Key Service Area 13 /
Security Posture
Assessment (SPA)
Scope Of Works
SPA forms a critical component of the ICT and Telecommunication systems implementation, ensuring that all deployed systems and applications are resilient, compliant, and safeguarded against evolving threats.
In general, our scope of works for SPA construction/implementation phase covers the following:
01.
Identification of vulnerabilities and weaknesses within the ICT infrastructure and application environment, and to provide actionable recommendations to strengthen the overall security posture. This ensures alignment with government security mandates and international best practices.
02.
Compliance with Security Standards
- Garis Panduan Penilaian Tahap Keselamatan Rangkaian dan Sistem ICT Sektor Awam (Surat Pekeliling Am Bil. 3 Tahun 2009),
- MyMIS (Malaysian Public Sector ICT Management Security Handbook),
- ISO/IEC 27001 Information Security Management System (ISMS), and
- Other latest relevant security practices and codes.
Some of the key activities that we carry out for SPA are summarized as follows:
- Penetration Testing (internal and external)
- Stress/Load Testing
- Network Security Assessment (NSA)
- Wireless Security Assessment (WSA)
- Application Security Assessment (ASA)
- Host Security Assessment (HAS)
- Database Security Assessment (DSA)
- Physical Security Review Assessment (including server, TCR, and related ICT spaces)
- ICT Security Policy Review (inclusive of CCTV and monitoring networks)
Key Deliverables
Our common key deliverables, among others, include but not limited to the following:
SPA Strategy and Implementation Plan
Pre-Assessment Documentation
Assessment Process and Activity Documentation
Post-Assessment and Solution Proposal Report
Final Findings Report and Recommendations