webID Consulting GmbH
IT Risk & Information Security Governance
Security Services Portfolio includes:
Risk Assessment: identify, evaluate and assess risks and risks impacts associated with the use, ownership, operation, involvement, influence and adoption of IT within an organization.
Risk Mitigation: recommend and decide on the resolution of the identified risks by prioritizing, implementing and maintaining (in a cost-effective manner in accordance with the business requirements and enterprise architecture standards) the adequate mitigating controls recommended from the risk assessment process.
Risk Monitoring: facilitate/conduct independent risk assessments and risk management process reviews to ensure they are performed efficiently and effectively.
Project Management: plan, manage and lead IT projects from conception to completion, meeting the identified business objectives, in time and within allowed budget.
Outsourcing and transformation projects management / 3rd party and vendor management: assessment of security exposure and ensuring compliance to agreed security controls and governance framework.
Partnership with both business and IT stakeholders whom are in need of security expertise and effective consultancy.
Conduct security audit and security compliance reviews on different levels (technology, people, process, infrastructure, services and applications) against the defined standards and applicable regulations.
Support and work closely with the business owners to identify threats to the integrity, availability and confidentiality of their information assets; assess associated risks and propose adequate mitigating controls.
Develop, design, assess, document and manage the implementation of Security Architecture Solutions for secure accessibility and secure data flow.
Policy Management: develop and manage the entire life cycle of security and governance policies from info-gathering, to development, to approval, to dissemination, to establishment of exception management to handle possible policy deviation.
Security training and education:
- Develop effective security training programs that are (A) customized and tailored to client's needs, and (B) appropriately targeting specific teams/audience.
- Conduct mature customized live face-to-face trainings* in English, German and/or Arabic and ability to transfer knowledge.
*The training can vary from security awareness (e.g. social engineering, data classification) to complex technical security concepts (e.g. Cryptography, RFID, Security Architecture). Conduct research work on specific topic or technology to keep abreast of new and emerging risks within the IT environment and disseminate the relevant information to all concerned and ensure proper and proactive containment/mitigation actions are initiated.
Provide regular necessary updates on new risks to the Security Policies to improve assets protection and ensure baseline compliance.
- Develop effective security training programs that are (A) customized and tailored to client's needs, and (B) appropriately targeting specific teams/audience.
- Conduct mature customized live face-to-face trainings* in English, German and/or Arabic and ability to transfer knowledge.
*The training can vary from security awareness (e.g. social engineering, data classification) to complex technical security concepts (e.g. Cryptography, RFID, Security Architecture).
