Title:

INFOSECFORCE llc Cyber SECURITY SERVICES

804-855-4988

bill.ross@infosecforce.com

“ Balancing security controls to business requirements “

15 Sept 2008

INFOSECFORCE

Bill Ross and INFOSECFORCE llc Security Service Offering

Here is a list of security services that INFOSECFORCE llc can plan, build,

implement and manage for any corporation or any organization no matter its size and business type.

Predict Prevent Detect Respond

Research and white papers

Cyber Intelligence design and implementation

Rebuilding security programs. For example, changing from a SOC based operation to a Cyber Intelligence Operations Center

Cyber Intelligence Framework development

Predictive Intelligence analyses patterns

Big Data security management program

Virtual and Cloud Security Programs

Cyber Security as a Service (CSaaS)

Security Policy Management design and implementation

Security Architecture baseline, design, and road maps

Secure Software Development

Corporate Security Management design and implementation

Personnel Security Management design and implementation

Information Access Management design and implementation

Cryptography Policy Management design and implementation Physical Security

Organizational Asset Management design and implementation

Management design and implementation Supplier Relationship

Management design and implementation

Security policy, process, procedures, and standards design and implementation

Design and engineering documentation design and implementation

Secure Development process and

Operational Security Management design and implementation

Network Security Management design and implementation

System Security Management design and implementation

Rigorous and exact Vulnerability testing

Rigorous and exact Pen testing

Rigorous and exact Software testing

Organizational Asset Management design and implementation

Security Continuous Management design and implementation

Security Compliance Management design and implementation

Patch management and security hardening engineering

Building vulnerability assessment programs

Information Assurance design and implementation Security daily newsletters and services with corporate branding logo

Security Incident Management design and implementation

Security program alignment with ITIL

All facets of security training

Logging architecture design

Cyber Incident Response

Cyber Incident Root Cause Analyses

Cyber Incident Forensics

Connectivity to government and industry Cyber Threat Warning advisories

procedures design and implementation

Security baselines design and implementation

PCI, NIST, SOX, FISM, ISO 27001, SANS TO 20 compliance baselines and plan, build, deploy and operate services

Risk Management Framework design and implementation

Cyber and physical access control

Comprehensive Control Framework (NIST, SANS, ISO 27001)

Information Risk Architecture Framework

System Security Planning

Information Assurance Program

MASTER SERVICE LIT 1. Cyber Intelligence Framework development 2. Predictive Intelligence analyses patterns 3. Big Data security management program 4. Virtual and Cloud Security Programs 5. Cyber Security as a Service (CSaaS) 6. Cyber Incident Response 7. Cyber Incident Root Cause Analyses 8. Cyber Incident Forensics 9. Secure software development 10. Rigorous and exact Vulnerability testing 11. Rigorous and exact Pen testing 12. Rigorous and exact Software testing 13. Connectivity to government and industry Cyber Threat Warning advisories 14. Cyber and physical access control 15. System Security Plans 16. Information Assurance Program 17. Risk Management Framework 18. Comprehensive Control Framework (NIST, SANS, ISO 27001)

19. Information Risk Architecture Framework 20. ISMS 27001 plan, do, check and act cycle design and implementation 21. Security Architecture baseline, design, and road maps 22. Security Policy Management design and implementation 23. Corporate Security Management design and implementation 24. Personnel Security Management design and implementation 25. Organizational Asset Management design and implementation 26. Information Access Management design and implementation 27. Cryptography Policy Management design and implementation 28. Physical Security Management design and implementation 29. Operational Security Management design and implementation 30. Network Security Management design and implementation 31. System Security Management design and implementation 32. Supplier Relationship Management design and implementation 33. Security Incident Management design and implementation 34. Security Continuity Management design and implementation 35. Security Compliance Management design and implementation 36. Security policy, process, procedures, and standards design and implementation 37. Security program alignment with ITIL 38. Design and engineering documentation design and implementation 39. Secure Development process and procedures design and implementation 40. Security baselines design and implementation 41. PCI, NIST, SOX, FISM, ISO 27001, SANS TO 20 compliance baselines and plan, build,

deploy and operate services 42. Risk Management Framework design and implementation 43. Information Assurance design and implementation 44. Research and white papers 45. Security daily newsletters and services with corporate branding logo 46. Cyber Intelligence design and implementation 47. Rebuilding security programs. For example, changing from a SOC based operation to a

Cyber Intelligence Operations Center 48. All facets of security training 49. Logging architecture design 50. Patch management and security hardening engineering 51. Building vulnerability assessment programs 52. ISMS 27001 plan, do, check and act cycle design and implementation

INFOSECFORCE basis its development and implementation work on the plan, do,

check, act cycle.

The 2002 version of BS 7799-2 introduced the Plan-Do-Check-Act (PDCA) cycle (Deming cycle), aligning it with quality standards such as ISO 9000. 27001:2005 applies this to all the processes in ISMS.

Plan (establishing the ISMS)

Establish the policy, the ISMS objectives, processes and procedures related to risk management and the improvement of information security to provide results in line with the global policies and objectives of the organization.

Do (implementing and workings of the ISMS)

Implement and exploit the ISMS policy, controls, processes and procedures. Check (monitoring and review of the ISMS)

Assess and, if applicable, measure the performances of the processes against the policy, objectives and practical experience and report results to management for review.

Act (update and improvement of the ISMS)

Undertake corrective and preventive actions, on the basis of the results of the ISMS internal audit and management review, or other relevant information to continually improve the said system.