Security
 
Contact Us
Please contact sales at:
1 (860) 859-3564 (U.S.)
1 (617) 273-0102
services @ alawy [dot] com

Contact our office serving Egypt and the Middle East at:
services @ alawy [dot] com

Submit an inquiry online

 

Enterprise Security Consulting


Services Overview
Information Center

 
  Enterprise Compliance Assessments :: IT Security, Information Security Consulting Services
 

Enterprise Compliance Assessments

  
Achieve Compliance for Your Business
The Purpose Alawy identifies compliance gaps within the regulations governing your industry.
Many of our clients come from the financial sector—from banks to Wall Street brokerage houses. See how our experience can ensure your compliance with the Payment Card Industry (PCI) Data Security Standard used by Visa, Mastercard and other major card companies, and learn about the PCI requirements.
Value to You We help you prepare for and pass your audit. We assess policies and practices—not just systems. We tailor our recommendations to your business goals. Weigh benefits against costs.
How We Work Learn your goals and constraints. Determine where risk is highest. Identify applicable regulations and standards. Interview and review. Conduct hands on verification. Rank findings by your priorities. Provide cost benefit analyses.
Learn How Long a Compliance Assessment Takes
The Results We offer a strategy, not just an assessment.
We provide: Summaries for executives, thorough technical details for IT personnel. Recommendations ranked by effectiveness to your business and are standards based to give you confidence - vendor independent to give you freedom of choice. You come out smarter, not just compliant.
Why Alawy Our focus is consequences, not just risk. We have provided Enterprise Compliance Assessments for major international banks and brokerage houses in the U.S. Let our high-level experience help you stay competitive. See a list of our clients and project summaries.
Next Steps To talk with us about security and your business, call (860) 859-3564 (U.S.) or visit the Middle East. You can also submit your inquiry online.
Read about Alawy's Security Certification Program to find out how to reduce the number of separate security audits you have to go through each year.
Or, see the Security Consulting Services Overview.

 

The Purpose An enterprise compliance assessment discovers where your organization fails to adhere to the guidelines that govern your industry. If your organization is a publically traded company, you are required to certify that your electronic transactions and sensitive business information--whether conducted over the internet, stored on your local corporate intranet--are transacted, handled and stored on a secure IT infrastructure.

Our experienced recommendations can protect business operations, assets, and reputation.

We offer a variety of Assessments that can identify compliance gaps against U.S. and International regulations, and within specific industries, such as within the credit card and financial industries.

Industries Regulations
Public Companies Sarbanes-Oxley [U.S.]
Section 302 (Management Certification)
Section 404 requirements to control access to financial systems (Management Assessment of Internal Controls)
Section 409 (Real Time Disclosure)
Internet Merchants Payment Card Industry (PCI) Data Security Standard, incorporting:
VISA Cardholder Information Security Program (CISP), and;
MasterCard Site Data Protection (SDP) program
Financial Institutions Gramm-Leach-Bliley Act (GLBA)
Basel II
Federal Financial Institutions Examinations Council (FFIEC)
Energy and Utilities NERC CyberSecurity Standard and Remote Access Guidelines
International Personal Information Protection and Electronic Documents Act (PIPEDA)
EU Data Directive
UK Data Protection Act

 

Back to top

Value to You

Be in Compliance. Pass Your Audit.

Our assessment helps you to pass your Audit and incorporates policies and practices strategies for fostering a more aware information security environment among your employees and management - allowing you to safeguard technological assets throughout the business year, when it counts the most.

We’re careful to assess gaps in your policies and practices not just in your systems. Passing your audit is essential. But the solutions that enable you to achieve compliance also need to advance your business goals. They also need to fit your budget and the resources you have to implement them.

With that in mind, we analyze the information we collect to:

  • Help you define your compliance objectives
  • Identify the improvements you need to make to pass your audit
  • Recommend improvements that weigh benefits against cost
  • Tailor our recommendations to your business goals
  • Develop a strategy that evolves as regulations change

If your organization is a publically traded company, you are required to certify that your electronic transactions and sensitive business information--whether conducted over the internet, stored on your local corporate intranet--are transacted, handled and stored on a secure IT infrastructure. Your business processes in handling such information must also be authenticated. For example, do your employees handle, use, and discard/delete sensitive data securely? Is Information Security awareness engrained in your corporate culture?

View our "Policy, Practices & Personnel Services" section to learn how Alawy can help you to build Information Security into your company's culture. And, develop policies and standards to promote Information security.


Back to top


How We Work

  1. We learn your goals and constraints. We meet with key personnel to understand:
    • Your business goals
    • The money and staff members you can devote to fixing compliance problems
  2. We determine where compliance is needed. We meet with key members of your team to understand your security objective and the areas where you want us to focus our assessment.
  3. We identify essential regulations and standards. To clarify your security objectives, we identify the government regulations and industry standards that are essential in your industry.
  4. We scrutinize your security, hands on and in depth. To clarify your security objectives, we identify the government regulations and industry standards that are essential in your industry.
We focus on these key areas:
Disaster Recovery & Business Continuity Solutions

• Disaster preparedness & business resumption plans 		Incident Response and Forensics Services

• Incident management
Technical Security Assessments

• Technical security controls
• Physical and environmental controls
• Vulnerability management
• Virus protection
• Information classification and management		 Security Policy and Program Services

• Security policies and practices
• Risk management and governance
• Personnel security controls
• Security and privacy management
• Security awareness and training

 

  1. We rank our recommendations by effectiveness and cost. We rank our recommendations by how effectively they advance your business goals. We also rate each recommendation by its cost-effectiveness and by how easy it is to implement.
Back to top


How Long It Takes An assessment can take as little as a month if you’re a small company or if we’re evaluating a discrete program. It can take as long as six months to evaluate your entire organization.

Back to top


The Results A Strategy  
You get a strategy for improvement, not just a pass-or-fail audit. We identify what you need to do immediately and your targets for six months out. We map out a plan for one and two years out. We also help you track changes in your plan and assess its long-term effectiveness.

Tailored Communications
We tailor our recommendations to speak clearly and effectively to the people they affect: your CISO, your legal counsel, your auditors, and your Finance, HR, and IT departments. We provide executive summaries for decision makersand the specialized details that give your technical staff the information they need to fix the problems we uncover.

Tailored Recommendations Ranked by Cost and Effort
We know everyone has a limited security budget. We identify the compliance improvements that are best for your businessand rank our recommendations accordingly. We help you prioritize your spending: we do a cost-benefit analysis of each recommendation and identify which are easiest and least expensiveand will produce the most effective results.

Industry-Standard and Vendor-Independent Recommendations
Our recommendations are standards based to give you confidence that you're benefiting from the most up-to-date thinking in the industry. Our recommendations are also vendor independent to give you the freedom to implement the solution that suits you best.

You Come Out Smarter, not just Stronger
When were onsite performing services, we make a point of working with your staff to make sure they know everything we discover. We work to help them become a better security staffand to build better security awareness into your organizations culture.

Back to top

Why Alawy

Alawy has worked to secure the networks of Fortune 500 companies in the financial, energy, insurance, media and consumer goods sector in the United States. A significant amount of this experience has been within the financial services and banking sectors—assessing infrastructure security and architecting and deploying secure solutions. We participate in the FBI's InfraGard as advisers in threat and security matters.

 

Our Security Consultants are Software Engineers trained in Information Security. They understand systems architecture. They see the whole picture. We’re not a software company limited to our own line of products. We provide our clients with the solution that best fits their business and budget needs. We do not cater to a "one size fits all" approach. Our focus is on protecting the sensitive information you are trusted to safeguard -- information belonging to your business and your clients -- from malicious theft or careless mishandling.

 

Our clients in the Middle East and North Africa benefit from the services and products offered by our Cairo, Egypt office.
From Cairo, we serve the particular IT Security needs of corporations and institutions in the Arabian Gulf, North Africa and the Levant.

Read about our IT Security Consulting services for the Middle East.

Security isn't just about security; it's about your business. We focus on providing solutions tailored to your corporate goals and the real threats you face. Read about Our Approach - the foundation for all our work.

Focus on your business:

  • We help you stay competitive. We use our knowledge and experience to benchmark your risk against your industry.
  • We value actions by their consequences. Our focus is consequences, not just risk.
  • We focus on our relationship with our customers. Our goal is to be your trusted security advisor.
  • We provide recommendations that are vendor independent to give you the freedom to implement the solution that suits you best.
  • We help you stay competitive. Our business is security, not just consulting.
Focus on our experience:
  • We have a wide variety of clients in a broad range of industries. That exposes us to the need for many different architectures, designs, and solutions.
  • Our consultants are IT security professionals who’ve worked with Fortune 500 companies or in the financial, energy, insurance, media and consumer goods industries.
  • Our team of consultants is made up of Certified Information System Security Professionals (CISSPs).

 

Back to top
Home