G51 SECURITY RISK ASSESSMENT & AUDIT GUIDELINES is a set of guidelines published by the office of the government Chief Information Officer. It acts as a supplementary document to IT Security Guidelines to give an introduction to a generic reference model for IT security risk assessment and security audit.

Complying with G51 not only results in higher information security level, better management, gains better trust from customers but also has greater advantage in bidding for government tenders.

The guideline includes the following areas:

• Overview of IT Security Management
• Security Risk Assessment
• Security Audit
• Services Prerequisites and Common Activities
• Security Risk Assessment and Audit Follow-up

To avoid external attack, it is important to understand the deficiencies of the IT environment through penetration test and take further actions as to improve the security controls. The objective of a penetration test is to simulate a hacker's activities against a target to exploit the vulnerabilities with manual intrusion to obtain desired information assets from the target. Ringus provides penetration testing service conducted certified professional in the following aspects:

• Network Penetration Test
• Web / Mobile Application Penetration Test

Phishing email simulation to identify and understand how employees react against fraudulent email which is trying to gain personal information or unauthorized access.

IT architecture is a key component acting as a backbone of an organization in supporting business goals and objectives. Ringus provides an in-depth understanding of the IT infrastructure from a technical perspective to identify any architecture deficiencies.

Our experienced technical specialist will provide professional advisory and objective judgments in evaluating the organization IT architecture, also to provide practical recommendation in resolving identified issues.

Application vulnerabilities usually can be prevented through the source code review as most of the security flaws are derived by poor coding and design. Commonly found vulnerabilities such as buffer overflows, SQL Injection Flaws can be identified through the source code analysis. Ringus provides static code review service with manual validation to identify source code flaws.

Ringus assists organization to structuralize IT operations through IT framework and governance establishment in order to improve IT management and operation effectiveness.

Policy and procedure is an IT standard practice and Ringus see it as an important element in IT Management. Ringus has great experience in establishing professional policies and procedures documents. Our writers are certified ISO auditors and will provide you an easiest way to establish full and customized documents, targeting to cover your company in every IT related aspect.

Ringus understands the importance of how forensic technology contributes to the IT environment of your business. We believe IT forensic investigation is a reverse engineering of any hackers's trace and Ringus provides analytical techniques and advisory to avoid incidents to repeat, hence, to continue and enhance overall security standard.
 
 Network Investigation

• Monitor for anomalous traffic
• Identify intrusions
• Analyze captured network traffic
• Discover source of security attacks or other problem incidents

Data Recovery

• Obtain forensic images from file systems and data storage devices.
• Software-level solutions on corrupt partitions and file systems.
• Recover lost, deleted, and formatted data.

Ringus's unique IT Security Consultation Program take cares an organization from different perspectives. Our consultation service offers a side by side working schedule with the organization? IT team by weekly progress meetings, monthly reports, technical advisory and quarterly mini-audits.
  

• IT Department and Technical Operation
• Management and Business Operation

Most common cyber security attacks can be avoided by enhancing awareness and structuralized security controls. To enhance end user's security awareness, Ringus provides a variety of training and education program to promote the importance of information security. Our team consists of technical and security specialists, providing customized trainings for our clients.
  

• Information Security Awareness Training Program
• IT Governance and ISO Framework Implementation Program
• Personal Data Handling and Application Implementation Program

Monitoring and alerting is a key process in handling cyber security. In order to respond to any incident early before things getting out of hand, Ringus designs and sets up a centralized and automated monitoring system for our clients. Our work includes monitoring designs, coverage, fine-tuning thresholds and defining support tier escalations, all into one system.
 

• System and Network Healthiness Monitoring.
• Customization on Thresholds and Sensors Configuration
• Support Tier and Escalation Setup.
• Mobile Push Notification and Real Time Status Tracking.