Services

In this digital age, we cannot avoid exposure to security threats like virus, ransomware, system hacking, DDoS, unauthorized access and others.

How to address these issues?

 

We offer document scanning, imaging and conversion services for multinational corporations and SMEs with ease at affordable price for over ten years.

Our system support services include Prioritized Repairing, Anti-virus Installation & Scanning, Networking, Data back-up and Preventive Maintenance services.

We offer cybersecurity  trainings from awareness training to senior executives, risk management and security operations as well as network defense trainings to professionals.

INformation Security

Implementation and Consulting services

ISO/IEC 27001 Implementation

In this digital age, we cannot avoid exposure to various security threats like virus, ransomware, system hacking, DDoS, unauthorized access and others.

To address the concerns, we need to:

  • protects information from a range of threats
  • ensures business continuity
  • minimizes financial loss
  • minimizes management and customer concerns
  • maximizes return on investments and business opportunities
  • Demonstrable your commitment to security
  • Keeps confidential information secure
  • Protects organization assets, stakeholders and customers
  • Better risk management and Safety policies to minimize risk exposure
  • Provide customers and stakeholders with confidence in how your manage risk
  • Proactive approach to managing and optimizing IT asset usage to protect against threats
  • Make you a market differentiator with reputation for being a safe and secure partner
  • Legal and regulatory compliance
  • Minimize business lost and reduce costs
  • Clear employee direction and improved awareness

To address the threats, many organizations will implement an Information Security Management Systems specified by ISO 27001. It provides a framework on how to protecting Information through selection of Security Controls.

ISO 27001 is a leading international standard on Information Security Management that covers all types of organizations (e.g. commercial companies, government agencies, not-for-profit organizations) and all sizes. It concerns the management of information security, not just IT/technical security.

ISO 27001 formally specifies an Information Security Management Systems(ISMS). ISMS is the fundamental part of the ISO 27001 because you’ll use the standard to establish and maintain this system.

Tens of thousands of organizations worldwide have been certified to be ISO 27001 compliant.

ISO 27001 contains a comprehensive set of controls comprising best practices in information security. It is risk-management based with objectives to protect the confidentiality, integrity and availability of information.

Management of every organization will have concerns on various threats like those mentioned above and business issues like: Loss of confidential data, Legal liability, Business continuity, Loss of customer confidence, Business loss, Market reputation, Disaster recovery and associated costs.

To address the possible threats and business issues,  organizations need to ensure they can keep the business going  (as the first priority),  restore the organization to its “pre-attack” state(second priority) and apply lessons learned to improve resilience against the next attack(third priority).

PCI DSS Consultation

Improve your security posture. The PCI DSS puts a framework in place that encourages regular review and process improvement. Compliance with the Standard can help:

  • Ensure the safety and security of your customers’ payment card data, which means you won’t have to worry quite as much about any potential vulnerabilities in your system.
  • Avoid the financial penalties and negative PR associated with a data breach.
  • Demonstrate that your company places a high value on security, which will encourage more customers to trust you with their payment card information.
  • Comply with other legislation, such as the General Data Protection Regulation, which now regulates the processing of personal data in the EU.
  • Provide guidance on how a merchant can protect itself not just from payment card data loss but also from other potentially undesirable data breaches.
  • Some organizations are deterred by perceived difficulties or costs associated with meeting the requirements of the Standard. With a good cyber security consultant, you can overcome these challenges without disrupting vital business operations.

Build and maintain a secure network

  • Requirement 1: Install and maintain a firewall configuration to protect cardholder data
  • Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters

Protect Cardholder Data

  • Requirement 3: Protect stored cardholder data
  • Requirement 4: Encrypt transmission of cardholder data across open, public networks

Maintain a Vulnerability Management Program

  • Requirement 5: Use and regularly update anti-virus software or programs 
  • Requirement 6: Develop and maintain secure systems and applications

Implement Strong Access Control Measures

  • Requirement 7: Restrict access to cardholder data by business need to know
  • Requirement 8: Assign a unique ID to each person with computer access
  • Requirement 9: Restrict physical access to cardholder data

Regularly Monitor and Test Networks

  • Requirement 10: Track and monitor all access to network resources and cardholder data
  • Requirement 11: Regularly test security systems and processes

Maintain an Information Security Policy

  • Requirement 12: Maintain a policy that addresses information security for all personnel
  • Merchants and service providers must do twelve things to ensure they comply with the standard:

    1. Install and maintain a firewall configuration to protect cardholder data
    2. Do not use vendor-supplied defaults for system passwords and other security parameters
    3. Protect stored cardholder data
    4. Encrypt transmission of cardholder data across open, public networks
    5. Use and regularly update anti-virus software or programs
    6. Develop and maintain secure systems and applications
    7. Restrict access to cardholder data by business need to know
    8. Assign a unique ID to each person with computer access
    9. Restrict physical access to cardholder data
    10. Track and monitor all access to network resources and cardholder data
    11. Regularly test security systems and processes
    12. Maintain a policy that addresses information security for employees and contractors

We will help you achieve and maintain PCI compliance by tackling the challenges of scoping the cardholder data environment, reducing the complexity of card data flow, and testing and protecting stored payment card data.

We will assess your needs, carefully explain the PCI compliance requirements relevant to you, and provide solutions to suit your budget.

The services we provide include the following:

PCI DSS Consultancy

  • Validation and yearly self-assessment questionnaire (SAQ) support for Level 2, 3 & 4 merchants, and Level 2 service providers
  • PCI gap analysis and scoping
  • PCI implementation – Remediation recommendations
  • Annual Compliance audit and Report on Compliance (RoC)

PCI DSS Security Testing

  • Quarterly ASV scanning
  • PCI penetration testing

PCI DSS Documentation

PCI DSS Training

  • PCI DSS training course

Experience Consultant: our consultants have an extensive understanding of cardholder data flows, payment card systems and IT security.

Impartial and unbiased advice: our deep technical expertise delivers the insight and advice that is not available through off-the-shelf technical solutions.

Ease the burden: our experts can help you build PCI compliance into everyday business processes to ensure continual compliance and ease the burden at annual QSA audits.

Knowledgeable: An integrated approach to PCI DSS compliance due to our recognized expertise in other internationally adopted standards such as ISO 27001and ISO 9001.

Relentless focus on your business: we work with our customers to assure PCI compliance while minimizing business disruption, keeping costs down and ensuring that customer engagement is improved.

PCI-DSS-Consultation
Cyber Security Consulting

Improve your security posture. The PCI DSS puts a framework in place that encourages regular review and process improvement. Compliance with the Standard can help:

  • Ensure the safety and security of your customers’ payment card data, which means you won’t have to worry quite as much about any potential vulnerabilities in your system.
  • Avoid the financial penalties and negative PR associated with a data breach.
  • Demonstrate that your company places a high value on security, which will encourage more customers to trust you with their payment card information.
  • Comply with other legislation, such as the General Data Protection Regulation, which now regulates the processing of personal data in the EU.
  • Provide guidance on how a merchant can protect itself not just from payment card data loss but also from other potentially undesirable data breaches.
  • Some organizations are deterred by perceived difficulties or costs associated with meeting the requirements of the Standard. With a good cyber security consultant, you can overcome these challenges without disrupting vital business operations.

Build and maintain a secure network

  • Requirement 1: Install and maintain a firewall configuration to protect cardholder data
  • Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters

Protect Cardholder Data

  • Requirement 3: Protect stored cardholder data
  • Requirement 4: Encrypt transmission of cardholder data across open, public networks

Maintain a Vulnerability Management Program

  • Requirement 5: Use and regularly update anti-virus software or programs 
  • Requirement 6: Develop and maintain secure systems and applications

Implement Strong Access Control Measures

  • Requirement 7: Restrict access to cardholder data by business need to know
  • Requirement 8: Assign a unique ID to each person with computer access
  • Requirement 9: Restrict physical access to cardholder data

Regularly Monitor and Test Networks

  • Requirement 10: Track and monitor all access to network resources and cardholder data
  • Requirement 11: Regularly test security systems and processes

Maintain an Information Security Policy

  • Requirement 12: Maintain a policy that addresses information security for all personnel
  • Merchants and service providers must do twelve things to ensure they comply with the standard:

    1. Install and maintain a firewall configuration to protect cardholder data
    2. Do not use vendor-supplied defaults for system passwords and other security parameters
    3. Protect stored cardholder data
    4. Encrypt transmission of cardholder data across open, public networks
    5. Use and regularly update anti-virus software or programs
    6. Develop and maintain secure systems and applications
    7. Restrict access to cardholder data by business need to know
    8. Assign a unique ID to each person with computer access
    9. Restrict physical access to cardholder data
    10. Track and monitor all access to network resources and cardholder data
    11. Regularly test security systems and processes
    12. Maintain a policy that addresses information security for employees and contractors

We will help you achieve and maintain PCI compliance by tackling the challenges of scoping the cardholder data environment, reducing the complexity of card data flow, and testing and protecting stored payment card data.

We will assess your needs, carefully explain the PCI compliance requirements relevant to you, and provide solutions to suit your budget.

The services we provide include the following:

PCI DSS Consultancy

  • Validation and yearly self-assessment questionnaire (SAQ) support for Level 2, 3 & 4 merchants, and Level 2 service providers
  • PCI gap analysis and scoping
  • PCI implementation – Remediation recommendations
  • Annual Compliance audit and Report on Compliance (RoC)

PCI DSS Security Testing

  • Quarterly ASV scanning
  • PCI penetration testing

PCI DSS Documentation

PCI DSS Training

  • PCI DSS training course

Experience Consultant: our consultants have an extensive understanding of cardholder data flows, payment card systems and IT security.

Impartial and unbiased advice: our deep technical expertise delivers the insight and advice that is not available through off-the-shelf technical solutions.

Ease the burden: our experts can help you build PCI compliance into everyday business processes to ensure continual compliance and ease the burden at annual QSA audits.

Knowledgeable: An integrated approach to PCI DSS compliance due to our recognized expertise in other internationally adopted standards such as ISO 27001and ISO 9001.

Relentless focus on your business: we work with our customers to assure PCI compliance while minimizing business disruption, keeping costs down and ensuring that customer engagement is improved.

Vulnerability Assessment and Penetration Testing

Vulnerability assessment is a risk management process used to identify, quantify and rank possible vulnerabilities of a system for various kinds of threats that could be exploited by an outside attacker or compromised by internal personnel.

Vulnerability assessment is performed by using a vulnerability scanning tool to scan the network and devices, through an IP address or range of IP addresses, for known vulnerabilities.

It’s important to keep in mind that these scanning tools use a list of known vulnerabilities, meaning they are already known to the security community, hackers and the software vendors.

There are vulnerabilities that are unknown to the public at large and these scanners will not find them.

It should be noted that Vulnerability Assessment does not involve any steps to fix or apply patches to a system.

In many information security programs,

  • Vulnerability Assessments are the first step – they are used to perform wide sweeps of a network to find missing patches or misconfigured software.
  • From there, one can either perform
    • a penetration test to see how exploitable the vulnerability is; and/or
    • a risk analysis to ascertain the cost/benefit of fixing the vulnerability.
DDoS Simulation Testing

A Distributed Denial of Service(DDoS) attack is a malicious attempt to make a server or a network resource unavailable to users, usually by temporarily interrupting or suspending the services of a host connected to the Internet. However, they usually do not cause permanent damage.

A Recent industry study showed that some 75% of IT decision makers have suffered at least one DDoS in the past 12 months, and 31% reported service disruption as a result of these attacks. As more and more commercial and governmental organizations are discovering the hard way, DDoS is a threat that cannot be ignored.

Many DDoS attacks succeed not due to the skill or resources at the command of the attackers, but because of lack of preparation on the defender’s side.

  • SIA’s DDoS Simulation Testing service is to check the resiliency of the Internet facing systems and network infrastructure against DDoS and related cyber-attacks.

    We can help you test the effectiveness of your existing IT defenses and how well your people respond in the event of a DDoS attack.

    The goal of DDoS Simulation Testing is to help your IT staff become more alert and prepared to deflect DDoS attacks against your IT infrastructure.

    With our local- and cloud-based services, our defense expertise enables you to identify your system weaknesses through a series of carefully designed and realistic attacks, thereby measuring the effectiveness of detection and mitigation systems and improving your DDoS preparedness.

  1. Address infrastructure and misconfiguration issues before attacks happen.
  2. Enhance incident response procedures.
  3. Understand how to control your DDoS mitigation solution to be most effective.
  4. Harden assets to be more resilient to DDoS attacks.
  5. Prevent panic when attacks do occur.
  6. Evaluate a mitigation vendor’s strengths and weaknesses.

We perform DDoS Simulation Testing at various layers by following these steps:

  1. Intelligence Gathering: We will compile an inventory of assets to attack and confirm the assets to be attacked with you, before the DDoS Stress Test begins.
  2. DDoS Simulation Test: We perform simulation testing, with both manual and automated methods and tools, at various layers, from the web app layer (Layer 7) down to the network layer (Layer 3). Our DDoS Simulation Tests will be announced (or unannounced) as previously agreed with your organization.
  3. Post-test Assessment: We assess the findings of our DDoS Simulation Tests and analyze the results.
  4. Report: We compile a report with our findings and recommendations for remediation and defense.
SIEM Implementation and Maintenance

Security Information and Event Management(SIEM) is a technology connects and unifies the information contained in your existing systems. SIEM is a management layer above your existing devices and security controls that allowing them to be analyzed and cross-referenced from a single interface.

SIEM centralizes the Events Information and Log Management from various devices and locations. SIEM uses either Rule-based or Correlation Engines for Identifying the anomalies by combining multiple events and information.

SIEM can be seen as a combination of Security Information Management(SIM) and Security Event Management(SEM).

Security Information Management(SIM)

  • Reporting and analysis
  • Regulatory compliance (HKMA, SOX, HIPAA etc…)

Security Event Management(SEM)

  • Provides Real-time Monitoring
  • Correlation of Events or Combination of Multiple Events
  • Improve security incident response
  • Effective response to internal and external threats

Implementing SIEM requires a lot of preparation, even before the SIEM software is purchased.

Two most important components to a successful SIEM implementation:

  • Management of the logging and monitoring capabilities, and
  • Responding to alerts.

SIEM often ends up costing more than anticipated, requires expertise that often must be outsourced, can be difficult to tune and can take considerable time before it yields results.

Tuning the application to process all of the logs also can take longer than expected, resulting in higher anticipated costs.

Document Scanning

We offer high-speed document scanning, imaging and conversion services for multinational corporations and local enterprises for over ten years. We help organizations migrate from paper to digital documents with ease at affordable price.

SIA offers high-speed document scanning, imaging and conversion services for multinational corporations and local enterprises for over ten years. We help organizations migrate from paper to digital documents with ease at affordable price.

  1. Easy preservation of documents and storage.
  2. 100% data security as we understand data is crucial to any business.
  3. Well-archived and indexed documents and records facilitate easy and quick retrieval and distribution.
  4. Accurate results with high-quality digital document for e-filing.
  5. Minimize overhead costs for your business.
  6. Increase productivity by letting you focus on other core business activities.

Scanning is not a simple process as some people may think. It actually requires:

  • Capable and adequate hardware
  • Appropriate file organization structure
  • Determine indexing data requirements
  • Impose quality control mechanism
  • Allocate adequate personnel resources

System Support

We offer a comprehensive range of system services depending on your requirements and budget. 

Prioritized Repair Services

We offer a standard 5 day repair service, either on-site or off-site, for your servers, laptops, notebooks, printers, scanners, monitors etc. For priority repairs we offer a guaranteed on-site service within an agreed response time after receiving your request, subject to parts availability. We may do a remote check(dial-in your PC or system server) to do some initial investigation for software faults/issues before we shall send over our engineer.

Anti-virus installation & Scanning

This will include anti-virus server & client installation and configuration, as well as anti-virus scanning and virus removal.

Cabling & Wireless Network

We will help you install and set up cabling and wireless network, switch and routers as required.

Data Backup

Data backup is necessary in order to prepare for any possible disaster ahead of time. You need to protect yourself against a crashed hard drive, system failure or possible data loss threats.

Preventive Maintenance

We provide Preventative Maintenance Service for system servers and printers. This may include regular house-keeping work for your servers, scheduled inspection cycles to check and clean hard disks, printers and check ink and toner and other consumables.

Training

If you want to learn more about us, you’re in the right place. Read to learn how we managed to grow our business so fast.

EXECUTIVE SERIES

Introduce the most relevant cybersecurity topics to ensure senior executives and management have the knowledge to make more informed decisions and better manage their business risk

PROFESSIONAL SERIES

  • PS2-1: Security and Risk Management
  • PS2-4: Communication and Network Security
  • PS2-6: Security Assessment
  • PS2-7: Security Operations
  • Introduction to Network Defense

    This training provides an understanding of and practical skills for network defense, including how to protect, detect and respond to network attacks. Attendees will learn network defense fundamentals including the application of network security controls, protocols, perimeter appliances, secure IDS, VPN and firewall configuration as well as vulnerability scanning in order to design successful network security policies and incident response plans.

    About Us

    If you want to learn more about us, you’re in the right place. Read to learn how we managed to grow our business so fast.

    Our story

    Software Island (Asia) has been providing turnkey document scanning(on-site, off-site to backfile) and customized OCR and indexing services, as well as document management solutions, to multinationals and local enterprises for over 15 years. Our customers span across banks and insurance companies, large international brands and professional firms.

    In addition, on Information Security, Software Island (Asia) offers ISO 27001 ISMS implementation services, vulnerability assessment and cybersecurity training to our clients in various industries.

    Experience Consulting Team

    Our consultants are qualified professionals including Certified Information System Security Professional (CISSP), Certified Information System Auditor (CISA), Payment Card Industry Professional (PCIP), Certified Ethical Hacker (CEH), PMP and ITIL Foundation. They possess 5 to 30 years of experiences in the information security industry and have worked for security product and service vendors, security solution providers and big 4 cyber risk servicesteam.

    In addition to providing cybersecurity training for senior executives of MNCs and local enterprises, our consultants also have consulting experiences with banks, government, merchants, Internet service provider and solution providers. They have extensive experience in ISO 27001 ISMS implementation, risk assessment, policy review, physical security walkthrough assessment, system hardening review and e-business solutions covering all aspects of Information Security and Data Privacy especially in PCI DSS and ISO 27001 for enterprises in the Asia pacific region.

    contact us

    Need an expert? you are more than welcomed to leave your contact info and we will be in touch shortly

    Visit us

    Unit 7, 4/F Sung Kee Ind. Bldg 18-30 Kwai Ting Road, Kwai Chung, New Territories, Hong Kong

    Call us

    • +852 3167 7857​
    • +852 3167 7835​