Consulting Domain for Security

10
Security Domains
30+
Frameworks
20+
Standards
100%
Professional
01

Security Strategy & Risk Management

  • Enterprise security strategy development
  • Threat, vulnerability & risk assessments (TVRA)
  • Security governance models and frameworks
  • Security maturity assessments and roadmap development
Standards
ISO 31000, NIST SP 800-30, COBIT for Risk, MITRE ATT&CK
02

Cybersecurity & Information Security

  • Cyber risk assessments and ISO 27001 compliance
  • Network security architecture reviews
  • Identity & access management (IAM) frameworks
  • Cloud and endpoint security strategy
Standards
NIST CSF, ISO/IEC 27001, SAMA CSF, NCA ECC/CCC (KSA), CIS Controls
03

Physical Security & Critical Infrastructure Protection

  • Security master planning and site surveys
  • Integrated surveillance (CCTV, sensors, access control)
  • Perimeter intrusion detection and response
  • Command & control center design (C4ISR, SOC)
Guidelines
ASIS PSP Guidelines, CPTED Principles, Saudi HCIS Standards
04

Security Operations Centers (SOC) Advisory

  • Design and optimization of SOC capabilities
  • SIEM solution evaluation and implementation
  • Threat hunting, incident detection, and response plans
  • SOC staffing, governance, and KPIs
Models
MITRE D3FEND, NIST SP 800-61 (IR), Elastic, QRadar, Splunk
05

Incident Response & Crisis Management

  • Incident response plan (IRP) development
  • Tabletop exercises and red/blue team simulations
  • Crisis communication protocols
  • Digital forensics and post-incident analysis
Frameworks
NIST IR Lifecycle, ISO 22301 (BCMS), SANS IR Handbook
06

Regulatory Compliance & Security Audits

  • Gap analysis vs national or sectoral mandates
  • Security policy and procedure development
  • Audit readiness and support (e.g., NCA, SAMA, GDPR)
  • Cyber insurance advisory and documentation
Frameworks
NCA ECC/CCC/KSA CCC-1.2, SAMA Cybersecurity Framework, GDPR/PDPL
07

Business Continuity & Operational Resilience

  • BCP/DRP strategy development and testing
  • Continuity of operations (COOP) planning
  • Recovery Time Objective (RTO) and RPO planning
  • Supply chain resilience and risk assessment
Standards
ISO 22301, FFIEC, NIST 800-34, BCI Good Practice Guidelines
08

Security Architecture & Zero Trust Models

  • Secure architecture design for IT/OT/IoT
  • Zero Trust security frameworks and roadmap
  • Network segmentation and access control policies
  • API and data protection strategies
Frameworks
NIST Zero Trust Architecture (800-207), SABSA, TOGAF Security Extensions
09

Insider Threat & Social Engineering Defense

  • Insider threat risk modeling
  • Monitoring of user behavior and anomalous activity
  • Social engineering simulation and training
  • Data loss prevention (DLP) strategies
Guidelines
CERT Insider Threat Framework, MITRE Insider Threat Model, Gartner Best Practices
10

Security Awareness & Capacity Building

  • Tailored training for executives, users, and technical staff
  • Security culture programs
  • Simulated phishing and behavioral assessments
  • Cyber drills and sector-specific capacity building
Tools
KnowBe4, SANS Security Awareness, NCA Awareness Framework (Saudi Arabia)
KSA

Saudi Arabia-Specific Alignment

  • Compliance with NCA ECC, CCC, VCSP, OTCC, and CSF
  • SAMA Cybersecurity Framework for financial institutions
  • GACA, HCIS, and SDAIA policies for regulated entities
  • Alignment with Vision 2030 Cybersecurity & National Resilience goals
  • Hosting services aligned with CITC Cloud Framework
en_USEN