|
Megaprime
deliver service oriented, standards-based information security architectures and systems that reflect recommended
best practises,
satisfy business requirements for information security and
integrate with the IT management framework.
Megaprime has specialised in information security management since 1992.
We have international experience:
◊ Assessing
information security risk
◊ Establishing information security
requirements
◊ Conducting ISO/IEC 17799 (ISO/IEC 27002) gap
analysis
◊ Designing and
implementing ISO/IEC 27001 compliant Information Security Management
Systems (ISMS)
◊ Evaluating, selecting and implementing
information security products
◊ Designing and operationalizing information
security strategy
◊ Managing the information security
environment
◊ Conducting ISO/IEC 27001 ISMS compliance
audits
Our approach to information
security management enables you to:
◊ Implement an
ISO/IEC 27001 compliant Information Security Management System
(ISMS)
◊
Derive information security requirements from business needs on a
case-by-case basis
◊ Use risk management methods to select and
justify appropriate information security
services and mechanisms
◊ Deploy information security consistently at
distributed locations.
◊ Manage information security in either a
centralised, decentralised or hybrid
manner
◊ Devolve information security
responsibilities to personnel who are best able to
manage the risks
◊ Establish a comprehensive set of auditable
information security services.
◊ Manage information security service quality
using CSFs, KGIs, KPIs, CMM and balanced
scorecards
We apply the principles of risk management, service management and system security engineering to deliver
standards based services for:
◊ User security
◊ Network security
◊ System
security
◊ Communications security
◊ Third party access
◊ Incident detection and response
◊ Business
continuity and contingency planning
Information security is a process that must be managed. It is not just a complex technical issue that can be resolved in isolation from the business.
If you have information security concerns and
run mission critical systems on interconnected computer networks, you should
be talking to us. We can help your organization to secure its
IT environment. Ask us how.
Best
practise references
AS/NZS
4360 Risk Management ISO/IEC
27001 Information Security Management System Requirements ISO/IEC
17799 (ISO/IEC 27002) Information Security Management Code of Practise Cisco
SAFE Security Blueprints Internet
Engineering Task Force (IETF) Security RFCs Microsoft
.NET security Microsoft
Systems Architecture (MSA) for Enterprise, Internet and Departmental Data
Centres National
Institute of Standards and technology (NIST) information security
publications WSS:
SOAP Message Security (WS-Security 2004)
|
