Security Posture Assessment(SPA)
Headquarters:
Ofisgate Sdn Bhd (610820-A), 2-15 Jalan Jalil Perkasa 13
Aked Esplanad, Bukit Jalil, 57000 Kuala Lumpur, Malaysia
Regional Office:
Ofisgate (s) Pte Ltd, 205B Thompson Road,
Goldhill Centre, Singapore
www.ofisgate.com
Understand Your Current Security State
Understanding your organization’s security state and identifying vulnerabilities is
the first step toward protecting the confidentiality , integrity and availability of
critical data. It is also an important component for achieving regulatory
compliance.
Protection of
Information
Reliability
Protection of
Information
Access
Protection of
Information
Availability
Protection of
Information
Integrity
SPA to secure ICT Assets
www.ofisgate.com
Understand Your Current Security State
Your organization may be vulnerable to attack from the
outside or the inside if you remain unaware of security
issues, simply ignore them or don’t sufficiently manage
them. An attack may take down your network or lead to
the theft of sensitive data — customer information,
employee information or intellectual property. The
ensuing loss of public trust or the failure to comply with
regulations could result in severe financial repercussions.
A major security breach could also cause irrevocable
damage to your organization’s reputation.
SOLUTION
IMPACT
To effectively protect your organization, you first
need to evaluate where you stand in relation to
industry best practices and regulatory
requirements.
A gap assessment will help identify the most
effective course of action based on your business
objectives.
www.ofisgate.com
Understand Your Current Security State
A ROADMAP TO A MORE SECURE NETWORK
Going much deeper than an ordinary assessment, the Internet Security Systems
Information Security Assessment provides a comprehensive evaluation of your
information security posture.
Based on the globally recognized ISO 17799 standard and industry best practices,
the assessment by Ofisgate Sdn Bhd security experts will thoroughly document the
results and provide you with specific recommendations for mitigating the identified
risks and improving overall security posture
www.ofisgate.com
Benefits Of the Information Security Assessment
Provides a clear understanding of current information security risks
Identifies the potential impact of vulnerabilities on your network infrastructure
Raises internal awareness of information security risks
Enables more informed decision-making and identifies the gaps in organizational
security controls, policies and processes
Provides a specific, actionable plan to improve overall security posture based on
business needs
Enables you to proactively address security issues before they are exploited
Helps to meet regulatory compliance requirements
www.ofisgate.com
SPA Scope of Work
This document is intended to show and analyze network security issues to the
management and technical staff. The audit report outlines:
Network Assessment
Host / Server Security Assessment
Application and Database Assessment
Physical Assessment
ICT Security Policy Assessment
Penetration Test (Internal & External)
Reporting / Recommendation / Presentation
Transfer of Technology (ToT) & Hands-On Security Training
www.ofisgate.com
Project Timeline
Pre
Assessment
www.ofisgate.com
Assessment
Post
Assessment
Project
Handover
www.ofisgate.com
Customization of
assessment procedures
Network Assessment
Host/ Server Security
Assessment
Application and
Database Assessment
Physical Assessment
ICT Security Policy
Assessment
Penetration Test
(Internal & External)
Post Assessment
Project Planning and
initiation
Assessment
Pre Assessment
SPA Project Phase
Reporting /
Recommendation/
Presentation
Transfer of Technology
(ToT) & Security HandsOn Training
Network Design Audit and Network Parameters Evaluation
BTM WAN Network
Internal Datacenter
Network
BTM NOC
www.ofisgate.com
Internal and External Network Devices Assessment
1 Firewall
1 AV Admin
Server, 2 AV
District
Hosts and 4
user PCs
Example
7 Types
1 Core
Switch and
2 Access
Switches
1 Email
Security
Gateway
3 Routers
www.ofisgate.com
1 Content
Filtering /
IPS
3 Wireless
Appliances
Host / Server and Desktop Security Assessment
Server
Farm
DMZ
2x Branches
User
HQ
User
Example
www.ofisgate.com
Application and Database Security Assessment
One (1) Portal
Five (5) Web Applications
Two (2) My SQL Database
Two (2) Oracle Database
Example
www.ofisgate.com
Operating System & Configuration Management
10 Windows
Hosts
5 Linux Hosts
3 District Users
21 Hosts
Example
www.ofisgate.com
3 HQ Users
Physical and Environment Security Audit
One (1) Customer a Datacenter
One (1) NOC
Example
www.ofisgate.com
ICT Security Policy Assessment / Review
One (1) Customer A ICT Security Policy
Example
www.ofisgate.com
Internal Penetration Test
Server Farm
DMZ
HQ User
2x District User
Example
www.ofisgate.com
External Penetration Test
One (1)
Agency
Portal
Seven(7)
Web
Applications
One(1)
Email
9 Hosts
Example
www.ofisgate.com
Report Presentation
Six (6)
Reports
Report
Presentation
Including
(1)
Executive
Summary
Report
Example
www.ofisgate.com
Security Awareness
One (1) Security Awareness Session
www.ofisgate.com
Training
Three (3) Network
Security Hands-On
Training
www.ofisgate.com
Tools
Nikto2
MATASANO
Flint Firewall
Checker
www.ofisgate.com
For enquiries about our products, services or to schedule a sales presentation:
e: sales_enquiries@ofisgate.com
For contact information:
OFISGATE SDN BHD (610820-A)
2-15, Jalan Jalil Perkasa 13,
Aked Esplanad, Bukit Jalil,
57000 Kuala Lumpur, MALAYSIA.
Tel: +603 8994 0778
Fax: +603 8994 0779
www.ofisgate.com