Company| Course Calendar| Services| News| Security Alerts| Enrollment| Contact Us

IT and InfoSec Governance Services


Enterprises are inevitably increasing dependent on information and the related systems to make quality decisions, and that an efficient and effective information infrastructure is critical to business survival and success in the knowledge-based economy.

Nowadays, security and control risks are continually changing and can easily outpace the learning curve of even the best CIO, CISO and CAE. Failures in information systems not just adversely affect the reputation and existence of the business entity, the management may also violate relevant regulatory requirements and even incur legal liabilities.

Capitalize on 50 years of aggregated security and IT auditing experiences in banking, insurance, securities, government, and hi-tech manufacturing sectors, i-TotalSecurity offers a full-spectrum consultancy services on the governance of IT and information security, so as to help enterprises discharge their fiduciary, regulatory or even legal responsibilities on IT control and security.

Our 360-degree IT and information security governance consultancy includes:

ISO 27001 Certification Consultancy
ISO 27001 is the International Standard for Information Security Management. It specifies the requirements of an Information Security Management System (ISMS) and provides a comprehensive set of 133 security controls. Implementing a world-class ISMS in the organization and get it certified are definitely a competitive advantage.

Based on our successful implementation experiences, i-TotalSecurity provides the ISO 27001 Certification Consultancy service to ensure a smooth development, implementation, and certification of ISO 27001 in your organization. This service covers all stages of an ISO 27001 project starting from project planning, ISMS scoping, risk assessment, policies & procedures development, control selection & implementation, pre-certification auditing until successful accreditation.
ISO 20000 Certification Consultancy
ISO 20000 defines the requirements of an IT Service Management to enable the effective management and implementation of all IT services in any organization. The internation standard also specifies specifies a number of closely related service management processes, namely service delivery, release, control, resolution, and relationship processes, that can be implemented as part of the ITSMS. In the world of hyper competition, implementing and certifying a world-class ITSMS in the organization are definitively a competitive advantage.

Based on our previous successful cases, i-TotalSecurity provides the ISO 20000 Certification Consultancy service to ensure a smooth development, implementation, and certification of ISO 20000 in your organization. This service covers all stages of an ISO 20000 project starting from project planning, scoping and training, policies & procedures development, ITSM systems development & implementation, service quality improvements, continuous monitoring, pre-certification auditing until successful accreditation.
PCI DSS Implementation and Compliance Consultancy
Administered by the PCI Security Standards Council, Payment Card Industry Data Security Standard (PCI DSS) specifies 12 requirements to be adopted and implemented by merchants and service providers that store, process and/or transmit cardholder data.

To ease your difficulties in understanding and fullfiling the compliance requirements, i-TotalSecurity provides this PCI DSS implementation and compliace consultancy services, combining our previous successful experiences on implementing security controls that protect sensitive customer and business information.

In this service, i-TotalSecurity will identify all stakeholders to the PCI DSS compliance, deliver PCI DSS awareness training, understanding the flows of cardholder data within and between organizations, determine the cardholder data environment, conduct a gap analysis and penetration test, implement the cost-effective security controls, institute behavior changes, establish compensation control, and conduct internal audits until complete compliance.
Penetration Testing
By using the latest tools and techniques available from the hacker community, i-TotalSecurity simulates controlled physical or logical attacks and provides a snapshot of an organization's security posture.

Through a 4-phase testing process: passive reconnaissance, active scanning, controlled penetration, and controlled vulnerability exploitation, i-Total Security validates the effectiveness of security safeguards and controls currently in place, demonstrates the existing risks to an organization's wired & wireless networks, Windows, Linux, AIX, and IOS systems, intranet, Web and mobile applications, and provides detailed remediation steps that can be taken to prevent future exploitation.
IT Governance Audit
Ride on our vast experiences on IT auditing, i-TotalSecurity evaluates the controls of IT functions at organizational, managerial, planning, and operational levels, benchmarks it against the international IT governance standard COBIT (Control Objectives for Information Related Technology from the IT Governance Institute), and recommends improvement initiatives, so as to help ensure the efficiency and effectiveness IT functions.
Security Architecture Design & Implementation
Proper installation and implementation of your firewalls, intrusion detection / prevention system, antivirus, antispams, and other security measures are the keys to protect your organization's assets from security threats. While there are many products that can help, they can only be effective when they are part of a carefully planned process.

Our Security Architecture Design & Implementation Service offers you our experiences to assess your proposed wired and wireless network, Internet and intranet architectures for potential security threats and vulnerabilities.
Security Policy Development & Deployment
Security policies not only demonstrate enterprise management's commitment toward information security, but also lay down the framework for subsequent security enforcement. Our specialists can analyze your security requirements, and establish effective policies, standards and management architecture principles to guide your organizational security decisions.

Besides, we help implement your policies and standards by defining formal security processes and designing specific secure solutions / configurations on firewall, intrusion detection/ prevention system, operating system, and application system levels.
End-to-End Security Risk Assessment and Auditing
With ever-changing intrusion techniques and business & regulatory requirements, your systems may be operating under a false sense of security if the security status is not evaluated regularly.

i-TotalSecurity conducts ultimate security risk asessments and audits that examine all the critical components that setting up the perimeter security, the internal network security, the operating systems security, application security, and the operational controls. Above all, we also review the overall security management policies and practices.
Security Incident Response & Forensic Investigations
In the event of suspected security incidents, having a competent and knowledgeable incident handler and investigator enables timely and precise protection, gathering and analysis of critical evidences, as well as determination of the who, what, where, when, why and how surrounding the incidents. The specialists in i-TotalSecurity can provide the necessary support to help your organization to survive the hard times and increase the chance to successfully identifying and prosecuting the offender.
Security Awareness & Competency Training
People are the heart of effective security deployment and no enterprise can implement its security processes and systems without training its people. i-Total Security offers both personal tutorial for senior executives (i.e CEO, CFO, CIO, CISO, CAE, COO), onsite seminars and public classes on the subject ranging from IT governance, information security governance, network security, operating systems/application software security, to hands-on firewall, intrusion detection / prevention system, ethical hacking and digital forensics training.
Call +852 2965.4445 or e-mail to discuss how we can help to improve your IT & infoSec governance.