Services

In this digital age, we cannot avoid exposure to security threats like virus, ransomware, system hacking, DDoS, unauthorized access and others.

How to address these issues?

 

We offer document scanning, imaging and conversion services for multinational corporations and SMEs with ease at affordable price for over ten years.

Our system support services include Prioritized Repairing, Anti-virus Installation & Scanning, Networking, Data back-up and Preventive Maintenance services.

We offer cybersecurity  trainings from awareness training to senior executives, risk management and security operations as well as network defense trainings to professionals.

INformation Security

Implementation and Consulting services

ISO 27001 ISMS Implementation

In this digital age, we cannot avoid exposure to various security threats like virus, ransomware, system hacking, DDoS, unauthorized access and others.


Management will have concerns on various security threats and business issues. Organizations need to ensure they can keep the business going (top priority),  restore the organization to its “pre-attack” state(second priority) and apply lessons learned to improve resilience against the next attack(third priority).

To address the concerns, we need to:

  • protects information from a range of threats
  • ensures business continuity
  • minimizes financial loss
  • minimizes management and customer concerns
  • maximizes return on investments and business opportunities

To address the threats, many organizations will implement ISO 27001. ISO 27001 specifies an Information Security Management Systems(ISMS) which contains a comprehensive set of 114 security controls comprising best practices in information security. It is risk-management based with objectives to protect the confidentiality, integrity and availability of information.

  • Keeps confidential information secure
  • Protects organization assets, stakeholders and customers
  • Proactive approach to managing risks and optimizing IT asset usage to protect against threats
  • Minimize business lost and reduce costs

For more information on this subject, please contact us.

PCI DSS Consultation

Payment Card Industry Data Security Standard

Payment Card Industry Data Security Standard (PCI DSS) are regulations for business that takes credit or debit card payments to comply with. PCI DSS has 6 goals that include 12 requirements.

PCI DSS validation requirements for merchants and service providers may include, depending on the credit card transaction volume, the following:

  • Quarterly ASV scanning
  • Yearly SAQ
  • Annual on-site QSA audit

PCI DSS Consultancy

  • Validation and yearly SAQ support
  • PCI gap analysis and scoping
  • PCI implementation – Remediation recommendations
  • Annual Compliance audit and Report on Compliance

PCI DSS Security Testing

  • Quarterly ASV scanning
  • PCI penetration testing

PCI DSS Documentation

PCI DSS Training

  • PCI DSS training course

For more information on this subject, please contact us.

Cyber Security Consulting

We aimed at helping our clients to execute on key cyber security initiatives and assist them to building resilient capabilities.

We take a three-step approach to improve our client key cyber security initiatives and assist them to building resilient capabilities.

  1. Employee Security Awareness

  2. Cyber Crisis Response Planning

  3. Validation and Optimization

Fundamentals of Cyber Security Training:

  • All Employees: 2 Hours (Classroom)
  • IT Employees: 1 Day (Classroom)
  • InfoSec Employees: 3 Days (Classroom)
  • On-going Security Awareness Program
  • Phishing User Behavioural Analysis
  • Cross-Organizational Cyber Crisis Response Plan Development
  • Cyber Crisis Response Team Training
  • Cyber Crisis Leader Boot Camp
  • Targeted Tabletop Exercises
  • Cross-Organizational Tabletop Exercises
  • Cross-Organizational Immersive Cyber Crisis Simulations
  • After-Action Reports and Improvement

For more information on this subject, please contact us.

Vulnerability Assessment

Vulnerability assessment is a risk management process used to identify, quantify and rank possible vulnerabilities of a system for various kinds of threats that could be exploited by an outside attacker or compromised by internal personnel. It should be noted that Vulnerability Assessment does not involve any steps to fix or apply patches to a system.

In many information security programs, Vulnerability Assessments are the first step – they are used to perform wide sweeps of a network to find missing patches or misconfigured software.

From there, one can either perform:

  • a penetration test to see how exploitable the vulnerability is; and/or
  • a risk analysis to ascertain the cost/benefit of fixing the vulnerability.

Penetration Test

The goal of a Penetration Testing (or “Pentest”) is to provide senior management a realistic view of their security posture. It proactively uncover the weakest links and identify the extent of damage a real malicious attacker could cause the business.

A Pentest is an authorized attack against your IT systems, network, wireless network or web application to identify and exploit their security weaknesses. By performing authorized Pentest (or “ethical hacking”) attacks against your organization, SIA can demonstrate the effectiveness of your IT security defenses and help you understand the extent of unauthorized access and damage that could be achieved by a malicious hacker.

  • External Penetration Testing 
  • Internal Network Penetration Testing 
  • Web App Penetration Testing
  • Wireless Penetration Testing
  • Phishing Penetration Testing

For more information on this subject, please contact us.

DDoS Simulation Testing

A Recent industry study showed that some 75% of IT decision makers have suffered at least one Distributed Denial of Service(DDoS) in the past 12 months, and 31% reported service disruption as a result of these attacks. As more and more commercial and governmental organizations are discovering the hard way, DDoS is a threat that cannot be ignored.

A DDoS attack is a malicious attempt to make a server or a network resource unavailable to users, usually by temporarily interrupting or suspending the services of a host connected to the Internet.

SIA’s DDoS Simulation Testing service is to check the resiliency of the Internet facing systems and network infrastructure against DDoS and related cyber-attacks.

We help you test the effectiveness of your existing IT defenses and how well your people respond in the event of a DDoS attack.

With our local- and cloud-based services, our defense expertise enables you to identify your system weaknesses through a series of carefully designed and realistic attacks, thereby measuring the effectiveness of detection and mitigation systems and improving your DDoS preparedness.

For more information on this subject, please contact us.

SIEM Implementation and Maintenance

Security Information and Event Management(SIEM) is a technology connects and unifies the information contained in your existing systems. SIEM is a management layer above your existing devices and security controls that allowing them to be analyzed and cross-referenced from a single interface.

SIEM centralizes the Events Information and Log Management from various devices and locations. SIEM uses either Rule-based or Correlation Engines for Identifying the anomalies by combining multiple events and information.

Implementing SIEM requires a lot of preparation, even before the SIEM software is purchased.

Two most important components to a successful SIEM implementation:

  • Management of the logging and monitoring capabilities, and
  • Responding to alerts.

SIEM often ends up costing more than anticipated, requires expertise that often must be outsourced, can be difficult to tune and can take considerable time before it yields results.

Tuning the application to process all of the logs also can take longer than expected, resulting in higher anticipated costs.

For more information on this subject, please contact us.

Document Scanning

We offer high-speed document scanning, imaging and conversion services for multinational corporations and local enterprises for over ten years. We help organizations migrate from paper to digital documents with ease at affordable price.

Document Scanning Services

SIA offers high-speed document scanning, imaging and conversion services for multinational corporations and local enterprises for over ten years. We help organizations migrate from paper to digital documents with ease at affordable price.


We can scan and process documents at your premises so that all paper is always under your direct control. Or we can scan and process documents at our facilities so to releasing your space and resources, and we will take care of the document transport, ensuring maximum security and an added level of convenience.

Conversion of existing, archived documents in bulk. SIA specializes in records imaging and scanning large backlogs of accounting documents, customer records, banking and loan documents and insurance forms.

This is to scan records as needed, the strategy that we always recommend.  This minimizes the cost of conversion but allows for modernizing processes.   This by far the most cost effective and rational approach.  By scanning records as needed, not a single penny is spent converting anything unnecessarily. 

We are flexible in offering customized scanning packages that will fit your unique needs.

 

For more information on this subject, please contact us.

Benefits of Document Digitization

  1. Easy preservation of documents and storage.
  2. 100% data security as we understand data is crucial to any business.
  3. Well-archived and indexed documents and records facilitate easy and quick retrieval and distribution.
  4. Accurate results with high-quality digital document for e-filing.
  5. Minimize overhead costs for your business.
  6. Increase productivity by letting you focus on other core business activities.

For more information on this subject, please contact us.

The Scanning Process

Scanning is not a simple process as some people may think. It actually requires:

  • Capable and adequate hardware
  • Appropriate file organization structure
  • Determine indexing data requirements
  • Impose quality control mechanism
  • Allocate adequate personnel resources


  • The documents are collected from the customer, or put in a centralized area as allocated by the customer.
  • The documents will be aligned properly in this stage. Do a nice back rub to make sure the documents are as smooth as possible. Check and take away any wrinkles, creases, tears, staples or paperclips. Inserting barcode sheets for identification, may include indexing information.
  • Each document will be scanned properly and saved as an image file with efficient Simplex / Duplex scanner(s) that can provide:
    • reliable document feeders with Multifeed Detection capability and consistent image quality
    • desirable scanning speed
    • cater for all the different sizes and thickness of papers to be scanned
    • desirable color detection capabilities
    • virtual rescan function
  • The scanned documents/images are converted into text files by using Optical Character Recognition (OCR). The output is then manually checked by proofreaders before converting it into the desired digital format – Jpeg or Tiff.
  • Tag each document file with file name appropriately and archiving them in the proper place by inputting index(ices) as required through double data entry and/or using OCR to capture index data.
  • Double data entry validation and/or eye-ball checking, with reference to applicable validation rules, to make sure all the index data were correctly entered during the indexing step.
  • The document files are organized into separate or combined PDF files as per the customers’ requirements. Random search for specific documents will be done as a final quality and validation check.
  • The error free digitized data will be transferred to client’s designated system storage area, or burnt onto a device, like a harddisk/DVD, as selected by client. The hard copies may either be put back into storage or sent for secure shredding.

For more information on this subject, please contact us.

System Support

We offer a comprehensive range of system services depending on your requirements and budget. 

System Support Services

We offer a comprehensive range of system services depending on your requirements and budget. Our services include:


We offer a standard 5 day repair service, either on-site or off-site, for your servers, laptops, notebooks, printers, scanners, monitors etc. For priority repairs we offer a guaranteed on-site service within an agreed response time after receiving your request, subject to parts availability. We may do a remote check(dial-in your PC or system server) to do some initial investigation for software faults/issues before we shall send over our engineer.

This will include anti-virus server & client installation and configuration, as well as anti-virus scanning and virus removal.

We will help you install and set up cabling and wireless network, switch and routers as required.

Data backup is necessary in order to prepare for any possible disaster ahead of time. You need to protect yourself against a crashed hard drive, system failure or possible data loss threats.

We provide Preventative Maintenance Service for system servers and printers. This may include regular house-keeping work for your servers, scheduled inspection cycles to check and clean hard disks, printers and check ink and toner and other consumables.

For more information on this subject, please contact us.

Training

If you want to learn more about us, you’re in the right place. Read to learn how we managed to grow our business so fast.

Cybersecurity Training Executive Series

Introduce the most relevant cybersecurity topics to ensure senior executives and management have the knowledge to make more informed decisions and better manage their business risk

Cybersecurity Exec Series-I (0.5 day)

  • EXEC100 Information Security Fundamentals
  • EXEC101 Security Awareness
  • EXEC102 Social Engineering
  • EXEC103 Spear-Phishing & Ransomware

Cybersecurity Exec Series-II (0.5 day)

  • EXEC104 Cybercriminal Psychology
  • EXEC105 Insider Threats
  • EXEC106 External Threat Actors
  • EXEC107 Digital Forensics & Incident Response

For more information on this subject, please contact us.

Cybersecurity Training Professional Series

  • PS2-1: Security and Risk Management
  • PS2-4: Communication and Network Security
  • PS2-6: Security Assessment
  • PS2-7: Security Operations


For more information on this subject, please contact us.

Introduction to Network Defense

This training provides an understanding of and practical skills for network defense, including how to protect, detect and respond to network attacks. Attendees will learn network defense fundamentals including the application of network security controls, protocols, perimeter appliances, secure IDS, VPN and firewall configuration as well as vulnerability scanning in order to design successful network security policies and incident response plans.

  • Network Security: Threats, Vulnerabilities, and Attacks. Controls, Protocols, and Devices. Policy Design and Implementation
  • Secure Firewall / IDS / VPN
  • Wireless Network Defense
  • Network Traffic Monitoring and Analysis
  • Network Risk and Vulnerability Management

For more information on this subject, please contact us.

About Us

If you want to learn more about us, you’re in the right place. Read to learn how we managed to grow our business so fast.

Our story

Software Island (Asia) has been providing turnkey document scanning(on-site, off-site to backfile) and customized OCR and indexing services, as well as document management solutions, to multinationals and local enterprises for over 15 years. Our customers span across banks and insurance companies, large international brands and professional firms.

In addition, on Information Security, Software Island (Asia) offers ISO 27001 ISMS implementation services, vulnerability assessment and cybersecurity training to our clients in various industries.

Experience Consulting Team

Our consultants are qualified professionals including Certified Information System Security Professional (CISSP), Certified Information System Auditor (CISA), Payment Card Industry Professional (PCIP), Certified Ethical Hacker (CEH), PMP and ITIL Foundation. They possess 5 to 30 years of experiences in the information security industry and have worked for security product and service vendors, security solution providers and big 4 cyber risk servicesteam.

In addition to providing cybersecurity training for senior executives of MNCs and local enterprises, our consultants also have consulting experiences with banks, government, merchants, Internet service provider and solution providers. They have extensive experience in ISO 27001 ISMS implementation, risk assessment, policy review, physical security walkthrough assessment, system hardening review and e-business solutions covering all aspects of Information Security and Data Privacy especially in PCI DSS and ISO 27001 for enterprises in the Asia pacific region.

contact us

Need an expert? you are more than welcomed to leave your contact info and we will be in touch shortly

Visit us

Unit 7, 4/F Sung Kee Ind. Bldg 18-30 Kwai Ting Road, Kwai Chung, New Territories, Hong Kong

Call us

  • +852 3167 7857​
  • +852 3167 7835​