There is nothing to show here!
Slider with alias service-slider-1 not found.

ISMS Design and Review

Security of Information Systems was an afterthought not so long ago. The applications and systems team would decide on all the details with the business unit and then hand it over to security for their comments. Many a time, compromises on security would have to be made to allow functionality ; or because, financial commitments had already been made in infrastructure before consulting the security department first.

This resulted in unoptimised architectures and ad-hoc implementations. This may result in overlapping and redundant security components – or serious gaps in critical controls.

We can help your organisation to review your ISMS design in accordance with best practices and international standards. We can review, tailor and realign your information security to be consistent with international standards, frameworks and guides such as:

  • ISO 27002:2013
  • NIST – Cyber Security Framework
  • NCSC – Cyber Assessment Framework 3.0
  • CSC Critical Security Controls
  • CSA – Cloud Controls Matrix

A typical assessment covers more than 25 areas including:

  • Services and Applications
  • Data Centres / Locations
  • System Infrastructure
  • Network Infrastructure
  • Wireless Infrastructure
  • Virtualisation Infrastructure
  • Storage and Backup Infrastructure
  • Printers and Peripherals
  • Communication Lines
  • Access Control and CCTV
  • Audio/Video Infrastructure
  • Security Infrastructure


Survey & Data Gathering

Consultants will examine all the components in the IT infrastructure and acquire data by:
* Physical survey of data centres
* Interviews with IT staff
* Inspection of systems, configuration data, etc.


All the details collected will be collated and documented. Work products in this phase include:
– Documentation of servers, networks, applications, services, etc.
– Topology and connectivity diagrams
– Server and equipment lists.


The Mapped architecture and controls will be assessed against (any of the) following frameworks, standards and guides:
* ISO 27002:2013
* NIST Cyber Security Framework
* Other standards/frameworks available (Dubai ISR, NESA, HIPAA, etc.)


Summary and detailed reports will be compiled that will show the present state of security in the organisation.


Based on the assessment and business requirements, recommendations will be made, which:
– Highlight areas which require immediate action
– Configuration changes or upgrades to systems
– Implementation of controls hitherto not implemented


The assessment will culminate in:
* Presentation of findings
* Discussion of recommendations
* Workshop with tech and admin teams

Why We Are Different

Experienced Team

 Our consultants have hands-on experience in IT-operations having designed, implemented and managed sizeable and complex IT infrastructures.

Standards Based

Our assessments are based on international standards and frameworks and controls are evaluated according to industry best-practices.

Bespoke Assessments

Every single assessment that we undertake is bespoke. We consider factors such as organisational culture and issues, constraints specific to each infrastructure.

Actionable Reports

Instead of reams of paper that nobody reads, our recommendations are detailed and specific statements, which include implementation roadmaps.


Sample Deliverables

Assessment Report

Summary and detailed reports on the state of security pointing out adequacy of controls implemented.

Gap Analysis Report

Gap analysis against established standards such as ISO27001, PCI etc.

System Documentation

Asset inventory: servers, storage, backup, network equipment, cloud assets.

Diagrams & Infographics

Network connectivity and topology diagrams, traffic flow diagrams, etc.

Call us today for a Quote!