Cyber Security

Risk Assessment

We understand that risk assessment is the most important information security activity that an organization should perform. SPARK Risk Management services are structured to focus on information, to help organizations understand the relevance of threats and vulnerability to their business. Our experienced security team is 100% focused on information security and brings a long experience to the table, as well as industry-recognized certifications and regulatory compliance expertise.

Vulnerability Assessment

Spark Vulnerability Assessment (VA) service helps our clients in identifying the vulnerabilities that may exist on all layers such as network, operating systems, databases and applications.

Internal and external vulnerability scanning managed by security experts to identify and remediate exposures.

  • Perform vulnerability scanning.
  • Verification of accuracy.
  • Recommend changes and patches.
  • Test.
  • Establish a comprehensive hardening plan.
Technology concept. 3D render

Penetration Testing

A penetration test is a proactive and authorized attempt to compromise information security and access sensitive data by taking advantage of vulnerabilities. SPARK can cover the following areas:

  • Network Penetration Testing Services – External or Internal 

We simulate real-world attacks to provide a point-in-time assessment of vulnerabilities and threats to your network infrastructure.

  • Web Application Penetration Testing Services 

In addition to the Open Source Security Testing Methodology Manual (OSSTMM) and the Penetration Testing Execution Standard (PTES) SPARK’s application penetration testing service leverages the Open Web Application Security Project (OWASP), a comprehensive framework for assessing the security of web-based applications, as a foundation for our web application assessment methodology.

  • Mobile Application Penetration Testing Services 

As the widespread use of mobile applications continues to grow, consumers and corporations find themselves facing new threats around privacy, insecure application integration, and device theft. We go beyond looking at API and web vulnerabilities to examine the risk of the application on a mobile platform. We leverage the Open Web Application Security Project (OWASP), Open Source Security Testing Methodology Manual (OSSTMM), and Penetration Testing Execution Standard (PTES) methodologies to thoroughly assess the security of mobile applications.

  • Wireless Network Penetration Testing Services 

Network and Configurations Review

A Security Network Architecture and Configurations Review help you to identify if its components are compliant with the industry’s best practices and Information security standards.

We will help address:

  • Ensure secure communications.
  • Verify the firewall blocking or intrusion detection system (IDS) of malicious activities.
  • Servers’ current configurations are secure.
  • The ability of an attacker to take control due to configuration weakness.
  • Ensure Authorized access.

SPARK provides a detailed analysis of the security architecture of your network, including network topology, installed components, device properties, configurations, information exchange protocols, allowed services, etc

Datacenter linear design including server infrastructure and information security cloud storage and microchip system vector illustration

Source Code Security Review

With our Source Code Review service, SPARK consultants will help the Customer understand the risk associated with the application by analyzing the software’s source code and providing a comprehensive list of vulnerabilities. A detailed summary of all vulnerabilities is produced along with a description of the underlying code issues and methods to address the vulnerabilities. 

  • Software vulnerabilities can be identified as early as possible before more expensive to rectify the problems
  • Educates the Customer about the importance of application security while they are developing the source code
Information Security Management System (ISMS)

An information security management system (ISMS) is a set of policies and procedures for systematically managing an organization’s sensitive data. The goal of an ISMS is to minimize risk and ensure business continuity by pro-actively limiting the impact of a security breach.

It can be targeted towards a particular type of data, such as customer data, or it can be implemented in a comprehensive way that becomes part of the company’s culture.
Global data security, personal data security, cyber data security online concept illustration, Internet security or information privacy & protection idea, software access data as confidential, abstract hi speed internet technology. Rendering flat isometric illustration isolated on white background.

Information Security Awareness

The purpose of awareness programs is simply to focus attention on information security. Awareness programs are intended to allow individuals to recognize IT security concerns and respond accordingly. Awareness relies on reaching a broad audience with attractive packaging techniques. At SPARK, we develop customized awareness programs for our clients, which include:

  • Information Security Awareness Materials: flyers, banners, roll-ups..etc
  • Electronic Materials: Informatic emails, newsletters, screen savers, phishing campaigns, etc.
  • Face2Face workshops: in-class presentations and interactive sessions.

ISO27001 Certification Methodology

Gap Assessment and Scope Definition

Initial certification begins with a thorough understanding of your organization’s posture, an assessment of the current information security state of your organization against ISO 27001 standards as well as defining the scope for ISO 27001 certification.

Pre-Audit Assessment

SPARK’s ISO 27001 consulting team conducts an internal audit against the ISO 27001 standard and develops a corrective action report for the closure of the audit findings. We conclude with a confirmation of organizational readiness for the external ISO 27001 certification.

Risk Assessment

An information asset register is developed to reduce asset duplication, encourage greater efficiency and spot any potential risks. Risk assessment activities are used to identify and evaluate all possible security threats and vulnerabilities in the system before defining the risk appetite of the organization to plan for risk mitigation or treatment actions.

ISMS Framework Development

Next, we develop the policies and procedures for ISMS (Information Security Management System) implementation. This includes the definition of governance structure for the organization’s ISMS, developing the required process to support the ISMS implementation including policies and procedures and performance metrics to evaluate the ISMS implementation.

ISO 27001 Certification Support 

Finally, SPARK experts identify and select an external certification body, coordinate with certification auditors, as well as assist in the certification audit by providing all required documents and evidence for the auditor. We also provide full support to maintain your ISMS performance.

Training and Implementation Support

SPARK delivers security awareness sessions for all employees in the scope of the certification as well as trains the stakeholders who are responsible for the ISMS implementation on the defined ISMS framework. We also provide ongoing support for the implementation team and advisory services. This includes one round of performance measurement to measure the effectiveness of ISMS implementation.