SERVICES

Advanced Cyber Security solutions from CyberSIGMA and its partners

We have a broad service portfolio for the security of your company

IT GOVERNANCE AND COMPLIANCE

ISO/IEC 27001 is an international standard which describes and gives specific requirements for an Information Security Management System

Implementing an ISMS helps a company in the reduction of technology-based risks and revenue losses, while improving the image of your business.

ISO 27001:2013 GAP ANALYSIS

Gap analysis and compliance assessment with respect to the ISO/IEC 27001:2013 standard.

  • ISO 27001: requirement identification
  • Gap analysis report
  • Team manager interview
  • Remediation plan including compliance timeline
SECURITY IT ASSESSMENT

Security IT Assessment with a focus on the main operative business processes

  • Team manager interview
  • Main business asset identification; valorization in terms of priority and critical impacts.
  • Network vulnerability assessment

GDPR SERVICES

The General Data Protection Regulation, GDPR, (Reg. UE 2016/679) is enforceable from 25th May 2018

If your business collects and process information about EU Data Subjects (such as customers) you need to evaluate how to address these requirements according to this regulation

GDPR ASSESSMENT & REMEDIATION PLAN
  • Detection and analysis of the processing activities
  • Gap Analysis: assessment of the current level of compliance
  • Remediation plan timeline to complete post-assessment activities
  • Records of processing activities
GDPR ADVANCED IMPLEMENTATION
  • Impact assessments in order to evaluate and mitigate the risks
  • Personal data protection: implementation of the remediation plan and security implementation process
  • Data Protection Impact Assessment (DPIA)
DPO AS A SERVICE

The DPO (Data Protection Officer) is a figure that deals with the continuous verification of the GDPR requirements. Our professionals are available for the outsourced DPO service

GDPR TRAINING COURSE (4 hours)
  • The protection of personal data
  • Introduction to the new EU Regulation 679/16: definitions, news and obligations
  • The key aspects of a process of adaptations: census of treatments, consensus management, company website, data transfer, appointment of the controller, DPIA, treatment register
  • The importance of security measures and continuous review of processes that process personal data

EDUCATION AND TRAINING

The most of data breaches are due to negligent and off-hand behaviour by employers/employees. This human factor can be reduced by means of suitable trainings improving also awareness and confidence

All courses have these options: 

  • Possibility to take the course online
  • On-demand customized courses

At the end of the course training materials will be provided

CYBERSECURITY AND DATA PROTECTION: AWARENESS

BASIC TRAINING TO GAIN AWARENESS AND INFORM ALL ORGANIZATION EMPLOYEES

  • The course includes
    • Cybersecurity
    • Threats & Countermeasures
    • GDPR fundamentals as well as best practice for the IT resource use
  • 8 hours
CYBERSECURITY AND DATA PROTECTION: MANAGEMENT

TRAINING TARGETED TO ALL ORGANIZATION MANAGEMENT

  • The course includes
    • Cybersecurity
    • Threats & Countermeasures
    • GDPR fundamentals as well as IT governance guidelines
  • 4 hours

VULNERABILITY ASSESSMENT & PENETRATION TEST

A system test such as a vulnerability assessment is one of the required activities that has to be performed in order to test the system reliability for the GDPR compliance

The identification of the asset at risk is a fundamental task: it has to be performed regularly in order to discover system vulnerabilities before someone (malicious) else does

VULNERABILITY ASSESSMENT (VA)
  • Information gathering
  • Perimeter and critical assets detection
  • Scanning and enumeration
  • Report including a list of vulnerabilities that need to be fixed
PENETRATION TEST (PT)
  • Vulnerability assessment
  • Exploitation of the discovered vulnerabilities
  • Penetration test report

SECURITY INTELLIGENCE

Intelligence services are designed for collect multiple data from different sources cross-correlating the gathered raw data and converting this information into actionable insight (e.g. for decision making)

Security Intelligence represents an approach which involves advanced tools and techniques for supporting an organization in their security strategy

Cyber Threat Intelligence

 

  • Early warning
  • Data breach prevention
  • Pre-planned attack defence
  • Hacktivism protection
  • Cyber-defense
Open Source INTelligence (OSINT)
  • Voice and video analytics
  • Sensor and interception technologies
  • Big data analysis

SOC – SECURITY OPERATION CENTER

A Security Operation Center represents a centralised unit where the information can be monitored and analysed

ACTIVITIES

Log management

Logs are collected and stored centrally inside your perimeter or directly at our SOC Data Center (depending on the bandwidth availability)

SIEM (Security Information & Event Management) platforms

This service focused in the SIEM tool development as a tool, which analyses the acquired logs against a set of correlation rules creating events to be analysed by security analyst

Security device managing (SDM)
Alert and event monitoring

This service helps in the prompt identification and correlation of security anomalies theough real time detection of errors and alerts from multiple and heterogeneous sources

Threat prevention

Prevention and prediction of cyber security events by real time analysis and manipulation (normalisation, aggregation and correlation) of network traffic

OTHER BUSINESS SECURITY SERVICES

SECURITY DEVICE POLICY REVIEW

Ensuring that firewall rules and configuration meet security best practices is a fundamental activity for the information protection. This activity may require a continuous and significant effort in the policy management

INCIDENT PREVENTION

This service relies on the management and optimization of the patching processes in order to reduce losses on the corporate assets. It includes a risk assessment which correlates the information to its vulnerabilities incident and to the likelihoods showing priority for critical assets reporting the potential business impact

SECURITY POSTURE REVIEW

Assessment of the current status of your organization at multiple level (network, systems and applicative). The service includes a preliminary phase of gap analysis with respect to reference standards and to the main industry best practices, followed by a risk assessment and by technical activities of monitoring and vulnerabilities discovering

BUSINESS IMPACT ANALYSIS

Identifying the prior resources and services to ensure continuous delivery and quick recovery following a disruption is an important task. Each service that is critical to ongoing business operations is assessed and planned in detail identifying possible threats and dangers as well as impact and like- hood parameters in order to perform a risk analysis of suitable entity with respect to the considered enterprise size).

Contact us for more information about our services or to receiving a quote!

Sigma Consulting Srl processes the data you provide in compliance with the 2016/679 EU Regulation and what is stated in the Privacy policy.

Choose how you want your data to be handled:

Office

Via Adriano Olivetti, 24/26

00131 Roma RM

Hours

M-F: 9am – 5pm
S-S: Closed

Call us

(+39) 06 8772 5590