Datasec limited offers professional services and our consultants can help your company in every aspect of ISO27001 compliance advising from scope definition and policy writing up to the development of security awareness training.
- Information security is simply the protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability whereas.
- Cyber security is the protection of computer systems and networks from the theft of or damage to their hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide.
We offer both professional consultancy and training for ISO 27001:
Datasec limited provides you with necessary knowledge and guidance on how to implement and audit Information Security Management Systems (ISMS).
- Lead implementer
- Lead auditor
This training course is designed to prepare participants in implementing an information security management system (ISMS) based on ISO/IEC 27001. It aims to provide a comprehensive understanding of the best practices of an ISMS and a framework for its continual management and improvement.
After attending the training course, you can take the exam. If you successfully pass it, you can apply for a Certified ISO/IEC 27001 Lead Implementer credential, which demonstrates your ability and practical knowledge to implement an ISMS based on the requirements of ISO/IEC 27001.
During this training course, you will acquire the knowledge and skills to plan and carry out internal and external audits in compliance with ISO 19011 and ISO/IEC 17021-1 certification process.
Based on practical exercises, you will be able to master audit techniques and become competent to manage an audit program, audit team, communication with customers, and conflict resolution.
After acquiring the necessary expertise to perform this audit, you can sit for the exam and apply for Certified ISO/IEC 27001 Lead Auditor credential. By holding a Lead Auditor Certificate, you will demonstrate that you have the capabilities and competencies to audit organizations based on best practices.
At Datasec we provide information security consultation in the following areas:
a. Penetration Testing & Red Team Assessments
During penetration testing we simulate an attempt at breaching your security so that you can fully appreciate the risks and the potential consequences of an intrusion. Our expert, highly skilled penetration testing specialists examine the current state of your infrastructure to assess the resilience of your security controls and to identify all the ways that an attacker might gain unauthorized access.
Through the application of rigorous methodologies, the use of automated scanning tools, customized proprietary scripts and manual techniques, we test for exploitable vulnerabilities that could allow unauthorized access to key information assets.
Our assessment report will show the security vulnerabilities within your infrastructure that could potentially be exploited in an attack. In the report, we also recommend the best methods to secure the environment based on your unique internal business requirements and industry best practices. We offer:
- Infrastructure penetration testing.
- Application security testing.
- Network security testing.
- Remote access security testing.
- Wireless security testing.
- Mobile security testing.
b. Vulnerability Assessment
A vulnerability assessment is a systematic review of security weaknesses in an information system. It evaluates if the system is susceptible to any known vulnerabilities, assigns severity levels to those vulnerabilities, and recommends remediation or mitigation, if and whenever needed.
Examples of threats that can be prevented by vulnerability assessment include:
- SQL injection, XSS and other code injection attacks.
- Escalation of privileges due to faulty authentication mechanisms.
- Insecure defaults – software that ships with insecure settings, such as a guessable admin passwords.
We offer various types of vulnerability assessments which consists of:
- Host assessment – The assessment of critical servers, which may be vulnerable to attacks if not adequately tested or not generated from a tested machine image.
- Network and wireless assessment – The assessment of policies and practices to prevent unauthorized access to private or public networks and network-accessible resources.
- Database assessment – The assessment of databases or big data systems for vulnerabilities and misconfigurations, identifying rogue databases or insecure dev/test environments, and classifying sensitive data across an organization’s infrastructure.
- Application scans – The identifying of security vulnerabilities in web applications and their source code by automated scans on the front-end or static/dynamic analysis of source code.
c. ISO27001 Consultancy & Certification
ISO/IEC 27001 Information Security Management Systems standard ensures that your organization keeps information assets safe and secure, by building an information security infrastructure against the risks of loss, damage or any other threat.
At Datasec We provide consultancy services on implementation of ISMS which include training the implementers, conducting gap analysis, implementation process advisory, Internal audit, pre-certification audit and support during the certification audit.
d. Managed Security, Incidence Response & IT Recovery Planning
Datasec knows that IT recovery plan is more than a set of procedures. Based on our firm understanding of your infrastructure, your business and your applications we assist you to design the recovery architecture that meet your needs, in the Cloud, in your own data centers or at a third-party facility.
e. Managed Security, Incidence Response & IT Recovery Planning
Security Information and Event Management (SIEM) is a subsection within the field of computer security, where software products and services combine Security Information Management (SIM) and Security Event Management (SEM). They provide real-time analysis of security alerts generated by applications and network hardware.
How does it work?
SIEM software works by collecting log and event data that is generated by host systems, security devices and applications throughout an organization’s infrastructure and collating it on a centralized platform. From antivirus events to firewall logs, SIEM software identifies this data and sorts it into categories, such as Malware activity, failed and successful logins and other potentially malicious activity.
Benefits of SIEM include:
- Increased efficiency.
- Preventing potential security threats.
- Reducing the impact of security breaches.
- Reducing costs.
- Better reporting, log analysis and retention.
- IT compliance.