Advisory Services

We can tailor a solution based on a clearly defined statement of work, or just start with simply having a conversation to flush out the scope of a project. As part of our systematic approach, our current state IT process assessments can be used as a starting point to benchmark the health and maturity of our clients IT services. Our service offering also includes an array of managed services to enhance your existing program or process. We also have a number of partner organizations we work with to supplement the team and project as required.  Contact us for more information. 

IT Risk Management

Picture
IT risk management isn't just a policy or a simple checklist to follow. It is a process of business risk management that must be sustainable and measurable. Organizations need to continuously be aware of  the IT risks and impacts in order to make effective risk management decisions,  at an operational and management level. 
Services
  • IT governance and framework proposal
  • IT risk management policy and program implementation
  • IT process capability assessment and reporting
  • IT risk management strategy development
  • IT risk management presentation and training
  • IT risk Advisory services and risk scenario development
  • Master Service Agreement (MSA) review
Frameworks and Standards
  • ISACA COBIT 5 for Risk
  • ISO 31000 Risk Management
  • COSO ERM Internal Control Integrated Framework
  • NIST  SP 800-37 Risk Management
  • ISO 27005 Information Security Risk management
  • RCMP Harmonized Threat and Risk Assessment 

Cyber Security

Picture
With the exponential growth and access of information, cyber security is an important concern for any organization. Effective controls relating to the confidentiality, integrity and availability of data, must be embedded in daily operations. Organizations need to be aware of vulnerabilities and the level of exposure they face, in order to employ a "reasonable" level of security. Our focus is on providing well balanced solutions, which are commensurate to the value of the asset being protected.
Services
  • IT governance and framework proposal
  • IT security management policy and program implementation
  • IT security control gap assessment and reporting
  • IT security management strategy development
  • IT security architecture design and advisory services
  • IT security vulnerability and penetration testing  
Frameworks and Standards
  • ISO 27002 Information Security Standard
  • Regulatory Standards (PIPA, PCI, PIPEDA, SOX, NERC CIP)
  • NIST SP 800 Series Catalog for Information Security
  • OCIO BC Information Security Classification Framework
  • ISACA COBIT 5 for Information Security
  • Open Web Application Security Project Top 10
  • SANS Institute Reading Room

Compliance

Picture
The goal of compliance is to obtain assurance of effective controls, whether they are internal or regulatory. Verification of  controls and management practices should be done on a regular basis, not as a single point in time assessment. This is key in establishing a baseline and identifying control weakness before they are realized as risks. Fullspeed can supplement our clients audit and assurance program, or provide a complete end to end service with compliance and risk reports on a regular basis. 
Services
  • IT regulatory controls assessment
  • IT internal controls assessment
  • IT service provider assessment
  • IT compliance reporting
  • IT assurance programs
  • IT audit (internal/external) review
  • IT solution assessment
Frameworks and Standards
  • ISACA COBIT 5 Process Assessment Model
  • Cloud Security Alliance - Cloud Controls Matrix
  • NIST SP 800-115 Security Testing and Assessment
  • Open Web Application Security Project Testing Guide
  • Common Criteria for Information Security Evaluation
  • Octave Allegro Information Security Risk Assessment
  • The Open Source Security Testing Methodology Manual
  • The Penetration Testing Execution Standard (PTES)
  • SANS Top 20 / The Council - Critical Security Controls for Effective Cyber Security

Certifications

Fullspeed brings a highly qualified team of experts to guarantee the success of any project it commits to. We provide a well balanced level of skills and expertise to deliver on project success. Fullspeed's team members have the following certifications:
  • Certified Chief Information Security Officer (C|CISO), EC Council
  • Certified Information Security Manager (CISM), ISACA
  • Certified Information Systems Auditor (CISA), ISACA
  • Certified Information Systems Security Professional (CISSP), (ISC)2
  • Certified GIAC Assessing and Auditing Wireless Networks (GAWN), SANS
  • Project Management Professional (PMP), PMI 
  • Qualified Security Assessor (QSA), PCI SSC
  • Certified Human Resources Practitioner (CHRP), HRMA