2. Bill Ross and INFOSECFORCE llc Security Service Offering
Here is a list of security services that INFOSECFORCE llc can plan, build,
implement and manage for any corporation or any organization no matter its size
and business type.
Predict Prevent Detect Respond
Researchandwhite
papers
CyberIntelligence
designand
implementation
Rebuildingsecurity
programs. For
example,changing
froma SOCbased
operationtoa Cyber
Intelligence
OperationsCenter
CyberIntelligence
Framework
development
Predictive Intelligence
analysespatterns
Big Data security
management
program
Virtual andCloud
SecurityPrograms
CyberSecurityasa
Service (CSaaS)
SecurityPolicy
Managementdesign
and implementation
SecurityArchitecture
baseline,design,and
road maps
Secure Software
Development
Corporate Security
Managementdesign
and implementation
Personnel Security
Managementdesign
and implementation
InformationAccess
Managementdesign
and implementation
CryptographyPolicy
Managementdesign
and implementation
Physical Security
Organizational Asset
Managementdesign
and implementation
Managementdesign
and implementation
SupplierRelationship
Managementdesign
and implementation
Securitypolicy,
process,procedures,
and standardsdesign
and implementation
Designand
engineering
documentation
designand
implementation
Secure Development
processand
Operational Security
Managementdesign
and implementation
NetworkSecurity
Managementdesign
and implementation
SystemSecurity
Managementdesign
and implementation
Rigorousandexact
Vulnerabilitytesting
Rigorousandexact
Pentesting
Rigorousandexact
Software testing
Organizational Asset
Managementdesign
and implementation
SecurityContinuous
Managementdesign
and implementation
SecurityCompliance
Managementdesign
and implementation
Patch management
and security
hardening
engineering
Buildingvulnerability
assessmentprograms
Information
Assurance designand
implementation
Securitydaily
newslettersand
serviceswith
corporate branding
logo
SecurityIncident
Managementdesign
and implementation
Securityprogram
alignmentwithITIL
All facetsof security
training
Loggingarchitecture
design
CyberIncident
Response
CyberIncidentRoot
Cause Analyses
CyberIncident
Forensics
Connectivityto
governmentand
industryCyberThreat
Warningadvisories
3. proceduresdesign
and implementation
Securitybaselines
designand
implementation
PCI,NIST,SOX,FISM,
ISO27001, SANSTO
20 compliance
baselinesandplan,
build,deployand
operate services
RiskManagement
Frameworkdesign
and implementation
Cyberand physical
access control
Comprehensive
Control Framework
(NIST,SANS,ISO
27001)
InformationRisk
Architecture
Framework
SystemSecurity
Planning
Information
Assurance Program
MASTER SERVICE LIT
1. Cyber Intelligence Framework development
2. Predictive Intelligence analyses patterns
3. Big Data security management program
4. Virtual and Cloud Security Programs
5. Cyber Security as a Service (CSaaS)
6. Cyber Incident Response
7. Cyber Incident Root Cause Analyses
8. Cyber Incident Forensics
9. Secure software development
10. Rigorous and exact Vulnerability testing
11. Rigorous and exact Pen testing
12. Rigorous and exact Software testing
13. Connectivity to government and industry Cyber Threat Warning advisories
14. Cyber and physical access control
15. System Security Plans
16. Information Assurance Program
17. Risk Management Framework
18. Comprehensive Control Framework (NIST, SANS, ISO 27001)
4. 19. Information Risk Architecture Framework
20. ISMS 27001 plan, do, check and act cycle design and implementation
21. Security Architecture baseline, design, and road maps
22. Security Policy Management design and implementation
23. Corporate Security Management design and implementation
24. Personnel Security Management design and implementation
25. Organizational Asset Management design and implementation
26. Information Access Management design and implementation
27. Cryptography Policy Management design and implementation
28. Physical Security Management design and implementation
29. Operational Security Management design and implementation
30. Network Security Management design and implementation
31. System Security Management design and implementation
32. Supplier Relationship Management design and implementation
33. Security Incident Management design and implementation
34. Security Continuity Management design and implementation
35. Security Compliance Management design and implementation
36. Security policy, process, procedures, and standards design and implementation
37. Security program alignment with ITIL
38. Design and engineering documentation design and implementation
39. Secure Development process and procedures design and implementation
40. Security baselines design and implementation
41. PCI, NIST, SOX, FISM, ISO 27001, SANS TO 20 compliance baselines and plan, build,
deploy and operate services
42. Risk Management Framework design and implementation
43. Information Assurance design and implementation
44. Research and white papers
45. Security daily newsletters and services with corporate branding logo
46. Cyber Intelligence design and implementation
47. Rebuilding security programs. For example, changing from a SOC based operation to a
Cyber Intelligence Operations Center
48. All facets of security training
49. Logging architecture design
50. Patch management and security hardening engineering
51. Building vulnerability assessment programs
52. ISMS 27001 plan, do, check and act cycle design and implementation
INFOSECFORCE basis its development and implementation work on the plan, do,
check, act cycle.
The 2002 version of BS 7799-2 introduced the Plan-Do-Check-Act (PDCA) cycle (Deming cycle), aligning
it with quality standards such as ISO 9000. 27001:2005 applies this to all the processes in ISMS.
Plan (establishing the ISMS)
Establish the policy, the ISMS objectives, processes and procedures related to risk management
and the improvement of information security to provide results in line with the global policies and
objectives of the organization.
Do (implementing and workings of the ISMS)
5. Implement and exploit the ISMS policy, controls, processes and procedures.
Check (monitoring and review of the ISMS)
Assess and, if applicable, measure the performances of the processes against the policy,
objectives and practical experience and report results to management for review.
Act (update and improvement of the ISMS)
Undertake corrective and preventive actions, on the basis of the results of the ISMS internal audit
and management review, or other relevant information to continually improve the said system.