Our Services portfolio is being offered broadly at the following levels that can help an Organization attain its business goals.

Information Security is simply securing your information. As the name stands it is about business information and there is a myth that Information Security is an IT department responsibility. It is not. It is about the whole company, whole business. Information security deals with how far and with what controls you need to secure the information so that you do not overdo it or under do it.

The kind of controls to be incorporated depends on the business scenario and can be based on a Risks Management approach so that the cost of the controls does not exceed the cost of the asset itself.

We offer our Consultation in the following areas:

ISO 27001 is an internationally accepted standard for information security. Tafaouq  is capable of delivering consultancy services pertaining to ISO27001 and can also help organizations achieve this certification. It follows the same standard PDCA cycle as it is a process focused methodology.

To put it simply the Gap Analysis pertaining to the IS Security can be done in the following phases:

Tafaouq  can help the organizations in any of the above areas.

Tafaouq  can provide the necessary resources and assistance in order to formulate the entire IS security prolcies and procedures.  We can also provide the complete knowledge transfer in order to operationalise the processes in the organisations.

The Risk Assessment pertaining to the Information Technology unit of a given organization can be performed as a seperate exercise.  We can follow the best methodology available in the market such as NIST standard, Cobit etc., depending on the requirements of the organization.

Today every business faces a very big challenge and lot of risks in order to just run their business operations in a smooth way.  BCP is a systematic way to address these challenges and provide the processes,procedures,policies and other necessary elements to ensure that businesss can run smoothly and to minimise the interruption to the maximum extent possible.  Its actually addressing the whole Business requirements and not IT element alone.  IT is an integral part like any other unit in the business.  Tafaouq  will help such companies to have a BCP and DRP in place so that companies do not have SURPRISES to meet and can focus on their CORE Areas than to be reactive whenever such SURPRISES occur.  Companies can be proactive and be Due Diligent in addressing such challenges and sustain their business.

Tafaouq  can help comapnies in order to meet their regulatory,complaince requirements.   Regulatory requirements such as SOX, HIPAA etc., can be implemented with the help of our consultants.  Standards such as COBIT can be used in order to implement such controls requirements.  Tafaouq  has the expertise in providing consultancy services in these areas.

 

In the event of suspected security incidents, having a competent and knowledgeable incident handler and investigator enables timely and precise protection, gathering and analysis of critical evidences, as well as determination of the who, what, where, when, why and how surrounding the incidents. The specialists in Tafaouq can provide the necessary support to help your organization to survive the hard times and increase the chance to successfully identifying and prosecuting the offender. 

People are the heart of effective security deployment and no enterprise can implement its security processes and systems without training its people Tafaouq  offers both personal tutorial for senior executives (i.e CEO, CFO, CIO, CISO, CAE, COO), onsite seminars and public classes on the subject ranging from IT governance, information security governance, network security, operating systems/application software security, to hands-on firewall, intrusion detection / prevention system, ethical hacking and digital forensics training.  

Proper installation and implementation of your firewalls, intrusion detection / prevention system, antivirus, antispams, and other security measures are the keys to protect your organization's assets from security threats. While there are many products that can help, they can only be effective when they are part of a carefully planned process.

Our Security Architecture Design & Implementation Service offers you our experiences to assess your proposed wired and wireless network, Internet and intranet architectures for potential security threats and vulnerabilities. 

By using the latest tools and techniques available from the hacker community, Tafaouq simulates controlled physical or logical attacks and provides a snapshot of an organization's security posture.

Through a 4-phase testing process: passive reconnaissance, active scanning, controlled penetration, and controlled vulnerability exploitation, Tafaouq validates the effectiveness of security safeguards and controls currently in place, demonstrates the existing risks to an organization's wired & wireless networks, Windows, Linux & AIX systems, intranet and Web applications, and provides detailed remediation steps that can be taken to prevent future exploitation.