CASE STUDies

G51 Assessment Case
An international marketing research group with headquarter in Hong Kong, providing marketing services worldwide.

Size 100+ Employees International Company
Services I.T. audit and assessment based on G51
Challenge Lack of complete policy in information security. High security concern due to its service targets the public, banks and government
Results Identified the current operation and suggested improvements. Set up a set of security policy. Advisory are given for revamp of the infrastructure
Follow - up Vulnerability scanning after system production to diminish existing security holes

Challenge
In this case, our client is an international marketing research group with over 100 employees in Hong Kong headquarters. As to provide bidding for government tender, they would like to fulfill G51, the guideline published by the office of the government Chief Information Officer. Our client is facing the challenge that the policy in information security is incomplete and high security concern because of serving public and government. Our mission is to provide our assessment and recommendations to ensure our clients has a proper information security framework and implementation in accordance to G51 requirement.

Results

Through interviewing management and onsite assessment, our audit team has understood the current practice and network infrastructure of our client. In compliance with the G51 standard, our audit team has provided recommendation on setting up a set of security policy and the revamp of the infrastructure.

 

As a preliminary high level, our audit team has obtained understanding over the design of the infrastructure of our client’s online survey system and basic I.T. management framework. Our audit team has also provided improvement recommendations based on our observations. The client followed up with the recommendations given in our audit report before the pre-production assessment.

 

At the pre-production assessment, our audit team has gone through the daily operation, risk assessment and evidence collection process.

 

Our team has provided practical advisory and recommendations in addressing short term solutions and strategic plans.


Follow-Up
Under our evaluation and in-depth digging into the operation procedures, our team provided a further vulnerability assessment. A clearer picture was drawn for the existing security holes with vulnerability assessment.
With our advisory, our client can fix the above all vulnerability and ensure its security is up-to-date.

Impacts
Following our recommendations, our client has successfully fulfilled the G51 requirement and enhances its own Information Security Framework by setting up a proper set of policy and revamp of the infrastructure. Ultimately, our client has provided a secured and reliable platform for their clients and their audience.

 
I.T. Audit and Assessment
I.T. Consultation
ISO 27001 Consultation
Vulnerability Assessment and Penetration Test Vulnerability Assessment and Penetration Test Vulnerability Assessment and Penetration Test