Having assessed the information risks to your enterprise and identified your security needs, PCS consultants can draw up varied mitigation plans to offset and reduce the identified risk to a comfortable level.

Mitigation strategies can be varied and depend on the identified risk, area of risk, and the client management's commitment to addressing the risk. All types of identified risk are addressed by appropriate selection of controls. Controls can be either technical and / or non-technical. They are broadly classified into preventive, detective and corrective depending on their functionality.
Selection of controls is of prime importance in countering risk and PCS consultants go the extra mile in appropriate selection of controls, their cost benefit analysis and calculation on ROI for the selected controls. The objective is for organizations to see business benefit through the desired control selection.

Mitigation Strategies

Policies and Procedures

PCS Consultants will bring their vast experience in BS 7799 and COBIT areas to design practical and implement able policies for organizations. All PCS developed policies comply with BS 7799 and form an integral part of the client's ISMS. (Information security management system).

An ISMS is a systematic approach to managing sensitive company information so that it remains secure. It encompasses people, processes and IT systems. BSI has published a code of practice for these systems, ISO/IEC 17799, which is now being adopted internationally. For more information on PCS's approach to ISMS implementation, please refer our white paper on ISMS approach.

A security policy is a statement of security objectives. A security policy is the most crucial element of a security program. Without a security policy there are no effective security controls because you don't know what policy you are attempting to control.

PCS consultants will use BS 7799 as a framework for design and if required adopt the COBIT standard for more granularity in control design.

Depending on the engagement, PCS consultants can develop a high level policy to baseline information security for a client. This is most suitable for cases wherein the client does not have a documented policy in place.

Furthermore, PCS will engage with the client to design and develop functional policies that will be supplemented with standards and usage guidelines. There is a distinct difference between Policy, standard and guideline. PCS will also develop detailed procedures for the client that will enable them to successfully implement and monitor controls suggested by the policy statement.

PCS can also suggest & deploy policy management tools to enable organizations to continuously monitor deployed policies. For more information, please refer our approach on policy development.
[top]

Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP)

Both BCP (Business Continuity Plan) and DRP (Disaster Recovery Plan) refer to the continuance of mission critical business processes in spite of interruptions. These interruptions could be in the form of a disaster.

While DRP addresses mostly the recovery of IT and Telecom infrastructure, BCP addresses critical business process sustenance, recovery and will involve personnel, facilities etc. Both plans will have components of preventive and corrective controls built in.

Disasters and Business process interruptions are varied and can take the form of a hacker attack, natural disaster, cyber terrorism and even operator error.

PCS consultants will design Business Continuity and Disaster Recovery Plans based on a Risk analysis and comprehensive interactive engagements with the customers. These pans will include detailed Business Impact Analysis to ensure that only the mission critical assets have continuity designed for them.

PCS can also help in testing and implementing such plans in addition to periodic review.

Please refer to our white paper on BCP-DRP for more information on our approach.
[top]

Service Delivery & Service Support

Service delivery and support are key components of service management. Their effective and efficient management is prime if an organization needs to maintain customer satisfaction, quality of delivery and reduce costs.

PCS consultants see the need to streamline and structure your ongoing processes for delivery and support and adopt the BS 15000 standard and the ITIL framework to cater to this need.

ITIL (Information Technology Infrastructure Library) is a set of best practices and guidelines that cover various aspects of service delivery and support. BS 15000 is a BSI certification that can certify organizations that follow such best practices and have made them an integral process in their service management framework.

Paramount has the only consultant who is certified as a BS 15000 Implementer and Auditor in the Middle East region. PCS can help clients who use service management as a key enabler to their business processes streamline the processes and attain certification to BS 15000. These include call centres, service desks / help desks of clients.

PCS can also suggest and deploy tools to assist service desks attain certification. For more information on our approach, please see our white paper on Service management.
[top]

Technology

1. Security Architecture Design

   PCS Consultants, drawing on their vast and varied technical expertise can design robust and secure architectures for your IT infrastructure. Alternatively they could review an existing architecture from a security perspective, benchmark to industry best practices and suggest improvements or enhancements to the same.

   PCS brings to the table in-depth knowledge and expertise in all relevant technologies on the networking, applications and database front. We have certified consultants who can review and design secure architectures for you. This skill set complements the policies and procedures developed, as a secure architecture design is the logical outcome of well developed policies and procedures.

   We can provide an unbiased evaluation of technologies and vendors and recommend suitable security products for your enterprise based on business need, best fit and budget available.
   [top]

2. Access Control and User Provisioning
   
   
   • Who has access to your critical assets?
   • How do they validate and authenticate to access your resources?
   • Once authorized, what levels and privileges of access do they enjoy?
   • Do employees have to remember multiple passwords / login credentials to access a suite of applications and resources?
   • How do you manage the identity of an employee within the organization?
   • How do you revoke access privileges once an employee is terminated?

   Access control and user provisioning provides answers to all the above questions above and much more. PCS analysts have hands on experience in consulting for large organizations in areas of Identity Management (IM) and Single Sign on (SSO).

   Single Sign on addresses the problem area of multiple login credentials. By tying a user down to one set of credentials for access to his authorized resources, SSO benefits in better user experience, lower operating and administrative costs and enhanced security.

   Identity Management takes the concept of SSO one step further and provides for secure user provisioning across the enterprise. It helps in management of the user life cycle and privilege allotment and revocation.

   Both solutions are based on, preferably, a centralized directory structure. PCS consultants with their vast experience on directory, SSO and IM solutions are the perfect tool that you can use to manage access and user provisioning. For more information on IM and SSO, please refer to our white paper on the same.
   [top]