intelligence to help detect advanced malware attacks and realize the extent of the outbreak for fast
remediation
• Automated action against advanced persistent threats (APT) and zero-day attacks
• Unparalleled expertise through Si SOC Team, LogRhythm LabsTM and Sourcefire’s Vulnerability Research Team (VRT)
Service benefits:• No Capex investment required
• Detect advanced malware and realize outbreak
extents for fast remediation
• Automated and immediate action against
threats such as APT and zero-day attacks
• Multi-dimensional behavioural analytics
• 24 x 7 monitoring + real time event
contextualization
Service Architecture
Si partners with leading Next Generation Firewall vendors (Palo Alto, Sourcefire or ThreatTrack) to incorporate their advanced threat detection technology and sandboxing with our SIEM platform (Powered by LogRhythm) and correlates it against other security devices and machine data throughout the IT environment .
ADVANCED THREAT PROTECTION AND MALWARE DETECTION
![Page 10: Si InfoSecMiddleEastLR0516](https://reader031.vdocuments.pub/reader031/viewer/2022020301/588174921a28abf7478b693f/html5/thumbnails/10.jpg)
INFORMATION SECURITY | CAPABILITY STATEMENT | 17
MAnAgED hOnEyPOT ACTIVE DEFEnSE
A honeypot is a security resource deliberately designed to be probed, attacked and compromised, for the purpose of gathering
intelligence around an attacker . By using honeypots to create better context around threats, we are able to provide a more
proactive defence posture . Our automated and integrated approach to honeypots eliminates the need for the manual review
and maintenance associated with traditional honeypot deployments .
MAnAgED SCADA SECurITy
Today, remotely deployed field devices and SCADA systems are increasingly brought into the IT environment and communicate
over IP . This convergence of Operational Technology (OT) and Information Technology (IT) has opened up new points of attack
or “threat vectors” for hackers .
Si has countered this threat by providing SCADA firewall technology which is integrated into our SIEM (Powered by
LogRhythm) for 24x7 monitoring, threat and incident detection .
The service is delivered using Palo Alto Networks SCADA Firewall, which is one of the only Layer 7 firewalls available for
SCADA-based environments .
Service Features
• Secure critical infrastructure, power grids, oil/gas pipelines, industrial plant
• Supports - DNP3, Modbus/TCP, Ethernet IP, IEC 61850, PROFINET and BACnet
• Layer 7 application protection and analysis for Industrial Control systems language and traffic
• Strong policy enforcement for more granular control over industrial data inputs
• Uniform secure access from control networks to sensors
• Translation of SCADA data formats into IP protocols
• SIEM integration and robust event logging
• All security logs remain in country
• Real time incident response system
• Real time events from the Firewall
• Store the events for forensic analysis
• Customisable event correlation
how It Works
Si deploys honeypot infrastructure into customer DMZ environments to analyse malicious events by continuously monitoring honeypot event activity utilising our SIEM platform (Powered by LogRhythm).
We perform real-time, advanced analytics on all activity captured in the honeypot, including successful logins, observed successful attacks and attempted/successful malware activity on the host and use this data to create a defensive posture.
Deploy Honeypot specific to customer requirement
SIEM (Powered by LogRhtythm) tracks the attacker’s actions
Analyse the honeypot data to create profiles of behavioural patterns and attack methods
Apply defensive posture for detected profiles and signatures
The honeypot Security Analytics Suite delivers:
• Continuous monitoring of honeypot data• Customized threat research for
strategic defence• Automated breach prevention and response• Dynamic security intelligence• Real time monitoring• Low cost approach for customer
specific signatures • Fault management
Service benefits:• Secure critical infrastructure, power grids, oil/
gas pipelines, industrial plant• No Capex investment required• 24 x 7 Monitoring • Secure SCADA Networks• Minimise business risk of security breaches• Achieve compliance requirements• Strict SLA response
The customer will interface with the MSSP SOC team via the customer portal where he will have customer access to:
• SLA Tracking
• Ticketing & troubleshooting
• Threat Management Dashboards
• Knowledge Based for Incident Response and analytics
MANAGED HONEYPOT ACTIVE DEFENSE | MANAGED SCADA SECURITY
![Page 11: Si InfoSecMiddleEastLR0516](https://reader031.vdocuments.pub/reader031/viewer/2022020301/588174921a28abf7478b693f/html5/thumbnails/11.jpg)
INFORMATION SECURITY | CAPABILITY STATEMENT | 19
COnTInuOuS ThrEAT DEFEnSE SErVICE MAChInE lEArnT BEhAVIOurAl AnOMAlyTICS
Si partners with Cyberflow AnalyticsTM to provide a service that detects operational anomalies within packet communication
behaviour to determine high risk activities and threats . The system is the only system that can provide “Anomalytics”, a
real-time, streaming, machine-learning, behavioural analytics solution, which can instantly detect and alert operational and
security practitioners of anomalous and suspicious activities within their organizations .
This system and service uses Anomalytics to provide real-time cyber-security threat detection at scale and in situations where
traditional security products are failing to adequately identify and detect advanced polymorphic attacks and other anomalous
lateral behaviour within their organizations .
how it Works• Collects raw packet meta data• Machine learns normal packet communication
behaviour of clients, servers, protocols and visualizes anomalous high risk threats
• Finds operational anomalies such as SNMP event storms, odd port/app activity and changes in IoT sensor communications
• Automation of clustered breach activity tracks Advanced Persistent Threats (APTs)
• Uses a SPAN port configuration to collect data• Operates within VMs on any customer
virtualized infrastructure (lightweight data footprint)
Service Benefits:• It is able to monitor traffic effectively over
the entire network, as opposed to traditional
security products which monitor only
segments of a network
• The service can detect APTs which other
analytics methods cannot capture
• Cost effective and scalable
• Real time monitoring
• Integrated with SIEM
1. Deploy a virtual machine network, app and device sensors that monitor systems to feed the “Anomalytics Fusion Engine”.
2. Execute multiple, real-time analytical models to construct self-organizing maps which present high risk behaviour.
3. Cross-correlate the maps against a behavioural policy framework.
4. We correlate the real-time anomaly threat detection and alerts through our SIEM to drive rapid incident response and forensics.
Service Architecture
Dashboards
The following image represents a dashboard identifying the high risk traffic occurring within the network utilising
port level analytics .
“Anomalytics Fusion Engine”
CONTINUOUS THREAT DEFENSE SERVICE | MACHINE LEARNT BEHAVIOURAL ANOMALYTICS
![Page 12: Si InfoSecMiddleEastLR0516](https://reader031.vdocuments.pub/reader031/viewer/2022020301/588174921a28abf7478b693f/html5/thumbnails/12.jpg)
INFORMATION SECURITY | CAPABILITY STATEMENT | 21
BEnEFITS OF EngAgIng An MSS PrOVIDEr
Cost
“The cost of a managed security service is typically less
than hiring in-house, full-time security experts .”
(Wilbanks, 2001) .
Staffing
“A shortage of qualified information security personnel
puts tremendous pressure on IT departments to recruit,
train, compensate, and retain critical staff .” (Hulme, 2001)
An MSSP transfers this responsibility . In addition, “if a
client organization can outsource repetitive security
monitoring and protection functions, then they can focus
internal resources on more critical business initiatives”
(Pescatore 2001) .
Skills
“MSSPs have insight into security situations based on
extensive experience, dealing with hundreds or thousands
of potentially threatening situations every day, and are
some of the most aggressive and strenuous users of
security software .” (Navarro 2001 & DeJesus 2001)
“In-house staff members who only deal with security on a
part-time basis may only see a limited number of security
incidents .” (Hulme, 2001)
Facilities
“MSSPs can also enhance security simply because of the
facilities they offer .” (DeJesus, 2001) . These are physically
hardened sites with state-of-the-art infrastructure
managed by trained personnel .
Objectivity and Independence
An MSSP can provide an independent and objective
perspective on the security posture of an organization . An
in-house team often can not be objective and certainly is
not independent .
Security Awareness
“It is difficult for an in-house team to track and address
all potential threats and vulnerabilities as well as attack
patterns, intruder tools, and best security practices .” (Alner
2001, Navarro 2001)
Whereas … .
An MSSP is often able to obtain advance warning of new
vulnerabilities and gain early access to information on
countermeasures .
Service Performance
The MSSP service can report near real-time results,
24 hours a day, 7 days a week, and 365 days a year,
guaranteed against an SLA . This is a large contrast with
an in-house service that may only operate during normal
business hours .
Service Security and Technology
“Service security solutions and technologies such as
firewalls, intrusion detection systems (IDSs), virtual private
networks (VPNs) and vulnerability assessment tools are far
more effective because they are managed and monitored
by skilled security professionals .” (Wilbanks, 2001)
BENEFITS OF ENGAGING AN MSS PROVIDER
Cost
Staffing
SkillsFacilities
Independence
SecurityAwareness
Service
27%Recurring
Annual Save
200+ DedicatedSecurity
Professionals
360O ViewOf Global Threats
We AreBuilt For Big
Data
20% Technology
But 80% Interpretation
94%Initial Cost
Savings
SLA15 MinuteAlert-High
Priority events
MSSP Benefits
The Business Case forManaged Security Services
![Page 13: Si InfoSecMiddleEastLR0516](https://reader031.vdocuments.pub/reader031/viewer/2022020301/588174921a28abf7478b693f/html5/thumbnails/13.jpg)
INFORMATION SECURITY | CAPABILITY STATEMENT | 23
98 99 00 01 02 03 04 05 06 07 08 09 10 11 12 13
Crc comm
s over
standard IRC portctc com
ms over non
standard IRC portsCrc com
ms over
HTP & HTTPS
ctc using Social
Media, Twitter & FB
Crc comm
s over
p2p-usins auto DDOS0-Day threats
now comm
on place
Fast flux DNS
now wide spreadNew wave of DLL
Hijack
First major cyber
warfare attack
Mydoom & SasserRecord forMost damage!
The rise in nationstate Malware!
Flame - the mostsophisticatedMalware yet!
Mal
war
e So
phist
icat
ion
CSIRT skills & experience
Si follows the best industry standards and guidelines for
incident response .
The increasing sophistication and impact of malware
attacks emphasises the need for companies to retain the
services of a professional CSIRT team .
Our CSIRT engineers are highly experienced and maintain a
tool kit of skills including: • Vulnerability management
• Penetration testing
• Botnets
• Sandbox
• Honeypot
• Forensic analysis
Why hire a professional CSIRT?
The inability of companies to prepare for possible cyber-attacks from incredibly resourceful criminals is one of the most
pressing issues facing global chief executives . The increasing sophistication of attacks, which render even the most technology
savvy organizations vulnerable, mean that few organizations have the means to employ staff with the ability to respond
effectively . We offer an incident response service that allows our customers’ organizations to benefit from our skills and
experience .
Malware Sophistication Vs Time
Rapid Response CSIRT Services
Incident Response
Reverse Engineering/Analysis
Advanced Threat Alerting
Forensics
Malware Analysis
Assessments & Audits
Script Development
Remediation and Recovery
SI CSIrT TEAMS
Si has been running a Computer Security Incident Response Team (CSIRT) for many years . Through the development of our
own SOC and our clients’ SOCs our staff are some of the most qualified and experienced incident response engineers in the
market place .
Si CSIRT LAB
Through the development of our own SOC, our CSIRT lab
comprises an extensive library of incident case files that
are key for supporting analysis and mitigation measures .
The very fact that Si has SOCs around the world, gives our
CSIRT teams a unique insight into a wide range of threats
and risks, enabling us to react faster to such incidents . Each
member of the team has access not only to the labs, but to
this global resource .
CSIRT Services
We offer our professional services to enterprise, telecom
and government organisations on a cost effective basis .
The available options for procuring these services include:
• Staff secondment
• Retainer leased rapid response teams
• Remote CSIRT teams
The security incident management team activities include:
SI CSIRT TEAMS
Email InformationRequest
VulnerabilityReportHotline/Helpdesk
Call Center
Figure 5: CERT/CC Incident Handling Life Cycle
Triage
IncidentReport
Analyze ResolutionObtain ContactInformation
Coordinateinformation& Response
Provide TechnicalAssistance
Other
IDS
CSIRT Incident Handling Life Cycle
![Page 14: Si InfoSecMiddleEastLR0516](https://reader031.vdocuments.pub/reader031/viewer/2022020301/588174921a28abf7478b693f/html5/thumbnails/14.jpg)
“Eighty percent of the intrusions of your networks today can be
handled by patches, anti-virus and user actions. We spend 90
percent of our time on the 80 percent of the issues that could be
handled by good hygiene.”
Brigadier General Paul Nakasone, Deputy Commander, U.S. Army Cyber Command
Si’s Professional Security Services provides enterprise-wide assessments, design and deployment services to build secure and
resilient IT infrastructures .
Our delivery model is based on industry best practices and technologies that are aligned to our clients’ IT infrastructure and
business processes . Our services create a foundation that enables our clients to address key risk management and compliance
challenges .
Vulnerability Assessments
Penetration Testing
Web Application Security Testing
Network Risk Assessments
Network Architecture Reviews
Device Configuration And Migration Reviews
Cyber Forensics
According to Davos World Economic Forum, 2013, (the
Global Agenda Survey), “Cyber Risks” were ranked as the
3rd largest underestimated risk to world development
ahead of sovereign debt, education and protectionism .
![Page 15: Si InfoSecMiddleEastLR0516](https://reader031.vdocuments.pub/reader031/viewer/2022020301/588174921a28abf7478b693f/html5/thumbnails/15.jpg)
INFORMATION SECURITY | CAPABILITY STATEMENT | 27
INFORMATIONGATHERING
Active & PassiveReconnaissance
TARGETDISCOVERYFinalizingThe Scope
SCANNING &FINGER PRINTING
IdentifyingUnderlying
Technology &Service
LOCALSEGREGATIONOF TARGETS
GroupingTargets Based onAttack Vectors
APPLICATIONSWeb Servers,
Database Servers,Mail Servers,
SSH, FTP
OPERATINGSYSTEMS
Windows, Linux,Unix & Solaris
WEB BASEDAPPLICATIONSE-Commerce,B2B, CustomWebsites &Appliances
PERIMETERDEVICESNetwork
& SecurityAppliances
VULNERABILITYIDENTIFICATIONLocating Known
& UnknownVulnerabilities
VULNERABILITYANALYSISFiltering &Confirming
Attack Methods
PENETRATIONEXPLOITATION
Confirmingof Existing
Vulnerabilities
IMPACTANALYSISExtent of
Business impactdue to Vulnerability
Exploitation
REPORTSDetailedFindings,
ManagementReport Executive
Summary
DATACORRELATIONMITIGATIONSTRATEGIES
A robust policy template to enable securityconfiguration compliance
Compliance-based reports(PCI, HIPPA, GLBA, FISMA and SOX)
Customisable, multi-view reports that make the mostof existing security investments
Audit-read reporting and certified technical support teams
Internal and external vulnerability scans
Best practices (ITIL, OSSTMM and ISO 27001 security standard)
Instant access to Secure-I security intelligence and research
Executive summaries (jargon-free, true executive-level summaries)
Priority matrixes, indicating remediation priorities and risks
Detailed impact analysis of the identified vulnerabilities
Findings and recommendations to improve security postures
Knowledge transfer to client’s IT teams
VulnErABIlITy ASSESSMEnTS
Si’s Vulnerability Assessment (VA) service provides our clients with the ability to identify and mitigate security gaps associated
with their IT assets, thereby enhancing their overall security posture .
Our assessments meet the mandatory compliance requirements and provide a proactive measure to stay one step ahead of
threats .
PEnETrATIOn TESTIng
Interconnected corporate networks of partners, clients, remote offices, wireless LANs, vendors and the Internet have created
multiple avenues for an attacker to target companies . Organisations face greater risks to customer data, intellectual property
and financial records .
CIOs and CFOs must have a clear understanding of risks and vulnerabilities to protect their organizations from external
attacks .
Our Vulnerability Assessment provides:• On-demand proactive vulnerability management for
organisations
• Visibility, awareness and consistency of our clients’
organisations
• Tracks asset ownership, pinpoints rogue devices and
views detailed asset discovery and profile reporting
• Reduces investment in tools and technology
• Comprehensive remediation solutions
• Complete remediation procedures to mitigate
identified vulnerabilities
Our Penetration Testing services enable our clients to:
• Identify existing and potential vulnerabilities and
risks from external attacks
• Utilise experienced security analysts with the
specialized skills and tools needed to mitigate client
risk
• Conduct testing in a safe and controlled environment
without compromising routine business activities
• Reduce investment associated with employing full
time security analysts, tools and technologies
• Integrate with an overall risk management solution
to address the audit requirements of policy and
compliance frameworks such as ISO 27001, SOX,
HIPPA, PCI etc
Features include:
Features include:
VULNERABILITY ASSESSMENTS | PENETRATION TESTING
![Page 16: Si InfoSecMiddleEastLR0516](https://reader031.vdocuments.pub/reader031/viewer/2022020301/588174921a28abf7478b693f/html5/thumbnails/16.jpg)
INFORMATION SECURITY | CAPABILITY STATEMENT | 29
Comprehensive documentation andpresentation of findings
A prioritised list of remediation steps
Practical recommendations focusing on both the riskand cost associated with it
Action plan – short and long term to achievecompliance and business objectives
Identification of technical and logical vulnerabilitiessuch as SQL injection, cross-site scripting, I/O datavalidation, exception management etc.
Ability to determine remediation stepsand counter-measures
Detailed technical information report covering thenature of the defect, the code locations, impact ofdefect and the remediation solutions
WEB APPlICATIOn SECurITy TESTIng
IT applications allow our clients to directly access personal and confidential information, encouraging a self-driven model and
decreasing costs .
Critical business functions are dependent on the successful functioning of IT applications . There is an exponential increase in
vulnerabilities found in Web Applications creating a significant impact on our clients’ enterprises and the privacy of the end
users . Business losses can include loss of data, public image and loss of confidence .
nETWOrK rISK ASSESSMEnTS
A thorough evaluation of network security posture is mandatory to enable our clients to answer the following fundamental
questions:
Our Web Application Security Testing allows our clients to:
• Get instant feedback and catch hidden bugs before
launch
• Create higher quality applications as they are tested
by certified QA experts
• Deploy applications faster by testing throughout the
development process
• Use global testing coverage by testing across
operating systems, browsers, languages and more
• Allow our clients to gain a better understanding of
potential website vulnerabilities that may be visible
from the Internet
• What is their enterprise security strategy? And what
can be done to protect it in a better way?
• Where are the weaknesses in their security policies
and architecture?
• How can they make security data actionable and
get timely compliance reports to address audit
requirements?
• How much does an effective risk management
solution cost?
Features include:
Our Network Risk Assessment includes:• A Security Policy Audit – evaluating security policies
based on availability, business continuity and
compliance requirements; it also establishes key risk
factors and security metrics
• A Technical Security Evaluation – analyzing the
security architecture in the context of security
policies and control objectives to uncover
vulnerabilities
• A Threat Management Assessment – examining
threat identification, investigation and incident
response processes
• Disaster Recovery & Business Continuity Planning
– to ensure that plans for returning systems to
operational standards are in place
Features include:
WEB APPLICATION SECURITY TESTING | NETWORK RISK ASSESSMENTS
Black Box Testing Grey Box Testing White Box Testing
We perform attack testing assuming the identity of an external attacker/hacker.
With no inside informationabout the application..
We receive basic information aboutdesign & function of the Web app.
We receive complete information,coding, infra, architecture.
Grey Box testing is a fusion ofblack & white box testing.
Full Source code & infrastructure review
![Page 17: Si InfoSecMiddleEastLR0516](https://reader031.vdocuments.pub/reader031/viewer/2022020301/588174921a28abf7478b693f/html5/thumbnails/17.jpg)
INFORMATION SECURITY | CAPABILITY STATEMENT | 31
Step 1:
Current state assessment
FIREWALL MIGRATION SERVICES | NETWORK ARCHITECTURE REVIEW
FIrEWAll MIgrATIOn SErVICES
Firewall technology longevity typically spans from between 5-7 years and upgrades are often initiated by growing
organizations and changing security requirements . A firewall is an item of critical network security infrastructure and any
change in technology is fraught with risks to business continuity .
Si’s professional services team can assist organizations from applying a standard methodology to executing a firewall
migration . Each migration project deployed is unique and represents a different set of challenges, the key to our success is to
treat each case with the same level of care and professionalism .
What did we learn?
The client recovered the cost of the firewall migration project through lower cost of operations, reduced security risks, more
efficient administrative and maintenance processes, and ultimately a more satisfied customer base .
Baseline Assessment Requirements Planning
Step 1
FW ArchitectureAssessment
Step 2
FW Health Check& Performance Review
Step 3
FW Policy &Compliance Review
Step 4
FW Module & ProtectionLevel Assessment
Step 5
Migration Config& Validate
Step 6
Migration Cut Over& Monitoring
Migrate
Analysis of: - Firewall logs- VPN’s- Installed software / patch level- Bugs fixed in new versions- Utilisation of hardware components
Review of: - Hard disk capacity and usage and CPU memory usage- Network interface…
• ..throughput• ..capacity• ..availability
- Analysis of logs, errors and syslog- Firewall config
Review violation of:- Corporate policy,- Industry standards and best practices - FW Rules & Optimisation
Review of the protection level achievable with current Architecture.
Recommend upgrades and additional modules
Lab Based Configuration & Validation. prior to roll out and cut over.
On site:- Tra�c migrated from old to new- Troubleshoot- Monitor- Handover & training
Firewall Migration Road Map
• We determine security strategies and support our clients’ business objectives
• We implement policies where required and we establish new policies should they be required
• We put in place effective risk mitigation and regulatory compliance
• We analyse, manage and report
• We review existing policies and frameworks and make recommendations where necessary
• We audit existing policies for example ISO 27001/PCI to ensure compliance
• Our aim is to set out a road map detailing short, medium and long term goals
nETWOrK ArChITECTurE rEVIEW
Si utilises its vast experience and knowledge to act as professional assessors with respect to the security architecture of our
clients’ networks .
Our consultants analyze every key aspect of the architecture including:• Logical and physical design
• Security technology inventory
• Asset inventory
• Outbound and inbound connectivity
• Security procedures and processes
• Network topology
• Network and host access controls
• Log-in procedures and authentication requirements
• Business continuity plans
• Containment and incident response procedures
• Health of security controls
For each key area, and for the infrastructure as a whole, Si consultants identify and document the following 4 Steps:
Step 2:
A vision for a future state
Step 3:
A Gap analysis
Step 4:
Recommendations for closing gaps
What are the facts?• $1 .1 Million firewall migration project for this client
generates fast payback for customer
• The client is an IT managed services provider serving
over 11,000 community-based banks, credit unions,
and insurance agencies . This engagement calls for
migrating 45 McAfee Sidewinder firewalls to Cisco
ASA firewalls
The client decided to change their technology following a
history of frequent McAfee Sidewinder platform crashes
that negatively impacted their end customer satisfaction . Si
began by performing a proof-of-concept project to migrate
one firewall in our lab before the full scale roll out .
Case Study: Firewall Migration – Fortune 500 Financial Services Institution (2012)
![Page 18: Si InfoSecMiddleEastLR0516](https://reader031.vdocuments.pub/reader031/viewer/2022020301/588174921a28abf7478b693f/html5/thumbnails/18.jpg)
INFORMATION SECURITY | CAPABILITY STATEMENT | 33
System wipeThe "bullet". Your IT department needs to be able to wipe the system if it believes its security has been compromised.
App securitySome applications could compromise the security of your business data, so you'll need an application control system in place to prevent blacklisted apps being downloaded once the device is hooked up to your network.
ManagementThe IT department needs to select a mobile device management system. Look out for one that o�ers simple user interfaces as well as the security features you need.
IdentificationIf a wide range of users and devices are to be allowed access to the network, it is critical to identify and authenticate each device and user.
SecurityWith sensitive information being transmitted, security is top of the list. Allowing BYOD doesn't mean sacrificing security. IT must establish WiFi security, VPN access and ideally add-on software to protect against malware.
Data waiverPersonal and business data can be easily mixed on personal devices, so employers need to protect themselves if it goes wrong. If the device is lost or stolen, employers may need to destroy all data – employees should sign a waiver agreeing to this before being allowed to use their own device.
BrIng yOur OWn DEVICE (ByOD)
When an organization is considering implementing a BYOD policy they will generally be asking; what sort of Mobile Device
Management will need to be implemented? What systems must employees have mobile access to? What level of security will
need to be implemented?
Si provides consulting services to deliver the right solution to enable our clients to manage and secure both their networks
and also how to control the use of mobile applications on personal devices across their network .
BRING YOUR OWN DEVICE (BYOD)
Secure & Manage Mobile Devices with
Si partners with MobileIron who offer the platform to
manage mobile apps for business users . The MobileIron
platform provides both the tightest security and best
end-user experience for the distribution, delivery and
management of mobile applications, docs and devices for
global organizations .
Manage the Network
Step 1
High PerformanceNetwork Infra
Step 2
Security
Step 3
Acccess
Step 4
Acceptable UsePolicy
Step 5
Manage the Apps
Step 6
Manage the Data
Manage the Mobile Device
Your network needs to be able to cope with the
influx of personal devices connecting to it.
Support the secure connection of devices,
whether they are connecting from inside or
outside the o�ce.
Set policies around what devices to connect to the
network, and what network areas they have
access to.
Develop specific stipulations to govern the
use of the new technologies such as
smartphones and tablets.
Control access to the camera, application
stores, Internet browser, YouTube, and explicit
content.
Control access to documents and data
shared over the mobile device.
Secure & Manage the Network with ISE
Si has pioneered the implementation of BYOD management
through collaboration with Cisco ISE and are selected as
1 of only 10 worldwide delivery partners . The technology
allows:
• Consistent enforcement of context-based policies
across wired and wireless networks
• System-wide visibility showing who and what is on
the network - wired, wireless, or VPN
• Accurate device identification using ISE-based
probes, embedded device sensors, active endpoint
scanning
• Greater visibility and control of the endpoint with
Mobile Device Management solution integration*
![Page 19: Si InfoSecMiddleEastLR0516](https://reader031.vdocuments.pub/reader031/viewer/2022020301/588174921a28abf7478b693f/html5/thumbnails/19.jpg)
It took was a small number of employee log-in details to be
compromised for hackers to obtain the entire customer database. As
a result 128 million people – equivalent to twice the population of
Britain – had to change their passwords!
The eBay Hack, May 2014
Si offers a range of compliance services based on industry best practices . Our lead compliance advisors/auditors are leaders in
their field and in certain instances are sector specialists such us banking, finance and government .
Services include:• Compliance consulting, implementation and
management
• Compliance certification readiness audits
• Business continuity planning (BCP)
• Security awareness and ITIL training
• Compliance services covering:
- ISO 27001:2005
- ISO 2000
- BS 25999
- ITIL
- COBIT
- HIPAA
- PCI DSS
- SAS 70
- SOX
![Page 20: Si InfoSecMiddleEastLR0516](https://reader031.vdocuments.pub/reader031/viewer/2022020301/588174921a28abf7478b693f/html5/thumbnails/20.jpg)
INFORMATION SECURITY | CAPABILITY STATEMENT | 37
InFOrMATIOn SECurITy MAnAgEMEnT SySTEM - ISO 27001
What is ISO 27001?
ISO 27001 is a set of ‘best practice’ controls for the
management of systems that enable our clients’
organizations to demonstrate that ‘best practices’ are
implemented and ‘continually’ improved .
Information Security Management System
The Information Security Management System (ISMS)
provides a control framework to protect information
assets . This combines management controls, technical
controls, procedural controls & personnel controls to
name a few . The controls combine preventive, detective,
restorative, maintenance and monitoring controls .
The Approach for Successful Certification?
We typically apply four phases to the successful delivery of
an ISMS process and we can demonstrate proven success
with some of the most successful organizations in the
Fortune 500 index .
What is Business Continuity Planning (BCP) & Management?
Business Continuity Planning & Management “identifies
an organization’s exposure to internal & external threats
& synthesizes hard & soft assets to provide effective
prevention & recovery for the organization, while
maintaining competitive advantage & value system
integrity” (Elliot, Swartz & Herbane, 1999)
Our Approach to BCP Compliance
BS 25999 is BSI’s standard in the field of Business
Continuity Management (BCM) and can be applied to any
organization in any location globally . Si are specialists at
applying this standard which includes guidance on the
processes, principles and technology recommended for
BCM and the specification of a set of requirements for
implementing, operating and improving a BCM System
(BCMS) .
4 Key Benefits of ISO 27001 Implementation
1. Compliance ISO 27001 can provide the methodology to enable an
efficient way to comply with regulations regarding data
protection, security & IT governance .
2. Marketing edge
ISO 27001 can be a unique selling point, especially if
handling clients’ sensitive information .
3. Lowering the expenses Information security is usually considered as a cost with no
obvious financial gain . However, there is financial gain if
you lower your expenses caused by incidents .
4. Putting your business in order ISO 27001 is particularly good for putting businesses in
order – it forces organizations to very precisely define both
responsibilities and duties, and therefore strengthens the
internal organization .
BuSInESS COnTInuITy PlAnnIng (BCP) & MAnAgEMEnT
INFORMATION SECURITY MANAGEMENT SYSTEM - ISO 27001 | BUSINESS CONTINUITY PLANNING & MANAGEMENT
The ISO 27001 standard is divided into management system controls comprising 11 domains which in turn have a further 133 detailed controls:
• Security policy• Organization of information security• Asset management• Human resources security• Physical and environmental security• Communications and operations management• Access control• Information systems acquisition, development
& maintenance• Information security incident management• Business continuity management• Compliance
What are we planning for?• Random failure of mission-critical systems• Epidemic• Earthquake• Fire• Flood• Cyber attack• Sabotage (insider or external threat)• Hurricane or other major storm• Utility outage• Terrorism/Piracy• War/civil disorder• Theft (insider or external threat)
Objectives & policies
Gap analysis
Risk assessment
Risk treatment plan
Implement controls
Training & awareness
Monitor, review & refine
Management review
Documentation
Verification
Certification
Phase IPlanning
Phase IIImplementation
Phase III Phase IVCertification
Training Business Process Test Process RefreshRecovery Requirement
Analysis
Business Impact Analysis (BIA) Disaster Recovery Design Crisis Command Team call-out
Solution Design Testing Maintenance
Threat & Risk Analysis (TRA)Crisis Management -
Command Structure
IT Failover Plan
Technical Swing Test
IT Applications Test
Verify - Tech solutions
Verify – Recovery ProceduresImpact Assessment
![Page 21: Si InfoSecMiddleEastLR0516](https://reader031.vdocuments.pub/reader031/viewer/2022020301/588174921a28abf7478b693f/html5/thumbnails/21.jpg)
COMPlIAnCE & SECurITy SKIllS TrAInIng
To enhance our compliance consulting services in the field of ISO 27001, Business continuity Management (BS 25999) and ITIL
we offer courses to enable our clients to take ownership of their compliance needs .
Our courses are delivered with a combination of inhouse trainers and experienced consultants from the UK .
Course Owner
Si & Partner
Si & Partner
Si & Partner
Si & Partner
Si & Partner
Si & Partner
Si & Partner
Si & Partner
Si & Partner
Si & Partner
Si & Partner
Si & Partner
Si & Partner
Course Name
1 . Implementation and Audit – ISMS-ISO 27001
2 . Implementation and Audit – ITSM-ISO 20000
3 . Implementation and Audit – BCMS- ISO 22301
4 . Internal Auditor - ISO 27001
5 . Business Impact Analysis
6 . ISO 27005
7 . Network Security Assessment
8 . Application Security Assessment
9 . Business Continuity Management
10 . PCI – DSS
11 . An Integrated Management System
12 . Security Operation Centre Design & Delivery
13 . SOC & SIRT Optimization
Duration
2 Days
2 Days
2 Days
2 Days
2 Days
2 Days
2 Days
2 Days
2 Days
2 Days
2 Days
2 Days
2 Days
INFORMATION SECURITY | CAPABILITY STATEMENT | 39
PCI COMPlIAnCE & PAyMEnT CArD InDuSTry SECurITy
Si offers a full range of PCI Compliance Consulting services to satisfy the requirements of the Payment Card Industry Data
Security Standards (PCI DSS) compliance . Si is a PCI Approved Scanning Vendor (ASV) .
What is PCI DSS?
The PCI Data Security Standard (DSS) was developed by
the PCI Security Standards Council, and is enforced by the
payment card issuers . It is designed to protect consumers
and businesses, and to encourage the global adoption of
consistent data security measures . The PCI DSS comprises
12 broad requirements which organizations must meet to
maintain compliance .
PCI DSS compliance requires any organization that
transmits, processes, or stores data that contains payment
card information to protect the privacy and confidentiality
of that data . In addition to retailers, the PCI DSS standards
affect financial institutions, healthcare providers,
transportation service providers, the food and hospitality
industry, and payment service providers, among many
others .
Information Security Programme
In itself PCI does not address an organization’s information
security and as such we recommend in addition to the
requirements of PCI compliance a strong framework should
be established to provide a strong information security
environment . By focusing on a broader security program,
organizations can mitigate potential data security breaches
and cyber security attacks, which will lead to better service
to customers and increased profitability .
PCI DSS Trends
Several trends have accelerated the need for PCI DSS
compliance and payment security . While the payment
card brands have been actively enforcing PCI compliance
for Level 1 merchants the past few years, they are now
enforcing compliance for Level 2 - 4 merchants as well .
Merchants that are non-compliant can face substantial
fines and the threat of having payment card privileges
revoked .
PCI COMPLIANCE & PAYMENT CARD INDUSTRY SECURITY | COMPLIANCE & SECURITY SKILLS TRAINING
![Page 22: Si InfoSecMiddleEastLR0516](https://reader031.vdocuments.pub/reader031/viewer/2022020301/588174921a28abf7478b693f/html5/thumbnails/22.jpg)
INFORMATION SECURITY | CAPABILITY STATEMENT | 41
INDIA
305/310 Owner’s Industrial Estate
Gabriel Road, Mahim,
Mumbai, India 400016
T: +91 22 2445 4725
UK
1st Floor
6 Bevis Marks
London
EC3A 7BA
T: +44 (0)7481 804622
COnTACT uS glOBAl SECurITy OPErATIOn CEnTrES
California, USA
USA Co-Location Data Centre
New Jersey, USA
Dubai, UAEPune, India Global Soc
UAE
Al Barsha Business Point
Office 501, Al Barsha One
P .O . Box 283996
Dubai, UAE
T: +971 4 354 9535
F: +971 4 354 9536
London, UK
CONTACT US | GLOBAL SECURITY OPERATION CENTRES
New York
2137 Route-35
1st Floor Holmdel,
NJ 07733
United States
T: +1 732 444 4404
![Page 23: Si InfoSecMiddleEastLR0516](https://reader031.vdocuments.pub/reader031/viewer/2022020301/588174921a28abf7478b693f/html5/thumbnails/23.jpg)
Si’s Multi-disciplinary Capabilities:
• Information Security• Security Consulting• ICT Consulting• Building Technology• Engineering & Integration Management