TeamInfoSec UAE
Service Overview

TeamInfoSec Background – About Us
TeamInfoSec was founded in 2003 by Paul C Dwyer CISSP, CISM and ISO 27001 Lead Auditor. The firm provides professional information security
consultancy. Paul is an Internationally recognised Information Security expert with over 18 years experience.
Credentials include:
CISSP
CISM
ISO 27001 Lead Auditor
BSI BS25999 Consultant
IEEE
Member of the Computer Society
Member of the Business Continuity Institute
Member of the Computer Security Institute
3Com Certified Partner
ENCASE Trained Forensic Specialist
Member of the High Tech Crime Network
Microsoft Certified Engineer
Novell Certified Engineer
Certified Ethical Hacker
National Crime Faculty preferred supplier
Qualys Certified Specialist
Association of Information Managers
BSI Associate Consultants
3

TeamInfoSec Clients – Who We Work With?
4

Key Services
5

What is ISO 27001?
6

27001 – Why You Need It?
March 2009:
His Highness Shaikh Mohammad Bin Rashid Al Maktoum, Vice-President and Prime
Minister of the UAE, has issued, in his capacity as Ruler of Dubai, law no 7 of 2009
establishing the Dubai e-government.
The new entity will devise the general strategy of the e-government, provide
leadership, guide and supervision of the migration process into the e-module at
governmental levels, and design framework, policies and benchmarks for IT
management and security.
Mandate of the e-government also includes delivery of e-services and management of
knowledge and human capital at bar with international best practices.
ISO 27001 – Guarantees Compliance With the Above
7

Flagship Services - ISMS
ISO 27001 Gap Analysis
27Kaudit
ISO 27001 Implementation
aim27001
ISO 27001 Certification
(optional)
8

Flagship Service – 27Kaudit
9

27Kaudit – Our Approach
Scoping
Planning
Fieldwork
Analysis
Report
10

27Kaudit – Sample Chart
11

27Kaudit – By Domain
12

Human Resources Security
Security aspects for employees joining, moving and leaving an organisation

Human Resources Security
 T&C’s are signed by employees
 Little to no organisational assets are given to staff (laptops/phones)
 Verification checks need to be ensured (via agencies)
 Disciplinary process not documented (due to small nature of company)
 Information Security Awareness Training currently not provided
 Termination of employees procedure needs to be documented
 Removal of access rights needs to be documented
Sample of summary findings
Supported by full executive and comprehensive report

27Kaudit
From a holistic perspective, based on an International standard and framework.
How secure are you?
What are your high risks?
What are the quick wins?
Where are the gaps in security?
What do you need to do?
What are the next steps?
15

27Kaudit
16

AIM 27001 – All Inclusive Mentoring
17

Aim27001 – The Process
18

Aim27001 – Documentation Levels
19

Sample Doc Levels

PDCA Lifecycle
21

TeamInfoSec Advantage?
 Only Associate Consultants of BSI in the UAE region
 Proven Track Records and Success
 Proprietary Tools (27Kaudit software)
 Independence (No software sales / No hidden agenda)
 Large Project Collateral (InfoSecToolkit)
 Experience (100% success in certifying organisations)
 Fixed Price Projects
 Guaranteed Results
 Minimum Risk to Clients
 Highly Qualified and Experienced Team
 Ability to Assign Resources at Short Notice
22

Next Steps
Next Steps –
How Can Help You?
23