DCC provides multitude of IT Risk and Security Strategy services. Such services include the following.
- Program assessment: Our Program Assessment service allows us to assess and report on the state of the organization’s security program, including analysis of people skills, process and methodologies, policy completeness and effectiveness, usage of tools, and the relevant KPIs and metrics.
- Framework Integration:
Our Framework integration services assist clients in aligning security frameworks with industry standards, such as ISO 27001 and 27002, NIST 80053, COBIT and ITIL
- Policy Development: DCC helps clients to develop security policies that align security requirements with business requirements, taking into account people, technology and process
- Vulnerability Management Program Design and Implementation: DCC is expert in developing methodology and process to actively detect, prioritize, and remediate vulnerabilities against evolving threats
- Mobile and Cloud Security Strategy: As a core focus area, DCC Mobile and Cloud Security Strategy services help clients assess, develop and integrate the security policies and controls governing the use of mobile and cloud computing products and services
DCC assists its clients in the journey towards obtaining different IT Security certifications and compliance. These certifications include, but not limited to the following areas:
- ISO 27001:DCC provides ISO 27001 advisory services to support readiness prior to certification. DCC assumes the responsibility for checking the documentation, review all the processes and advise the client on the existing gaps
- ISO 27002: DCC provides security program controls and their alignment in terms of the controls practiced by the client
- ISO 20000: ISO 20000 advisory and readiness prior to certification
- PCI-DCC:DCC performs readiness assessments on payment applications according to the Security Procedure and the PA-QSA Validation Requirements
These services are rendered by DCC under two broad categories, namely Security Advisory Services and Security Strategy and Framework Development Services.The coverage under such services are highlighted below.
- Security Advisory Services: These services include the following.
- IT risk management and governance
- Third-party risk management
- Cloud computing strategy
- Mobile security
- On-site advisory
- Security Strategy and Framework Development Services:These services comprise of the following areas.
- Program Assessment
- Framework Integration
- Policy Development
- Vulnerability Management Program Design and Implementation
- Mobile and Cloud Security Strategy
DCC’s Infrastructure Security services help organizations:
- Understand true boundaries of the extended enterprise, including overall risk to criticalassets
- Validate effectiveness of existing network and endpoint controls against industry andcompanystandards
- Identify and mitigate the most common threats to the infrastructure and its components
- Network Architecture Assessment: Our Network Architecture assessments provide an in-depth and structured technical assessment against secured design practices, operational requirements, and system risk profiles
- Network and Endpoint Vulnerability Assessment: DCC assessments of network and endpoint security utilize a combination of automated network-based scans and root cause analysis to develop a snapshot of your network and endpoint security posture
- Penetration Testing: Penetration Testing service includes analysis of network vulnerabilities and simulation of attacks exploring both known and unknown hardware or software flaws as well as operational weaknesses in either process or technical countermeasures
- IT Infrastructure Profiling & Assessment: Survey and development of in-depth knowledge about “what’s in your ecosystem” to enable key stakeholders to make decisions based on how the environment is configured, rather than the desired state
These services are divided into two broad categories, namely Security Monitoring services and Security Analytics services.
- Security Monitoring services: This is an engrossed operations services, including the following components.
- Monitoring Security incidences and events 24×7 is important for maintaining a secure posture
- At DCC we ensure that our customers’ systems are monitored 24X7 using our state-of-art Security Operation Center (SoC), manned by experienced security professionals
- The success of this team depends on prompt identification and immediate resolution
- We have expertise on various SIEM tool that are used to monitor, record and report all the security related incidences
- Security Analytics services:Security Analytics services include the following.
- The growing challenges in security space demands in-depth analysis of each event and provide proactive alert
- Our Analytics team has the right balance of tools and individual capabilities to produce meaningful inference from ongoing events which has potential to impact
- This has truly proved very helpful in determining the current security posture and required posture to maintain a reasonable secure status
- This also helps in maintaining healthy compliance standards
Cloud security services comprise of two major service areas. These are Cloud Data Compliance related services and Cloud Infrastructure Assessment services.
- Cloud Data Compliance : The related services include the following areas.
- Cloud data compliance services are flexibly designed to address the complex challenges of maintaining regulatory compliance
- Virtualized infrastructures present a challenge for the full extent of data protection and privacy
- Cross-geographic deployments of infrastructure may violate regulatory requirements in public clouds
- Effective policy development and the appropriate level of controls and configuration of services are key
- Any or all of these issues can be addressed via DCC’s advisory services on Cloud Data Compliance
- Cloud Infrastructure Assessment services:These services comprise of the following.
- Assessing a public or private cloud environment
- It is built on the foundation of DCC’s enterprise infrastructure security assessment methodology
- The scope is flexible depending on the situation and typically includes the storage, compute and service layers of the cloud stack
- Data protection is a core component for any critical application where the data will reside
- All such cloud based infrastructures are assessed