Management of cyber risk

HMS is extensively experienced in providing advisory services and solutions in the area of management of cyber risk. These services are provided by the company to a wide variety of financial and governmental bodies

As part of this activity, the following services are being provided:

  • Information Security arrays setting up and maintenance – guiding organizations through complying with requirements posed by laws, regulations and standards, such as those issued by the Insurance Supervisor, the Banks Supervisor (directions pertaining to Information Security and Cyber), ISO 27001/27799/27032, maintaining Information Security arrays in various organizations, Information Security Managers job-placements, carrying out process risk surveys and managing Information Security and cyber risk, carrying out internal checks, carrying out Information Security audits at the premises of external service providers, providing awareness workshops and holding talks for senior position holders.

 

  • Communication Infrastructures Security– carrying out risk surveys for communication infrastructures, secure architecture checks, resilience checks for external and internal infrastructures (Black/Gray Box testing); auditing security systems and communication infrastructures within the organizational network (White Box testing); drafting technological stance papers, Forensic and product testing; drafting acquisition process requirements and characterizations for Information Security and cyber products; carrying out investigation of events and analysis of implications; setting up SOC arrays; carrying out cloud environment characterization and testing; provision of ongoing guidance to infrastructure specialists within organizations.

 

  • App security– carrying out applicative infiltration checks, including on DT, Mobile and Web, etc.; providing guidance in the implementation of secure development processes; carrying out code security (Code Review); drafting characterization of requirement documents at app level; carrying out maintenance of app security arrays (acting as division manager on customers premises).

 

  • Employee awareness system– this system provides interactive responses for users in the area of Information Security risk, as well as awareness-level statistics and measures for the duration of the work year within the organization.   Additionally, this system provides an ongoing snapshot regarding vulnerabilities at the level of the users’ end-stations, the ability to take over work stations and numerous other added values for the organizations’ Information Security/IT department.

 

This activity gets carried out in collaboration with Triad Security, a company specializing in Information Security and cyber.

Font Resize