Resilience GRC Services
GRC Services
Cybersecurity Strategy & Roadmap
Cybersecurity Operating Model
Cybersecurity Frameworks, Policies, Processes, Procedures, Standards, Guidelines & MBSS
Cybersecurity Awareness Programs
Cybersecurity Compliance Assessment
Cybersecurity Compliance Assurance Service
ISO 27001 Certification
Cybersecurity Risk Management Framework
Cybersecurity Third-party Risk Framework
Cybersecurity Risk Assessments
Cybersecurity Risk Assurance Service
This service includes:
Strategic Context: Analyze internal and external factors influencing cybersecurity.
Strategic Intent: Define the cybersecurity vision, mission, and goals.
Strategic Intent: Define the cybersecurity vision, mission, and goals.
Define Capability Maturity Model: Define the capability maturity model needed to achieve cybersecurity objectives.
Maturity Assessment: Evaluating the current maturity level of cybersecurity practices against capability model, industry standards and best practices.
State Definition: Perform a gap analysis between current and target cybersecurity states.
Roadmap: Create a detailed action plan with initiatives and timelines.
This service includes:
Cybersecurity Organization Structure: Design a cybersecurity organizational structure that aligns with your business goals and ensures clear roles and responsibilities.
Governance Framework: Establish a robust governance framework to oversee cybersecurity operations, ensuring compliance and alignment with industry standards.
Sourcing Model: Develop a sourcing model that optimizes resource allocation, whether through in-house capabilities, outsourcing, or a hybrid approach.
Cybersecurity Capabilities & Responsibilities Model: Define the specific capabilities and responsibilities required to support and maintain a strong cybersecurity posture.
including:
Frameworks: Establishing a structured approach to cybersecurity that outlines best practices and standards.
Policies: Creating detailed security policies to govern organizational practices and procedures.
Processes: Defining and documenting key cybersecurity processes to ensure consistent execution and compliance.
Procedures: Developing step-by-step procedures for specific security tasks and incident response.
Standards: Setting industry-aligned standards for cybersecurity practices and controls.
Guidelines: Providing practical guidelines to support the implementation of policies and standards.
Minimum Baseline Security Standard (MBSS): establishes essential security controls and sets benchmarks for evaluating the effectiveness of security measures.
This service includes:
Cybersecurity Awareness Programs Development: Creating and managing customized programs to meet the organization's specific needs, aimed at building a stronger security culture among employees.
Awareness Learning Management System (LMS): Setting up and overseeing a system to deliver and track cybersecurity training, keeping employees updated on the latest threats and practices.
Interactive Cybersecurity Events: Hosting engaging events like webinars and simulations to boost knowledge and encourage proactive security habits.
Cybersecurity Awareness Materials: Producing and sharing materials like posters, newsletters, presentations, and online modules to educate employees on key cybersecurity topics.
Cybersecurity Workshops: Running practical workshops to help participants learn and apply cybersecurity skills in real-life situations.
NCA - Essential Cybersecurity Controls (ECC)
NCA - Critical Systems Cybersecurity Controls (CSCC)
NCA - Cloud Cybersecurity Controls (CCC)
NCA - Telework Cybersecurity Controls (TCC)
NCA - Organizations’ Social Media Accounts Cybersecurity Controls (OSMACC)
NCA - Data Cybersecurity Controls (DCC)
SAMA - Cyber Security Framework (CSF)
SAMA - Minimum Verification Controls (MVC)
SAMA - Cyber Resilience Fundamental Requirements (CRFR)
SAMA - Business Continuity Management Framework
CMA - Cybersecurity Guidelines
NIST - Cyber Security Framework (CSF)
CST - Cybersecurity Regulatory Framework (CRF)
This service includes:
Compliance Assessment: Conducting assessments to identify and address compliance gaps.
Recommendations: Developing corrective actions to close identified compliance issues.
Continuous Monitoring: support and follow-up in the Implementation of the controls.
Verification and Sustainability: ensuring compliance with the requirements is being implemented properly.
ISO27001 Assessment & Planning.
ISO27001 Documentation Development (Scope, Policies, Procedures, Plans & Standards)
KPIs & Continuous Monitoring
Internal Audit
Support in External Audit & Certification.
This service includes:
Risk Identification: Identify and catalog all assets, threats, and vulnerabilities that could impact the organization.
Risk Assessment: Evaluate the likelihood and impact of identified risks to determine their potential effect on the organization.
Risk Analysis: Analyze the potential consequences and probability of risks, considering existing security controls.
Risk Evaluation: Compare the assessed risks against the organization’s risk appetite and prioritize them accordingly.
Risk Treatment: Decide how to manage each risk, whether by mitigating, transferring, accepting, or avoiding it.
Risk Monitoring and Review: Continuously monitor risks and review the effectiveness of controls to ensure ongoing protection.
This service includes:
Define the scope and categorize third parties.
Prioritize Third parties based on their Risks and projects nature.
Defining Risk Rating criteria
Defining the communication procedures
Enforcement Plans on Cybersecurity controls
This service include:
Systems/Application Risk Assessment.
Third-party Risk Assessment.
Projects Risk Assessment.
Change Management Risk Assessment.
This service includes:
Risk Assessment: Conducting assessments to identify and address cybersecurity risks within the organization.
Recommendations: Developing corrective actions to close identified cybersecurity risks.
Continuous Monitoring: support and follow-up in the Implementation of the controls.
Verification and Sustainability: Closing treatment actions, ensuring risks being reduced.