Include all the process of identifying the gap between the current situation and the preferred and the actions in order to succeed 100% compliance
- Gap Analysis (Both known and custom standards/regulations)
- PCI/ISO 27001/ADAE/SOX/ Web Trust for CAs AICPA/CICA Certification Preparation (Preparation and Readiness services)
- Policy-Procedures-Guidelines writing (Based on a predefined standards)
- Security Awareness Services (including presentations and creation of awareness material)
- Configuration Audit(with known standards covering a long list of systems, along with proposed actions in order to succeed 100% compliance.)
- Risk Analysis & Management
Gap Analysis
Gap analysis is a process used to determine where shortfalls may be occurring in business operations when attempting to achieve pre-determined goals. While the basic principles of gap analysis remain, Security Policy Gap Analysis will be customized as a process to organization’s specific needs. In brief, the steps of this methodology are the following:
- Define and detail the scope and the objectives of the gap analysis.
- Review of all related documentation that will provide the information necessary to perform the gap analysis
- Validate the objects of the analysis by converting them to a structured form that can be measured and compared
- Measure the gap by using a strict approach
- Visualize and report the identified Gap
Preparation and Readiness services
ADACOM offers PCI/ISO 27001/ADAE/SOX/ Web Trust for CAs AICPA/CICA Certification Preparation and Readiness Services following the below steps:
- Information Gathering using proper documentation and interviews
- Presentation of Identified Gap
- Provision of necessary Action Plan in order for organization to be ready for certification
Policy-Procedures-Guidelines writing
Security Policy is a set of rules and practices that specify or regulate how a system or organization provides security services to protect sensitive and critical system resources . ADACOM develops policies, procedures and guidelines under a Security Standard that organization is interested to be complied (ISO 27001, PCI DSS 2.0 etc.)
During this service ADACOM gains as much knowledge as possible about the target environment and collect all the necessary information, by questionnaires, interviews and available documentation. After that ADACOM composes a set of policies and procedures in a way that both match organization’s nature and complies with the specified standard.
Security Awareness Services
An effective IT security awareness program explains proper rules of behavior for the use of Information Systems based IT security policies and procedures that need to be followed.
The provisions of security awareness program must be applied to all employees using or operating computer systems. The objectives of security awareness are:
- To build general awareness of information security
- To develop a working knowledge of information security principles and practices
- To get your commitment to follow the information security pledge
This service includes the below:
- Preparation of customized, based on the organization, Security Awareness Material
- Security Awareness Training customized based on every employee group
- Security Awareness Evaluation
Configuration Audit
ADACOM will do configuration audit based on any frameworks and policies provided by the organization and on common accepted frameworks and standards, in case that organization does not have frameworks or policies available for a certain technology.
During this service:
- Auditing Team collects and correlate the provided information
- Create sets of checks bound to the auditing technology.
- Extracts the configuration and evaluate it to the defined standard
- Provide information concerning the compliance and the necessary remediation steps.
Risk Analysis & Management
Involves identifying and assessing risks to data and the information system and network which support it.
- Identification of Assets
- Valuation of Assets
- Threat Assessment
- Vulnerability Assessment
- Risk Assessment