Onistec’s Services – Solving Business Problems

Pragmatic thinkers delivering intelligent solutions

In challenging times, businesses need solutions not just standalone services. Our Security Consulting and Professional Services are personalized to present, develop and implement pragmatic methodologies and strategies that provide answers to solve our clients’ IT requirements and challenges.

 

 

 

 

 

Security Consulting - Risk Management

 

 

 

 

 

  • Information Security Assurance

     

    • Information Security Assurance

    • Threat, Risk and Vulnerability Assessments

    • Penetration Testing

    • Social Engineering Testing

    • Physical Security Testing

    • Breach Incident Response

    • Forensic Investigations

     

     

     

     

  • Compliance Readiness / Review / Audit

     

    • Information Security Program Audits

    • Policies and Procedures Reviews

    • Compliance Framework Gap Analyses

    • FFIEC / GLBA (banking)

    • PCI (credit cards, retailers, hospitality)

    • SOX Section 404 (public companies)

    • HIPAA/HITECH (healthcare)

    • ISO 27000 1/2 (international standard)

    • SSAE16 SOC-x (service providers)

    • COBIT

    • Vendor Management Program

    • ISO/IEC 9126

    • FERPA (20 U.S.C. § 1232g; 34 CFR Part 99)

     

     

     

  • Information Risk Management

     

    • Risk Assessments

    • Business Impact Analysis

    • Security Awareness Program Development

    • Vendor Status Security Management

    • Business Continuity Planning

    • Disaster Recovery Planning

    • Emergency & Crisis Planning

     

     

  • Data Privacy and Protection

     

    • Privacy Policy Development & Review

    • Data Leakage Prevention Guidance

    • Data Leakage Auditing

    • Sensitive Data Discovery and Reporting

     

     

 

Virtual Chief Information Security Officer

 

• Access to a team of qualified Professional Team, not just

  one Consultant

• C-level Strategic Consultants

• Multi-disciplinary Experience and Expertise

• Independent and Unbiased

• Cost-effective, just a fractional cost

• Flexible Service & SLA Commitment

• Knowledge Transfer

• Collaborative QA Process

 

 

 

 

 

 

 

 

 

Planning, Designing and Implementation

 

 

 

 

 

 

 

 

  • IT Strategy and Transformation

     

    • IT Strategy Consulting and Alignment with Governance Frameworks

    • RFP Development and Vendor Negotiation/Selection

    • Compliance Review of IT Vendor (SLAs)

    • Review of Resiliency and Availability of IT Systems

    • Project Management

    • Enabling of Cloud-based Services

    • Health and Performance Analysis of IT Systems

    • Virtualization and Thin Client

    • Remote Workforce and Mobility

    • Data Center Migrations

  • Virtual Infrastructure Implementation

     

    • Improve service levels while lowering capital and operating costs while achieving gains in operational flexibility, efficiency, and

      business response agility.

    • Develop a strategy for the deployment of virtual technologies.

    • Create the roadmap to ensure the success of the project.

    • Implement a cohesive virtualization strategy that delivers

    • automated services and integrated governance.

     

  • Network Planning and Design

     

    • Help organizations on the development and implementation of network infrastructure projects

    • Aligned with strategic business initiative

    • Information Technology Infrastructure assessment for long term goals network support

    • Follow Network Development Life Cycle (NDLC) best practices

     

  • Policies, Procedures and Training Manuals

     

    • Significant gains in both team harmony and in transactional accuracy can be gained.

    • Team of technical writers and savvy business process improvement consultants.

    • Document your policies in ‘plain English’ and simplify and demystify even your most unstructured processes.

    • Our policy and procedures framework effectively collects, assesses and deciphers critical paths from operational gaps from

      process variations / deviations.

    • Document process on a ‘click-by-click’ basis

    • Map out the ‘bigger picture’ process overview

    • Share knowledge and training to employees

     

  • Solution’s Vendors Design & Implementation

     

    • Help maximize end-users' investment in technology solutions.

    • Range of professional services from product training and certifications to architecture design and deployment assistance.

    • Architectural design service provides best practice based guidance to customers who want to reduce design time, and

      streamline the project planning process.

    • Onsite deployment and onsite or online training to meet the specific needs of our customers.

     

Security and Solution Training

 

 

 

 

 

 

 

 

 

 

 

  • Secure Code Development

     

    • Implement best practices and guidance for developing secure, high-quality software.

    • Be aware and educated in the fundamental information security principles used to build resilient processes that should be

      integrated into the various SDLC phases.

    • Curriculum designed to cover responsibilities and roles of each stake holder through the SDLC process.

    • Establishes responsibility for security

    • Provides best practices and guidance for developing high-quality and secure software.

  • Information Security Awareness

     

    • Adding the ‘Human factor’ into Information Security Awareness.

    • Customized Information Security Awareness Programs.

    • Curriculum designed to reach every stakeholder and employee in the organization, vendor, customers and other entities

       with access to the organization’s information assets.

    •  Designed to make stakeholders in the organization aware and educated on the policies, and agree to abide by them.

    • We will help the organization develop a customized Information Security Awareness Program.

    • Conduct training onsite, or online

  • Information Systems Security Officer Training

     

    • Preparing Information Systems Security Officers to analyze an

      organization’s information security threats and risks.

    • Design a security program to mitigate those risks.

    • Provide guidance through the process of developing and

      implementing the Information Security Program of the

      organization.

     

    ISSO training program includes the following topics:

    • Risk Management

    • Security Management

    • Incident Management, Law, and Ethics

    • Access Control

    • Security Models and Evaluation Criteria

    • Operations Security

    • Security Architecture and Attacks

    • Software Development Security

    • Database Security

    • Physical Security

  • SOX Compliance Training

     

    • Learning the importance of SOX and compliance.

    • Specifically tailored toward a specific audience by emphasizing certain topics and customized exercises of specific interest.

    • Using the concepts presented, participants gain the knowledge and skills needed to:

    • Understand SOX and why it is important to the organization

    • Understanding the different sections of the standards

    • Update on JOBS Act and how it affects SOX compliance

    • Understanding of IT Controls and what is in scope for compliance

    • Compare current internal control practices to COSO’s Internal Control – Integrated Framework

    • Identify opportunities to enhance existing internal controls when appropriate

    • Understand your role in meeting SOX internal control requirements

  • COSO 2013 Training

     

    • Understanding COSO 2013 – The Committee of Sponsoring Organizations of the Treadway Commission

    • Training Audience: Audit committee members, CAEs, Internal Auditors, IT Auditors, Corporate Compliance, ERM

     

  • Vendors’  Solution training

     

    • Certification Program

    • Online Training Courses

    • Onsite Training Courses

    • Security Seminars

 

Managed Security Services

 

• Network/Perimeter/Endpoint

• Ethical Hacking

• Anti-Fraud

• Brand Protection

• Compliance

• Cloud Security

• Advanced Access Management & Control

• Network/Perimeter/Endpoint

• Ethical Hacking

• Anti-Fraud

• Brand Protection

• Compliance

• Cloud Security

• Advanced Access Management & Control

 

 

About Onistec

 

© 2011 - 2015 Onistec, llc. All rights reserved