Security Management Consulting
Security Management Consulting delivers quality Security Management Services which enable our client organizations to effectively develop
organization security strategies to the level which protects
business-critical assets and ensures business continuity.
We also provide Security Management
Audit services for evaluating current security strategy and
effectiveness through gap-analysis and benchmarking.
NX Security Governance Model enables successful security strategy, which
works in all levels from business strategy to the operational level
(top-down and down-top approach).
NX Security Governance Model
An effective security strategy requires a layered model which operates in
all business levels and enables tight interaction between the layers.
Failing in one or more layers leads to directionless operation resulting in
increased overhead and unmotivated and frustrated employees in all business
levels and operation areas. Additionally, there are no solid bases to
justify the ROI for the taken security efforts which eventually leads to a
reality with a limited security budget and resource availability. This
limits security management to proactively control only the most serious and
evident security breaches.
We believe in reactive security management and control work where the basis
is an effective security strategy model. Mandatory security requirements
and controls are transformed to business-beneficial success factors which
stand up to top management ROI demands and decrease operation costs.
Security Management Services
Some of our security services to help you develop your infrastructure
security:
Continuity Planning
Businesses face unforseeable events which can imperil business
continuity and survival. We deliver company-wide business continuity
programs, dedicated business continuity plans for critical functions and
processes and disaster recovery plans for critical IT functions or
dedicated systems and services. We develop continuity capability which
minimizes the business impact of unforseen events.
Risk Management Planning
Effective risk management is able to adapt to a dynamic business climate
and enables to constantly asses, prioritize and control all relevant
business risks and maintain desired business risk level. We provide
comprehensive risk modeling methods and expert knowledge on organization
risk management.
Compliance Development
Globally recognized security standards such as ISO27001 and PCI DSS
provide the framework, focus and scope for security work. We can help you
effectively achieve compliance by developing and implementing necessary
processes and technical solutions through best practices and technologies
from our Policy and Process Development and Technical Architecture Development services. Our comprehensive knowledge and dedication
guarantee effective project flow and quality end result.
Policy and Process Development
Our comprehensive expertise from corporate wide security policy and
process development and implementation ensures effective and functional
outcome. Our expertise drives from wide range of industries and
businesses which provide for our client organizations a valuable asset
for effectively developing security infrastructure. We use global
standards such as ISO27001, COBIT and ITIL.
Technical Architecture Development
Comprehensive organization security requires effective policies and
controls with well designed, secure, technical architecture. Our
expertise from secure network design and security solutions such as PKI,
AAA, IDS and RAS, enables you to develop your infrastructure, direct
development cost efficiently and minimize security vulnerabilities and
threats.
Incident Response, Forensic Analysis
Organizations constantly face unexpected and adverse events which require
swift and decisive actions which are well prepared and tested in
practice. We help create incident response capability that provide
effective procedures and practices to detect, control and evolve from
incidents.
Awareness Programs and Training
Effective security strategy requires the support of personnel in all
levels. Our training services are focused on company-wide awareness
campaigns and customer-specific training needs. Training can be based on
a specific security standard, best practice, or can be customized based
on the customer need.
We deliver
Highly developed, quality services combined with the expertise of our consultants
Benchmarkable results provided with globally recognized standards and best practices
Effective project flow provided by the uniform project management practices
Modular and scalable solutions which enable our customers to receive cost effective solutions in scope with their business
Comprehensive knowledge from wide range data security practices and solutions
Terminology
- AAA
- Authentication, authorization, and accounting
- COBIT
- ISACA's Control Objectives for Information and related Technology
- IDS
- Intrusion Detection (and prevention) System
- ISO27001
- Information Security Management System (ISMS) specification (former BS7799-2)
- ITIL
- IT Infrastructure Library
- PKI
- Public Key Infrastructure
- RAS
- Remote Access Service
- ROI
- Return on Investment
- PCI DSS
- Payment Card Industry Data Security Standard
- SOX
- Sarbanes-Oxley Act, administered by the Securities and Exchange Commission (SEC)
Related Information
- 90 percent of organizations have had to execute on DR plans
- Cost of downtime is significant Source: Symantec Disaster Recovery Research 2009