OranSec information and cyber security

טכנולוגיה וסייבר

Company profile:

'OranSec Information Security' is part of Orantech Group, a leading consultancy company in the field of project management, with 25 years of experience and diverse cliental, in Israel and abroad. OranSec’s consultancy methodology encompasses a wide experience in a broad array of disciplines in the fields of data security, risk management and regulation. OranSec provides a full gamut of security services and establishes data security infrastructures for clients in Israel and abroad.

Our company's specialists are considered to be among Israel’s leading professionals in information security. The diversity of our employees’ skills allows OranSec’s experts to provide our customers with the widest possible range of data security services at any stage of any process, from the initial risk analysis and the ascertainment of vulnerabilities, through the establishment of an organizational security infrastructure, installation and implementation of specialized security tools and systems, developing of policy and procedure, preparation toward certifications, enforcement and auditing, and much more.

Our satisfied customers extend into all international markets, including health, financial, telecommunication, ISP, security, aviation, manufacturing, governmental and other organizational categories.

 

Elaborations of Some of OranSec’s Leading Services: 

Contact us:

Address

Nirim St. 2, Tel Aviv

Aviation links building floor No. 4

Email: chen@oransec.co.il

Phone & fax

Phone: 03-3004747

Fax: 03-3004746

 

The ISO 27001 is an international standard whose scope specifies requirements for establishing, implementing and documenting information security management systems (ISMSs). It stipulates security controls to be implemented in accordance with security needs of specific organizations.

Structuring a security management system, on all its phases and controls, ought to yield a well constructed organization, able to minimize risks to vulnerable information and its systems.

OranSec prepares customers in creating a sufficient security infrastructure, through a thorough policy construction, risk analysis, asset analysis, risk management, procedure generation, implementation, training, DRP & BCP and control management.

OranSec escorts the customer throughout all stages of preparation, consulting management, CEO’s, CSO’s and other professional staff, regarding all aspects of security infrastructure generation, maintenance and control. Every service granted by OranSec follows ISO 27001 guidelines in order to provide the highest standard of security performance.

Our highly qualified methodology team consists of Merav Vered, OranSec’s CEO, who is a BS7799 Lead Auditor, trained and certified by BSI (British Standard Institute) in England and an ISO 27001 Lead Auditor, trained and certified by IRCA. Merav is equipped with the highest level of methodological education, which is acknowledged worldwide. Merav is also a senior instructor in ISO 27001 Lead Auditor courses. Along side of her, are highly commendable senior information security consultants, each with over 20 years of experience in the field.

Preparation toward ISO 27001 Certification – Information Security:

 

ISO 27799 is a leading information security standard which focuses on health oriented organizations (Ministry of Health, hospitals, public or private clinics, health merchandise suppliers, 3rd parties within the health industry, etc.). 

The standard deals with the security of sensitive information contained in the organizational processes, technologies, mechanisms and tools.
OranSec has escorted some of Israel’s’ major hospitals, clinics and suppliers toward a successful and praised information security infrastructure which complied and passes the ISO 27799 audit. OranSec has been chosen in 2011 to escort Israel’s Ministry of Health and has been triumphantly engaged in this project since.

Preparation toward ISO 27799 Certification – Health Organizations:

 

Preparation toward ISO 9001 Certification – Quality Assurance:

The ISO 9000 family of international quality management standards and guidelines has earned a global reputation as the basis for establishing quality management systems.

ISO 9000 is rapidly becoming the most popular quality standard in the world. Thousands of organizations have already adopted this important standard, and many more are in the process of doing so. ISO 9000 applies to all types of organizations, in any size or field.

ISO 9001 is a quality assurance model made up of 20 sets of quality system requirements. This model applies to organizations that design, develop, produce, install, and service products. ISO expects organizations to apply this model, and to meet these requirements, by developing a quality system.

OranSec establishes, designs and escorts leading organizations in the preparation toward a successful ISO 9001 audit and a well maintained quality infrastructure.

 

Penetration Tests - Application and Infrastructure:

OranSec conducts penetration tests, both in the application and in the infrastructure facet.
The PT's could be performed in either WhiteBox, GreyBox or BlackBox methodologies.
Our PT's will furnish the client with a risk table which portrays the risk description, the risk level and its mitigation options, along with screen shots of the actual findings.

 

Penetration Tests - Application and Infrastructure:

OranSec conducts penetration tests, both in the application and in the infrastructure facet.
The PT's could be performed in either WhiteBox, GreyBox or BlackBox methodologies.
Our PT's will furnish the client with a risk table which portrays the risk description, the risk level and its mitigation options, along with screen shots of the actual findings

Risk Assessment & Security Audit:

OranSec’s security audit is designed to investigate and report on the customer’s security vulnerabilities and risks. Once vulnerabilities and their valuation are analyzed, a strategy and tactical plan to address weaknesses can be developed.

Our audit includes a comprehensive evaluation of security management controls and processes including policy, procedures, organization, physical security, network security, application and data security, messaging security and commerce security.

The audit also includes but is not limited to: identifying internal and external vulnerabilities, evaluating existing security practices, recommending practical action plans, and creating professional documentation that will form the basis of a sound security program

 

Features and Benefits of OranSec’s Security Audit:

1. Identify the effectiveness of the customer’s current security program. Validate compliance against international standards (ISO 27001), laws or regulations.

2. Perform due diligence responsibility to managerial level personnel.
3. Understand your network vulnerabilities Assess and evaluate risks.
4. Probe for security holes, and expose weaknesses.

5. Prioritize security initiatives.

6. Determine incident response readiness.

7. Evaluate and test business continuity and disaster recovery capability.

Relying on a combination of technical and subjective methods, OranSec can assess the effectiveness of existing practices and countermeasures and compare actual security against policy goals in both quantitative and qualitative terms. Security operations auditing can be useful for providing partners and customers with verifiable evidence of security compliance.

 

Security Policy Development, Implementation and Enforcement:

An effective security policy will create the necessary structure to define and enforce the rules of safe security operation. Managing information security without a policy is nearly impossible. 

We offer best practices and processes in building, deploying and maintaining security policy in the company. Our policy will be tailored to your organization based on size, risk tolerance, employee skill level, and individual business needs. 

 

Security Procedures:

OranSec is highly experienced in tailoring security procedures, which follow the customer’s organizational policy. Our procedures consist of operational guidelines that closely answer to the technological and organizational circumstances, optimal for the company. 

 

Physical Security:

Our company is highly experienced in designing physical security infrastructures that would best serve to minimize our client’s risks. Our planning and consulting are based on thorough mapping of the current physical situation and security risks that take into consideration vulnerability aspects, both in security and business aspects. 

Among our consulting services, we plan security systems that would best fit the company’s needs and we establish processes and procedure that would support the infrastructure. We conduct various inspections throughout the implementation process and after it, to verify proper compliance with the preliminary requirements.  

 

Human Engineering:

Our staff is highly experienced in human engineering projects, in which we approach the company, physically or via phone, and attempt to retrieve sensitive personal or business information. These actions are executed through using the disguise of customers, business partners, cleaners or maintenance staff. 

In physical approach operations, our staff actually pretended to be a cleaner or a maintenance person to enter the company and actually reach information. Findings of such operations are later analyzed, to produce statistical graphs, severity rankings and recommendations.

 

Training:

OranSec is highly experienced in creation of security courses, consisting of construction, management and implementation of employee awareness courses and professional trainings.

 

Project Management:

OranSec’s staff is experienced in managing security projects in wide aspects. Our experience consists of projects such as the ID Card Governmental project in Africa, where we planned and managed the physical security infrastructure, developed operational processes, established written procedures, consulted and escorted the implementation, within the entire project. 

 
  • White Facebook Icon
  • White LinkedIn Icon

כל הזכויות שמורות לאורנטק מערכות ניהוליות © 2019

'אורנסק אבטחת מידע והגנה בסייבר' מתמחה בכל קשת שירותי הייעוץ בתחומי אבטחת המידע. שירותי אורנסק מבוססים על שנות ניסיון רבות של גיבוש, הקמה וניהול תשתיות אבטחת מידע בקרב ארגונים מובילים בארץ ובחו"ל, ביניהם ממשלות וארגונים מענפי הרפואה, התקשורת, ההייטק, הבנקאות, הבטחון, התעשייה והמסחר. אורנסק הינה חלק מחברת 'אורנטק מערכות ניהוליות', ועושה שימוש בידע והניסיון שצברה אורנטק בתחום ניהול הפרויקטים ופיתוח תוכנה וכלים ממוחשבים ייחודיים.