Security Management

IT Security Management

SPC provides customer-focused information security consultancy services by leveraging our real-world experience underlayed with our expertise in bestof- breed technologies. We prefer to be as a trusted advisor to help our clients to plan, implement and review security management strategies, while focused on human, process and technology resources to ensure that our client's security posture is improved in real and measurable terms.

Security Services


Security Planning and Organisation is a critical phase in the Security Lifecycle as a foundation for the organization's overall security management strategy. We are taking into consideration the business operations, company assets, threats and risks.

  • Risk Assessment and Security Requirements Analysis
  • IT Security Policy Development
  • Security Architecture Design
  • PKI Architecture in relation to ICAO requirements

Inside the Security Lifecycle model, the Security Audits are important as they help an organization determine its current security posture in security management processes, technologies and compliance with policies and industry best practices.

  • IT Security Policy Compliance Review
  • Security Architecture Review
  • Host Security and Configuration Review
  • Network and Application Penetration Testing


IT Risk Assessment (ISO/IEC 17799, ISO/IEC 27000 series)

We are providing independent consultancy services to organisations, both commercial and government. This includes advice and guidance on all aspects regards the use and application of the ISO ISMS (ISO/IEC 27000 Information Security Management System) family of standards as well as consultancy on risk management, information security audits, business availability and continuity and many other areas of business requirements for protecting their information systems.



As an independent company, we deliver completely unbiased advice. We stay at the forefront of information security policy and standards making so our advice addresses today's and tomorrow's business requirements for information security.

  • Development of policies and procedures
  • Advice on the interpretation and use of the ISO/IEC 27000 family of standards
  • Information security risk assessments
  • Information security metrics and measurements
  • Information security incident management and business continuity management
  • Information security and service management
  • Authoring of information security guidelines and other publications
  • Audits:
    • Health checks and gap analysis
    • Benchmarking services


Security Training, Education, Mentoring

We strongly recommend and provide comprehensive on-going education for executive management, security administrator, system administrator and end-user levels. The education is critical to maintain and enhance an organization's awareness and understanding of security threats, countermeasures and risk mitigation strategies.

  • Executive Management Awareness Briefings
  • IT Security Management for Systems Administrators