Security Analysis and Compliance Services

Security Analysis and Compliance Services are product independent consulting and auditing services that address information security with human, process and technology dimensions.

Compliance Audits

The Compliance Audit services cover efforts to assess the compliance of organizations with the regulations, regulations, corporate/national/international standards and best practices in the world, and to determine the level of compliance with the requirements and to report the requirements. It may be necessary to provide information regarding the compatibility studies in the organization and the organization before these studies. The audit activities are carried out by means of interviews with the relevant units in the organization, field inspections, application and evidence analysis and technical analysis methods and their results are reported. Examples of compatibility audit services carried out in the SACS Unit are presented below:

ISO 27001 Audit
SWIFT Audit
PCI DSS Audit
GS1 Audit

Compatibility/Gap Analysis

Compliance/Gap Analysis services cover the work done to determine the level of compliance of the organizations to the regulations, regulations, institutional/national/international standards and best practices in the world, and to determine the missing/improving points. These studies are mainly carried out with the aim of measuring the compliance level and application performance of the organization and at the request of the organization. Analysis studies are conducted with the relevant units in the organization, field surveys, applications are seen, technical analysis methods are carried out and the results are reported. Examples of compatibility/gap analysis services carried out in the SACS Unit are presented below:

ISO 27001 Gap Analysis
Effective Security Controls (ESC) Gap Analysis
Industrial Control Systems (ICS) Security Controls Gap Analysis
PDPL/GDPR Gap Analysis
CSOC Processes Gap Analysis
Cyber Security Workforce Gap Analysis

Compliance Training

Compliance Training services include training and training activities carried out to increase the level of awareness and competence of staff on the legislation, regulations, national/international standards and best practices in the world where they are subject to cyber security. These studies are provided in the form of theoretical, practical and workshops in order to enable the teams to gain knowledge and skills about compliance with the relevant requirements. Examples of compatibility training services carried out in the SACS Unit are as follows:

ISO 27001 Basic/Practical Training
O 27001 Internal Audit Workshop/Training
ISO 27001 Lead Auditor Training
Risk Management Workshop/Training
Auditor Training
Information Security Awareness Training
ICS Safety Training
PDPL/GDPR Training

Process Consultancy

Process Consultancy services, processes developed by Barikat R&D, CSOC model to be operated in a CSOC, SIEM Maturity Model, DLP Maturity Model etc. In accordance with the Corporate CSIRT Installation and Management Guideline, the processes to be operated within the scope of the models and the SOMEs in accordance with the Corporate CSIRT Installation and Management Guideline include the establishment, operation and guidance of the organization for the elimination of missing points. It is essential that these services are provided with the relevant consulting services (SIEM, DLP etc.). It is essential that these works are carried out together with the establishment teams and that the organization has the competence to operate these processes after the studies. Examples of process consultancy services carried out in the SACS Unit are presented below.:

Security Technologies Process Consultancy
CSOC Process Consultancy

Maturity Analysis

Maturity Analysis services, SIEM Maturity Model developed by Barikat R&D, DLP Maturity Model etc. In order to evaluate the maturity of the organization in accordance with the models and to determine the points of the missing/can be improved. These studies are mainly carried out in order to determine the path to be followed by consultancy services (SIEM Consultancy, DLP Consultancy, etc.). Analysis studies are conducted with the relevant units in the organization, field surveys, applications are seen, technical analysis methods are carried out and the results are reported. Examples of maturity analysis services carried out in the GAUH Unit are presented below::

SOC/CSOC Maturity Analysis
CSIRT Maturity Analysis
SIEM Maturity Analysis
DLP Maturity Analysis

Methodology/Approach/Principal Development Services

The methodology development services determine and document the methods and approaches needed by the organization in order to manage, organize and guide corporate/sectoral/national practices on specific issues related to cyber security, by making international literature and best practice research, taking local parameters into consideration and documenting the pilot applications. The work includes the work done. In order for these services to be successful, it is essential to determine clearly the need of the organization. Examples of methodology development services carried out in the SACS Unit are presented below:

Sectoral Information Security Management Methodologies Development Service