Skip to content
Managed Services or Cyber Security
 / 
NOC/SOC

NOC / SOC

Cyber ​​Security Strategy DRP / BCP / NOC - SOC

The Evaluation of the maturity of the SOC – The Security Operations Center of an organization is a critical component of many networks of medium and large companies that continuously supervise the threatened assets against the network. Understanding the maturity of a SOC is important to determine its effectiveness.

Security and privacy (1)

Personal security: deliver appropriate labor security policies and processes, including:

  • The company provides periodic training on Cybersecurity
  • There are policies on the use of corporate assets, including the network
  • There is multifactor authentication for all internal applications and final points
  • All computer equipment and mobile devices have end-point security

Corporate security: deliver strategy with appropriate corporate security policies and processes, including:

  • Define and identify the CISO who will lead the risk management plan for each client
  • Define and integrate a documented Business Continuity Plan (BCP) that includes Disaster Recovery with annual simulation exercises (DR)
  • Define a documented Incident Response Plan that includes disaster recovery with annual simulation exercises
  • Physical installations are safe
  • Recommend cyber insurance
  • Deliver negotiation plan in case of attack

Security and privacy (2)

Platform security: the objective is to integrate appropriate platform security policies and processes, including:

  • Penetration tests are carried out at least once a year and attend all critical and serious incidents
  • The switching by error and the recovery of security copies will be carried out at least once a year
  • Define an access policy for the production system that includes multifactor authentication
  • Data must be cured and cleaned before transferring it to development and testing areas
  • Servers must have intrusion detection and prevention
  • Confidential data will be encrypted in person and in transit

Application security: the objective will be to have appropriate application security policies and processes, which include:

  • Third-party application tests are carried out annually and all critical and high-level challenges must be addressed and remedied
  • Multifactor authentication will be used for all end users
  • Secure coding practices will be applied
  • Code review and data protection policies will be recommended and applied
  • The applications must comply with the GDPR and the Personal Data Protection Law if necessary
  • Integrate end-of-life software into the infrastructure
  • Present a documented vulnerability response plan

Security and privacy (3)

In any organization, certain data, systems, and applications are more critical and vulnerable than others. Sensitivity levels can vary significantly from one sector to another. For example, in Government systems like ANAM, safeguarding assets, transactions, and contracts is of utmost importance. Other data, operational details, and tax payments may also be high-priority targets, susceptible to a range of attacks, including intrusion, theft, and ransom.

A flexible systematic process with a preventive design in the SOC / NOC

Our primary objective is to proactively identify and resolve control and security system issues that impact critical assets across your organization. Based on our extensive experience, the solution entails an end-to-end process, potentially involving development iterations. This includes a comprehensive asset inventory, a workflow system, and an asset database, enabling us to prioritize assets effectively within this intricate service model.

Security and privacy (4)

From experience, our best practice recommendation will be based on the following five key steps:
  • Our approach involves identifying and mapping digital assets, including data systems and applications, throughout your entire business value chain. We expedite this process by applying a standardized sector value chain to information assets and tailoring them to your organization's specific needs.
  • Our approach involves identifying and mapping digital assets, including data systems and applications, throughout your entire business value chain. We expedite this process by applying a standardized sector value chain to information assets and tailoring them to your organization's specific needs
  • Identify possible attackers, the availability around the most important assets and identify the controls that must be applied to protect them by comparing the results of these evaluations using command tables
  • Locate the weakest security points around the most important assets and identify the controls that must be applied to protect them, comparing the results of these evaluations using command tables
  • Our approach involves creating a multi-year plan to address known risks and control gaps. This plan includes set deadlines for periodic reviews. After the initial assessment, this plan evolves into a dynamic document that is regularly updated to incorporate new data, systems, applications, risks, and vulnerability remediation progress.

Identify Cyber ​​Security Protection

DEFINE THE RIGHT MIX OF PEOPLE, PROCESS AND TECHNOLOGY SOLUTIONS

Related solutions