Enterprises are inevitably increasing dependent on information and the related systems to
make quality decisions, and that an efficient and effective information infrastructure is
critical to business survival and success in the knowledge-based economy.
Nowadays, security and control risks are continually changing and can easily outpace the
learning curve of even the best CIO, CISO and CAE. Failures in information systems not
just adversely affect the reputation and existence of the business entity, the management
may also violate relevant regulatory requirements and even incur legal liabilities.
Capitalize on 50 years of aggregated security and IT auditing experiences in banking,
insurance, securities, government, and hi-tech manufacturing sectors, i-TotalSecurity offers
a full-spectrum consultancy services on the governance of IT and information security, so as
to help enterprises discharge their fiduciary, regulatory or even legal responsibilities on
IT control and security.
Our 360-degree IT and information security governance consultancy includes:
ISO 27001 Certification Consultancy
ISO 27001 is the International Standard for Information Security Management. It specifies the requirements of an Information Security Management System (ISMS) and
provides a comprehensive set of 133 security controls. Implementing a world-class ISMS in the organization and get it certified are definitely a competitive advantage.
Based on our successful implementation experiences, i-TotalSecurity provides the ISO 27001 Certification Consultancy service to ensure a smooth development,
implementation, and certification of ISO 27001 in your organization. This service covers all stages of an ISO 27001 project starting from project
planning, ISMS scoping, risk assessment, policies & procedures development, control selection & implementation, pre-certification auditing until
ISO 20000 Certification Consultancy
ISO 20000 defines the requirements of an IT Service Management to enable the effective management and implementation of all IT services in any organization.
The internation standard also specifies specifies a number of closely related service management processes, namely service delivery, release, control, resolution, and relationship
processes, that can be implemented as part of the ITSMS. In the world of hyper competition, implementing and certifying a world-class ITSMS in the organization are definitively a competitive advantage.
Based on our previous successful cases, i-TotalSecurity provides the ISO 20000 Certification Consultancy service to ensure a smooth development,
implementation, and certification of ISO 20000 in your organization. This service covers all stages of an ISO 20000 project starting from project
planning, scoping and training, policies & procedures development, ITSM systems development & implementation, service quality improvements, continuous monitoring, pre-certification auditing until
PCI DSS Implementation and Compliance Consultancy
Administered by the PCI Security Standards Council, Payment Card Industry Data Security Standard (PCI DSS) specifies 12 requirements to be adopted and implemented by merchants
and service providers that store, process and/or transmit cardholder data.
To ease your difficulties in understanding and fullfiling the compliance requirements, i-TotalSecurity provides this PCI DSS implementation and compliace consultancy services,
combining our previous successful experiences on implementing security controls that protect sensitive customer and business information.
In this service, i-TotalSecurity will identify all stakeholders to the PCI DSS compliance, deliver PCI DSS awareness training, understanding the flows of cardholder data within and between
organizations, determine the cardholder data environment, conduct a gap analysis and penetration test, implement the cost-effective security controls, institute behavior changes, establish compensation control, and
conduct internal audits until complete compliance.
By using the latest tools and techniques available from the hacker community, i-TotalSecurity
simulates controlled physical or logical attacks and provides a snapshot of an organization's
Through a 4-phase testing process: passive reconnaissance, active scanning, controlled penetration,
and controlled vulnerability exploitation, i-Total Security validates the effectiveness of
security safeguards and controls currently in place, demonstrates the existing risks to an
organization's wired & wireless networks, Windows, Linux, AIX, and IOS systems, intranet, Web and mobile applications, and provides detailed remediation steps that can be
taken to prevent future exploitation.
IT Governance Audit
Ride on our vast experiences on IT auditing, i-TotalSecurity evaluates the controls of IT
functions at organizational, managerial, planning, and operational levels, benchmarks it
against the international IT governance standard COBIT (Control Objectives for Information
Related Technology from the IT Governance Institute), and recommends improvement initiatives,
so as to help ensure the efficiency and effectiveness IT functions.
Security Architecture Design & Implementation
Proper installation and implementation of your firewalls, intrusion detection / prevention
system, antivirus, antispams, and other security measures are the keys to protect your organization's assets from
security threats. While there are many products that can help, they can only be effective
when they are part of a carefully planned process.
Our Security Architecture Design &
Implementation Service offers you our experiences to assess your proposed wired and wireless network,
Internet and intranet architectures for potential security threats and vulnerabilities.
Security Policy Development & Deployment
Security policies not only demonstrate enterprise management's commitment toward information
security, but also lay down the framework for subsequent security enforcement. Our specialists
can analyze your security requirements, and establish effective policies, standards and
management architecture principles to guide your organizational security decisions.
we help implement your policies and standards by defining formal security processes and
designing specific secure solutions / configurations on firewall, intrusion detection/
prevention system, operating system, and application system levels.
End-to-End Security Risk Assessment and Auditing
With ever-changing intrusion techniques and business & regulatory requirements, your systems
may be operating under a false sense of security if the security status is not evaluated
i-TotalSecurity conducts ultimate security risk asessments and audits that examine all the critical
components that setting up the perimeter security, the internal network security, the operating
systems security, application security, and the operational controls. Above all, we also
review the overall security management policies and practices.
Security Incident Response & Forensic Investigations
In the event of suspected security incidents, having a competent and knowledgeable incident
handler and investigator enables timely and precise protection, gathering and analysis of
critical evidences, as well as determination of the who, what, where, when, why and how
surrounding the incidents. The specialists in i-TotalSecurity can provide the necessary support
to help your organization to survive the hard times and increase the chance to successfully
identifying and prosecuting the offender.
Security Awareness & Competency Training
People are the heart of effective security deployment and no enterprise can implement its
security processes and systems without training its people. i-Total Security offers both
personal tutorial for senior executives (i.e CEO, CFO, CIO, CISO, CAE, COO), onsite seminars and public
classes on the subject ranging from IT governance, information security governance, network security,
operating systems/application software security, to hands-on firewall, intrusion detection / prevention system,
ethical hacking and digital forensics training.
Call +852 2965.4445 or e-mail info@i-TotalSecurity.net
to discuss how we can help to improve your IT & infoSec governance.