We provide a wide spectrum of professional IT Security services including the following:

Planning stage

  • IT Security infrastructure design and planning
    • Reviews on the network infrastructure from network, system and operation viewpoints according to the organization business requirements
    • recommend the best solution based on the latest technology available , vulnerabilities trend and business requirements.
  • Cloud Security and Consultancy Services
    • Cloud Adoption Consultancy Studies (e.g. Cloud Readiness Studies, Design, Service Model Analysis and Planning)
    • Secure Cloud Design Advisory Services
    • Cloud Risk Audit Program Development
  • Mobile Strategy Studies
    • Mobile Computing Strategy & Policy Development
    • Mobile Infrastructure Design & Planning Service
    • Mobile Device Management Studies (e.g. BYOD Readiness Studies, Design and Planning)
  • IT Security professionals training
    • Our trainings provide up-to-date IT Security knowledge to end-user and technical staff.

Review stage

  • IT Security Assessment
    • Perform periodic review and assessment for clients
    • Provide pre-launch IT security risk assessment services before new systems implementation
    • Assist clients in identifying current vulnerabilities, threats and prioritizes remediation activities to mitigate technical risks according to business impacts and requirements
  • IT Security Audit and IT Audit Support Services
    • Provide periodic effectiveness and efficiency review of IT systems through IT Audit
    • Perform General IT Audit and Application IT Audit to support financial audit and due diligence review
    • Conduct IT security audit review of IT systems through industry best practices (e.g. ISO 27001, COBIT, PCI-DSS, HKSAR Government S17, G3)
  • Cloud Security Assessment Services
    • Perform Cloud Risk Security Assessment for Cloud User or Cloud Service Provider according to Cloud Security Alliance Cloud Control Matrix or other tailor-made Cloud Audit program
    • Launch Cloud Application Vulnerability using system or web application testing depending the Cloud Service Model
  • Compliance Audit Review
    • Perform IT Compliance Audit to IT systems (e.g. banking application, stock trading system)
    • Conduct Compliance Review on critical IT systems (e.g. HKMA Cyber-Resilience Assessment Framework, SFC Code of Conduct review, etc)
  • Penetration Test and Simulated Attack
    • Conduct system, network and application penetration test using Black/Gray Box hacking method
    • Launch Non-intrusive penetration methods to application based on industry best practices (e.g. OSSTMM, OWASP, etc)
    • Perform Simulated Attack / Red Teaming
  • Privacy Impact Assessment Review
    • Conduct Privacy Impact Assessment Review according to the Personal Data Privacy Ordinance review
    • Perform Privacy Compliance Review based on corporate privacy policy and sensitive data requirement
  • Mobile Application Review
    • Conduct Secure Design Review of Mobile Application
    • Perform Non-intrusive pre-launch mobile penetration to mobile application based on industry best practices (e.g. OSSTMM, OWASP, etc)
    • Conduct Secure Code Review of mobile application

Implement stage

  • System Hardening
    • Review and develop System or Application Hardening Guide for client applications based on industry best practices (e.g. SANS 20 CSC, CIS Critical Security Controls, CIS Security Benchmarks)
    • Evaluate and revise security hardening requirement for client to fit into the patch and hardening configuration guide
    • Develop security hardening scripts for client according to the hardening configuration guide
  • Policy revision
    • Review and update IT Security policies and procedures according to industry best practices
    • Develop security checklists and user level security policies practices guide for client
    • Assist clients in
      • reviewing, revising and refining existing IT security policies
      • procedures against business requirement, international best
  • Security solution implementation, integration and customization services
    • Assist clients to implement and configure specific security solutions, such as
    • Smart Card Infrastructure design and implementation
    • IT Security Incident Management solution implementation
    • Authentication and Identity Management solution implementation
    • Single sign-on solution implementation
    • eWalker product suites(installation and configuration)

Monitor

  • Security Incident handling services
    • Develop Security Incident Handling and Response Procedures for client
    • Assist client to perform Security Incident Handling and Response after security attack
    • Provide Post-Security attack security incident response containment and incident management
  • Digital Forensics Investigation services
    • Perform Post-incident Digital Forensics Investigation Services to determine and identify the cause of incident, time and propose the rectification recommendations
    • Contain and Acquire Digital Evidence for forensics investigation or court litigation purpose based on the FORZA framework
    • Provide Forensics and Investigation Support Services for Court Litigation cases
  • Security Monitoring Advisory Services
    • Lead the SIEM readiness gap anaysis
    • Advise client on SIEM and detection, monitoring and threat intelligence infrastructure establishment
    • Perform SIEM infrastructure testing through eWalker Tai-Chi methodology
    • Review and enhance your SIEM rules based on latest Cyber Threat Intelligence

Qualified Security Assessor (QSA)

    • Identify and address potential security vulnerabilities.
    • Conduct comprehensive security assessments aligned with PCI DSS requirements.
    • Implement effective remediation strategies.
    • Perform cybersecurity gap analyses focused on payment card data.
    • Maintain ongoing compliance to avoid penalties or legal consequences.