Over 10 years we help companies reach their financial and branding goals. Engitech is a values-driven technology agency dedicated.

Gallery

Contacts

411 University St, Seattle, USA

engitech@oceanthemes.net

+1 -800-456-478-23

Twitter Facebook-f Pinterest-p Instagram

Intelligent Data Services

The governance, risk, and compliance (GRC) framework helps an organization to align its Information Technology with its business objectives while managing risk & regulatory compliance requirements.

Governance cyber security

Governance

Selection of the right framework of rules, relationships, systems and processes, including mechanisms to hold an organisation’s people to account. We help design a contemporary and effective governance framework and implement GRC technologies to support you stay on course as you achieve your purpose and goals.

Risk Management from malware

Risk Management

We enable an organization to evaluate all relevant business and regulatory risks and controls and monitor mitigation actions in a structured manner. We advise across the spectrum of risk management, offer managed services and consulting as well as risk culture and business continuity assessments.

governance risk and compliance(GRC) solutions + Compliance Assessments

Compliance

To create an effective compliance program, organizations need to understand what areas pose the greatest risk and focus resources on those areas. Then, policies should be developed, implemented, and communicated to employees in order to address those areas of risk.

Concave FORT & GRC

Concave FORT’s governance, risk and compliance (GRC) services enable the client to address the broad issues of corporate governance, enterprise risk management, and effective corporate compliance and offer specialized consultancy in key areas such as information technology.

We can help organizations: Identify, Remediate, Monitor, Exploit, and manage enterprise risks.

Moreover, using different sets of frameworks addressing the utilization of People, Processes and Technology, to improve GRC effectiveness & help manage costs.

Our Cyber Plan

Our Cyber Plan is blend of multiple frameworks and compliances based on the following key compliances/frameworks.
NIST CSF

NIST CSF

This voluntary framework consists of standards, guidelines and the best practices to manage cybersecurity risk. This offers cost and time savings over security protocols that respond to the current crisis.

OWASP

OWASP

OWASP is a free and open security community project that provides an absolute wealth of knowledge and tools to help anyone involved in the creation, development, testing, implementation and support of a web application to ensure that security is built from the start and that the end product is as secure as possible.

ISO 27001

ISO 27001

ISO framework is a combination of policies and processes for organizations to use. ISO 27001 provides a framework to help organizations, of any size or any industry, to protect their information in a systematic and cost-effective way.

CREST

CREST

CREST is a blend of all the methodologies and approaches incorporating controls and roadmap for the penetration testing. The CREST also includes a follow up practice and a maturity model to check the overall maturity of the organization -> building trust & satisfaction.

CMMC

CMMC

The primary goal of CMMC is to improve and ensure the safeguarding of sensitive data, including Controlled Unclassified Information (CUI) and Federal Contract Information (FCI) associated with federal contractors.

PCI DSS

PCI DSS

The PCI DSS contains technical requirements which protect and secure payment card data during processing, handling, storage, and transmission. All businesses that handle payment card data, no matter their size or processing methods, must follow these requirements and be PCI compliant.

NIST CSF - Cybersecurity Framework

Cybersecurity Framework

Identify

To Manage Cybersecurity Risk to systems, assets, data, and capabilities. What we do?

  • ASSET Management
  • Business Environment
  • Governance
  • Risk Assessment
  • Risk Management Strategy
  • Supply Chain Risk Management
Protect Identity Management & Access Control

Protect

Safeguards to ensure delivery of critical infrastructure services. What we do?

  • Identity Management & Access Control
  • Awareness & Training
  • Data Security
  • Information Protection Processes & Procedures
  • Maintenance
  • Protective Technology
Security Continuous Monitoring & Detection Phases

Detect

Implementation of appropriate mechanisms to identify the occurrence of cybersecurity incidents. What we do?

  • Anomalies & Events
  • Security Continuous Monitoring
  • Detection Phases
Response Planning, Communications & Analysis

Respond

Take actions regarding a detected cybersecurity event. What we do?

  • Response Planning
  • Communications
  • Analysis
  • Mitigation
  • Improvements
Recovery Planning & Communications

Recover

Implementation of the appropriate processes to restore capabilities & services impaired due to cybersecurity events thus, maintenance & restoration of services. What we do?

  • Recovery Planning
  • Improvements
  • Communications
OWASP

OWASP SAMM v2 is an effective and measurable way for all types of organizations to analyze and improve their software security posture.

ISO 27001

  • Information Security Policies
  • Organization of Information Security
  • Human Resource Security
  • Asset Management
  • Access Control
  • Cryptography
  • Physical & Environmental Security
  • Operations Security
  • Communication Security
  • System Acquisition, Development and Maintenance
  • Supplier relationships
  • Information security incident management
  • Information security aspects of business continuity management
  • Compliance

CMMC Domains

  • Access Control
  • Asset Management
  • Awareness and Training
  • Audit and Accountability
  • Configuration Management
  • Identification and Authentication
  • Incident Response
  • Maintenance
  • Media Protection
  • Physical Protection
  • Personnel Security
  • Recovery
  • Risk Assessment
  • Security Assessment
  • Situational Awareness
  • System and Communications Protection
  • System and Information Integrity

PCI DSS

Goals of PCI DSS

Build
Build

Maintain a secure network & systems

Protect
Protect

Cardholder data

Maintain
Maintain

A vulnerability management program

Implement
Implement

Strong access control measures

Regularly
Regularly

Monitor & test networks

Maintain
Maintain

An information security policy

Our Implementation

Governance

  • Centralize all policy documentation in a repository
  • Role-based access control to documentation
  • Support for policy change management through check-in, check-out, review workflow and notification
  • Balanced scorecards
  • Risk scorecards
  • Operational dashboards
  • Options policy compliance
  • Certifications

Risk Management & Assessment

  • Risk Management
  • Risk scope
  • Identify assets and processes included in an assessment
  • Select controls included in the scope
  • Risk Assessment
  • Automate risk assessment workflow
  • Capture near misses and other events
  • Ensure completeness of data collected
  • Tabulate assessments
  • Risk calculation and prioritization
  • Calculate and aggregate risk
  • Risk heat maps for visual representation
  • Risk remediation
  • Root cause analysis
  • Remediation workflow
  • Reporting and disclosure
  • Status, dashboards, scorecards

Compliance

  • Scope
  • Control hierarchy: processes/risks/controls
  • Assets
  • Testing
  • Test effectiveness of controls
  • Manual
  • Automatic
  • Multiple scheduling techniques
  • Reporting of results including highlighting issues
  • Remediation
  • Issue prioritization
  • Root cause analysis
  • Remediation workflow
  • Reporting
  • Status, scorecards, dashboards
  • Alerts
  • Ability to support multiple regulations - corporate initiatives as well as operational compliance initiatives.
  • Integrated document management capability