Resilience GRC Services | Resilience

Resilience GRC Services

GRC Services

Cybersecurity Strategy & Roadmap

Cybersecurity Operating Model

Cybersecurity Frameworks, Policies, Processes, Procedures, Standards, Guidelines & MBSS

Cybersecurity Awareness Programs

Cybersecurity Compliance Assessment

Cybersecurity Compliance Assurance Service

ISO 27001 Certification

Cybersecurity Risk Management Framework

Cybersecurity Third-party Risk Framework

Cybersecurity Risk Assessments

Cybersecurity Risk Assurance Service

This service helps organizations develop and implement a robust cybersecurity strategy aligned with business goals.

This service includes:

Strategic Context: Analyze internal and external factors influencing cybersecurity.

Strategic Intent: Define the cybersecurity vision, mission, and goals.

Strategic Intent: Define the cybersecurity vision, mission, and goals.

Define Capability Maturity Model: Define the capability maturity model needed to achieve cybersecurity objectives.

Maturity Assessment: Evaluating the current maturity level of cybersecurity practices against capability model, industry standards and best practices.

State Definition: Perform a gap analysis between current and target cybersecurity states.

Roadmap: Create a detailed action plan with initiatives and timelines.

This service focuses on developing a customized cybersecurity operating model tailored to your organization's specific objectives and requirements.

This service includes:

Cybersecurity Organization Structure: Design a cybersecurity organizational structure that aligns with your business goals and ensures clear roles and responsibilities.

Governance Framework: Establish a robust governance framework to oversee cybersecurity operations, ensuring compliance and alignment with industry standards.

Sourcing Model: Develop a sourcing model that optimizes resource allocation, whether through in-house capabilities, outsourcing, or a hybrid approach.

Cybersecurity Capabilities & Responsibilities Model: Define the specific capabilities and responsibilities required to support and maintain a strong cybersecurity posture.

This comprehensive service encompasses the development and implementation of various cybersecurity elements,

including:

Frameworks: Establishing a structured approach to cybersecurity that outlines best practices and standards.

Policies: Creating detailed security policies to govern organizational practices and procedures.

Processes: Defining and documenting key cybersecurity processes to ensure consistent execution and compliance.

Procedures: Developing step-by-step procedures for specific security tasks and incident response.

Standards: Setting industry-aligned standards for cybersecurity practices and controls.

Guidelines: Providing practical guidelines to support the implementation of policies and standards.

Minimum Baseline Security Standard (MBSS): establishes essential security controls and sets benchmarks for evaluating the effectiveness of security measures.

Provide a comprehensive approach to enhancing an organization’s cybersecurity posture through tailored awareness programs and ongoing management.

This service includes:

Cybersecurity Awareness Programs Development: Creating and managing customized programs to meet the organization's specific needs, aimed at building a stronger security culture among employees.

Awareness Learning Management System (LMS): Setting up and overseeing a system to deliver and track cybersecurity training, keeping employees updated on the latest threats and practices.

Interactive Cybersecurity Events: Hosting engaging events like webinars and simulations to boost knowledge and encourage proactive security habits.

Cybersecurity Awareness Materials: Producing and sharing materials like posters, newsletters, presentations, and online modules to educate employees on key cybersecurity topics.

Cybersecurity Workshops: Running practical workshops to help participants learn and apply cybersecurity skills in real-life situations.

Ensure that the organization adheres to relevant cybersecurity regulations, and standards, and minimizing the risk of legal penalties and security breaches by reviewing the organization’s current cybersecurity practice, identifying the gaps and providing detailed recommendations to close the gaps, the service is being done for multiple National & International standards such as:

NCA - Essential Cybersecurity Controls (ECC)

NCA - Critical Systems Cybersecurity Controls (CSCC)

NCA - Cloud Cybersecurity Controls (CCC)

NCA - Telework Cybersecurity Controls (TCC)

NCA - Organizations’ Social Media Accounts Cybersecurity Controls (OSMACC)

NCA - Data Cybersecurity Controls (DCC)

SAMA - Cyber Security Framework (CSF)

SAMA - Minimum Verification Controls (MVC)

SAMA - Cyber Resilience Fundamental Requirements (CRFR)

SAMA - Business Continuity Management Framework

CMA - Cybersecurity Guidelines

NIST - Cyber Security Framework (CSF)

CST - Cybersecurity Regulatory Framework (CRF)

This service focuses on ensuring that an organization’s cybersecurity practices are implemented properly according to the regulatory requirements.

This service includes:

Compliance Assessment: Conducting assessments to identify and address compliance gaps.

Recommendations: Developing corrective actions to close identified compliance issues.

Continuous Monitoring: support and follow-up in the Implementation of the controls.

Verification and Sustainability: ensuring compliance with the requirements is being implemented properly.

This service helps organizations achieve ISO 27001 certification by guiding and supporting them through the implementation of an Information Security Management System (ISMS) including the below items:

ISO27001 Assessment & Planning.

ISO27001 Documentation Development (Scope, Policies, Procedures, Plans & Standards)

KPIs & Continuous Monitoring

Internal Audit

Support in External Audit & Certification.

Provide a structured approach to identify, evaluate, and mitigate cybersecurity risks, ensuring the organization’s assets are protected.

This service includes:

Risk Identification: Identify and catalog all assets, threats, and vulnerabilities that could impact the organization.

Risk Assessment: Evaluate the likelihood and impact of identified risks to determine their potential effect on the organization.

Risk Analysis: Analyze the potential consequences and probability of risks, considering existing security controls.

Risk Evaluation: Compare the assessed risks against the organization’s risk appetite and prioritize them accordingly.

Risk Treatment: Decide how to manage each risk, whether by mitigating, transferring, accepting, or avoiding it.

Risk Monitoring and Review: Continuously monitor risks and review the effectiveness of controls to ensure ongoing protection.

This service focuses on managing and mitigating cybersecurity risks related to third parties.

This service includes:

Define the scope and categorize third parties.

Prioritize Third parties based on their Risks and projects nature.

Defining Risk Rating criteria

Defining the communication procedures

Enforcement Plans on Cybersecurity controls

This service is designed to identify, evaluate, and prioritize risks across various critical areas, ensuring the protection and resilience of your assets and operations.

This service include:

Systems/Application Risk Assessment.

Third-party Risk Assessment.

Projects Risk Assessment.

Change Management Risk Assessment.

This service focuses on managing and mitigating cybersecurity risk treatment strategies and is being properly implemented within an organization.

This service includes:

Risk Assessment: Conducting assessments to identify and address cybersecurity risks within the organization.

Recommendations: Developing corrective actions to close identified cybersecurity risks.

Continuous Monitoring: support and follow-up in the Implementation of the controls.

Verification and Sustainability: Closing treatment actions, ensuring risks being reduced.

To talk to an expert