INFORMATION SECURITYSERVICES & SOLUTION

Security is the KEY to

Trust and Confidence

InfoShield was founded in 2005 specialising exclusively on providing comprehensive Information Security solutions to the Omani and the GCC marketplaces. Since then, InfoShield has evolved into a robust firm, offering a full line of information security solu-tions and professional services.

InfoShield is a truly information security focused service provider with a deep under-standing of the local market needs and requirements. InfoShield has performed work with some of the most highly recognized organizations in Oman, including Information Technology Authority (ITA ) and The Central Bank of Oman (CBO).

While InfoShield is focused on the regional GCC market, it is at the forefront of current developments in information security. InfoShield offers more targeted services than the large multinational consultancies at a more cost effective way.

Executive Overview

InfoShield

Consultancy Services Security Awareness Material and Solutions Professioal Security Services Security Professionals Training

Key Competencies

Within its portfolio, Infoshield provides Security Operation Center (SOC) to help organizations to detect, avoid, and respond to vulnerabilities and threats in Real Time. Thus, reducing informa-tion security risks by using skilled resources, mature processes and advance technologies.

• Monitoring of Security Events in Real Time• Centralized Security Management by security specialists• Enables focusing on the core business, leaving security management and monitoring to Infoshield SOC• Lower Total Cost of Ownership. No concerns with having to acquire a security system or with resources to manage or sustain them

Security Information & Event Management• Monitoring of security events in real time (24 x 7)• Infoshield’s SOC correlates events generated by various systems, including but not limited to: Firewalls, Routers, IDS/IPS, Web Servers, Applications, etc.• Event management according to the risk which the threat represents, enabling a quicker response time• Centralized security systems management• The Customer may have access to a web portal where they can see the information gathered and correlated in real time, as well as obtain reports and security related information.

To enable your organization and assure a Real Time monitoring service InfoShield provides 24/7 Security Operation Center. We help to optimize security operation by centralizing all the security management process, from security data gathering to incident resolution.

Security Operation Center

SECURITY OPERATIONCENTER

Managed Security Services

SOC - Strong Points

• Detect real threats faster by automatically consolidating, and prioritizing security data from various security devices. • Ensure full protection by relying on a single system that instantly detects network, server, operating system and application threats. • Prevent attacks through non-stop system testing against the latest vulnerabilities.• Increase your efficiency by managing your security devices from a single system.

Our Security Operation Center solution automates the repetitive, time consuming and tedious security tasks, enabling your IT department to focus on more strategic activities such as set-ting, reviewing and auditing security policies to increase your overall security level.This solution will help you to be able to:

InformationSystem

Collect

Normalize

ProcessCorrelate

Report

A Penetration Test is a method of evaluating the security of a computer system or network by simulating an attack by a malicious hacker. The process involves an active analysis of the system for any weaknesses, technical flaws or vulnerabilities.This analysis is carried out from the position of a potential attacker, and can involve active exploitation of security vulnerabilities. Any security issues that are found will be presented to the system owner together with an assessment of their impact and often with a proposal for mitigation or a technical solution.

From a business perspective, penetration testing helps safeguard your organization against failure, through:

From an operational perspective, penetration testing helps shape information security strategy through: Identifying vulnerabilities and quantifying their impact and likelihood so that they can be managed proactively; budget can be allocated and corrective measures implemented.

After the completion of a penetration test, the deliverables will included a detailed analysis of the methodology used to conduct the test. The results of the various attempts at compromise as well as detailed documentation on remediation of any security flaws found.

- Executive summary risk matrix.- Detailed technical findings with remediation steps- Recommendations

PENETRATION TESTING

Service Overview

Why conduct a Penetration Test?

Deliverable

Preventing financial loss through fraud (hackers, extortionists and disgruntled employees) or through lost revenue due to unreliable business systems and processes.Proving due diligence and compliance to your industry regulators, customers and shareholders. Non-compliance can result in your organization losing business, receiving heavy fines, gathering bad PR or ultimately failing. Protecting your brand by avoiding loss of consumer confidence and business reputation.

•

•

•

• Open source search • Web interface to whois• ARIN, APNIC, MYNIC• DNS zone transfer

• Ping sweep• TCP/UDP port scan

• Stack Finger printing • Banner grabbing

Network Surveying• identify domain names, server names, IP addresses, network map, ISP/ASP information, service & service owner.

Port Sacanning• IP address of Live system, Iinternal system network addressing, tunneled & encapsulated protocols, routing protocols, active service

System & Services Identification • System type, system enumeration, OS type & patch level, service types , service application types & patch level, internal system addressing

Exploit Test & Verification• Attempt to gain complete control by performing common known exploits based on vulnerabilites tests & findings result.

Vunluerability Test & Findings• Type of application or Vulnerabilities, possible DoS vulnerabilities, list if areas secured or non-visible, list of actual vulnerabilities minus false positives, list of internal or DMZ sysytems, list of mail server + naming converntions.

• Unicode & directory traversal exploits.• Password brute-force.• Manual exploit code with scripting

Vulnerability scans

Penetration Testing Process

Information Security Management System (ISMS) is a systematic approach to managing the security of information assets. It includes policies, procedures, plans, processes, practices, roles, responsibilities, structures and resources. It follows the traditional deming cycle of “Plan, Do, Check and Act”

What is ISMS?

INFORMATION SECURITYMANAGEMENT SYSTEM

Implementing ISMS in your company is not free and can take many months; however, it brings many valuable benefits.

• If information is the key asset that is needed in your business then ISMS helps to protect your business case.• ISMS, delivered via ISO standards, is compatible with others in the market.• Company Management is always involved in the security and always has access to information.• Your partners view you as more reliable, credible and trustworthy.• ISMS certification opens doors to new business (for example, better competitive position in the EU market).• Information and Data Sources are utilized more efficiently.• ISMS makes your investments into information security more efficiently.

Key Benefits of ISMS

Analysis & Design• Determine and requirements • Conduct risk assessment • Carry out gap analysis• Design ISMS Develop action plan

Implementation• Execute remedial actions• Implement new processes• Operate ISMS

Certification• Review documentation• Review implementation • List non-conformities• Correct non-conformities• Confirm compliance

Maintenance• Regular review of documents• Internal audits of processes • Bi-annual independent surveillance audits

Stages in ISO 27001 Certification

Design and specifycontrols

Implementand operate

Monitor, review and

audit

Correct and

improve

Plan

Do

Check

Act

PROFESSIONAL SECURITYTRAINING

There are many benefits doing training in-house:

• Budget Maximizing - the costs to your company will be less if you have a group than sending them to a public course and you will therefore make the most of your training budget.• Convenience – the timing and the location of the course is decided by you so you can pick the most convenient for you.• Confidentiality – if you have certain issues that may be specific to your organization which are best resolved in private this can be done with our expert facilitors.• Variety – you can pick from any of our courses across all of our regions or you can build your own training with our help, so that your course is tailored to your exact needs. In the Middle East where there is a clear shortage of qualified information security professionals, the need for skilled and knowledgeable professionals has never been greater. Compliance with local and international laws and industry regulations have increased the demands on informa-tion security professionals who know how to help organizations secure their information assets.

Provide organizations with the necessary skills to protect themselves.Demonstrate organizational commitment to information security.Reduce the risk of incidents caused by lack of knowledge.Increase shared learning by giving security professionals an opportunity to network with their peers.Reduce turnover by giving staff opportunity to grow.

In-House Training

Benefits of security professional training:

Certification

Forensic Network Defense

Penetration Testing

Certified Ethical

Hacking

Core Security

Skills

Hands Ons andCertification

Locally Delivered in Oman since 2005

Wide coverage of various disciplines:- Security management - Infrastructure security - Application security

Delivery Methods:- Public Courses- In-House Courses

Recognised:- International Lecturers- International Affiliation (MIS Training / Security University EC Conuncil)

AWARENESSMATERIALS & SERVICES

It is well understood that People are the weakest link in the security chain. As a result A Secu-rity Awareness Program is essential for any organization that seeks to reduce risks, improve information security controls, and meet various regulatory requirements.

The awareness method will vary based on the needs of the audience. Not everyone needs the same degree or type of information to do their jobs. InfoShield awareness solutions distinguish between the need of various groups of people and present only information that is relevant to that particular audience.

Information security awareness, a specific form of information security control, helps secure information assets by:

• Informing people about information security risks and controls in a general sense, and pro viding more specific information and guidance where necessary.• Emphasizing management’s support for, and commitment to, information security. • publicize the organization’s information security policies, standards, procedures and guidelines, and externally imposed regulations.• Motivating people to behave in a more security-conscious manner, for example taking security risks into account in business decision making.• Speeding up the identification and notification of security breaches.

InfoShield has a blind of solutions to promote security awareness to all users who have access to the information and systems. Many of these tools can be customised with the organisation’s own logo and very cost-effective awareness tool.

Information Security Awareness

This is the ideal solution for organizations that prefer to deliver printed materials as a primary training tool or for those wanting to help strengthen other training methods and the overall awareness program.

Information Shield is proud to offer SecureInsight, the most comprehensive and effective training solution available.This web-hosted, fully managed security awareness tutorial is AICC and SCORM compliant and can integrate easily into most learning management systems.

We will work with you to design and deliver an online survey to your staff. The information collected will be reviewed and analyzed. We will then prepare a detailed report for you. The information will also be broken down into graphical format with an executive summary. You will be able to show your management what types of problems your organization may experience and to explain where you need to focus your awareness efforts and why. Follow-up surveys can objectively measure awareness program results.

Holding a workshop is an excellent way to provide interaction and a personal touch to your awareness training. Our SecureInsight workshop is designed to enable a person who possesses basic knowledge of information security issues to easily present an awareness course to end-users.

Posters are a great tool for promoting awareness of any topic. Our posters are designed to capturethe reader’s attention with an alluring graphic and lead-in, then educate them on a given security topic in an interesting and informative manner. By placing them in areas such as break rooms, or above water fountains and coffee machines, where staff normally spend a couple of minutes, you can efficiently and effectively educate staff on new security topics each and every month.

AWARENESS SERVICES

AWARENESS BROCHURES

For more information, please contact us at

Tel. Office : (+968) 24511333Fax : (+968) 24511155P.O Box : 189, MuscatPostel Code : 101, Sultanate of Oman

E-mail: info@infoshield.com.om

www.infoshield.com.om

www.infoshield.com.om