Consulting Domain for Security
10
Security Domains
30+
Frameworks
20+
Standards
100%
Professional
01
Security Strategy & Risk Management
- Enterprise security strategy development
- Threat, vulnerability & risk assessments (TVRA)
- Security governance models and frameworks
- Security maturity assessments and roadmap development
Standards
ISO 31000, NIST SP 800-30, COBIT for Risk, MITRE ATT&CK
02
Cybersecurity & Information Security
- Cyber risk assessments and ISO 27001 compliance
- Network security architecture reviews
- Identity & access management (IAM) frameworks
- Cloud and endpoint security strategy
Standards
NIST CSF, ISO/IEC 27001, SAMA CSF, NCA ECC/CCC (KSA), CIS Controls
03
Physical Security & Critical Infrastructure Protection
- Security master planning and site surveys
- Integrated surveillance (CCTV, sensors, access control)
- Perimeter intrusion detection and response
- Command & control center design (C4ISR, SOC)
Guidelines
ASIS PSP Guidelines, CPTED Principles, Saudi HCIS Standards
04
Security Operations Centers (SOC) Advisory
- Design and optimization of SOC capabilities
- SIEM solution evaluation and implementation
- Threat hunting, incident detection, and response plans
- SOC staffing, governance, and KPIs
Models
MITRE D3FEND, NIST SP 800-61 (IR), Elastic, QRadar, Splunk
05
Incident Response & Crisis Management
- Incident response plan (IRP) development
- Tabletop exercises and red/blue team simulations
- Crisis communication protocols
- Digital forensics and post-incident analysis
Frameworks
NIST IR Lifecycle, ISO 22301 (BCMS), SANS IR Handbook
06
Regulatory Compliance & Security Audits
- Gap analysis vs national or sectoral mandates
- Security policy and procedure development
- Audit readiness and support (e.g., NCA, SAMA, GDPR)
- Cyber insurance advisory and documentation
Frameworks
NCA ECC/CCC/KSA CCC-1.2, SAMA Cybersecurity Framework, GDPR/PDPL
07
Business Continuity & Operational Resilience
- BCP/DRP strategy development and testing
- Continuity of operations (COOP) planning
- Recovery Time Objective (RTO) and RPO planning
- Supply chain resilience and risk assessment
Standards
ISO 22301, FFIEC, NIST 800-34, BCI Good Practice Guidelines
08
Security Architecture & Zero Trust Models
- Secure architecture design for IT/OT/IoT
- Zero Trust security frameworks and roadmap
- Network segmentation and access control policies
- API and data protection strategies
Frameworks
NIST Zero Trust Architecture (800-207), SABSA, TOGAF Security Extensions
09
Insider Threat & Social Engineering Defense
- Insider threat risk modeling
- Monitoring of user behavior and anomalous activity
- Social engineering simulation and training
- Data loss prevention (DLP) strategies
Guidelines
CERT Insider Threat Framework, MITRE Insider Threat Model, Gartner Best Practices
10
Security Awareness & Capacity Building
- Tailored training for executives, users, and technical staff
- Security culture programs
- Simulated phishing and behavioral assessments
- Cyber drills and sector-specific capacity building
Tools
KnowBe4, SANS Security Awareness, NCA Awareness Framework (Saudi Arabia)
KSA
Saudi Arabia-Specific Alignment
- Compliance with NCA ECC, CCC, VCSP, OTCC, and CSF
- SAMA Cybersecurity Framework for financial institutions
- GACA, HCIS, and SDAIA policies for regulated entities
- Alignment with Vision 2030 Cybersecurity & National Resilience goals
- Hosting services aligned with CITC Cloud Framework