Our capabilities

• Recurring or one-time co-sourcing engagements.
• Comprise the performance of some percentage of the total annual internal audit hours for an organization.

• Subject Matter Expertise sourcing of specific individual engagements
• Specialist skills and expertise to deliver internal audit services based on client requirements. 
• SNS Cyber’s representatives conduct the entire project on behalf of the client or collaborate with the client team to deliver the internal audit engagement.

Provisioning of Internal audit resources on loan under the sole direction of the member firm client.

We adopt a risk-based approach to evaluate and implement specialized security solutions. Our areas of expertise include:

• End-to-end Identify and Access Management solutions.
• SIEM and monitoring solutions.
• Privileged Identity and Access Management solutions.
• Secure application design and architecture.
• Mobile application security solutions.

We assist clients to effectively implement security transformation programs in consideration of the client’s technology risk reduction strategy through: 

• Security and functional requirements analysis
• Solutions options analysis
• Development of technical security standards, policies, and guidelines. 

Adoption of the cloud for existing IT environments requires a security transformation program. Our cloud consulting services and security assessments guide you through the security implications of cloud adoption. Our expertise includes:

• Cloud configuration review based on CIS AWS or Azure Foundations Benchmarks
• Cloud security assessment of your AWS, Azure/Office 365 environments
• CSPM (Cloud Security Posture Management)

We adopt a specialized security evaluation process with industry-standard methodologies that establishes facts on technical flaws and weaknesses of IT system’s security controls. The test types include:

• Black box testing
• White/Grey box testing
• Web application testing
• Web services and API endpoint testing
• Mobile application testing

Our vulnerability assessment services cover:

• Infrastructure components such as network hosts/devices, operating systems, and databases
• Application components using SAST (Static source code assessment) and DAST (Dynamic web application testing).
• Security triage and false positives identification

We assist our clients in determining the level of compliance of the information systems to organizational and regulatory technical security standards which includes:

• PCI DSS and PA DSS
• ISO 27001
• SAMA CSF (Cyber Security Framework)
• NESA (National Electronic Security Authority)
• ISR (Dubai Government Information Security Regulation)
• SWIFT CSP (Customer Security Program)
• GDPR

Highly experienced advisory experts assist in establishing and enhancing the technology risk management framework and central control framework.

• Effective tracking of varied risk ratings
• Management of exceptions to organizational policies
• Tracking of risk issues that go past due
• Define key security and governance metrics
• Technology infrastructure and application risk assessments
• Data privacy and security control assessments

Risk consultancy services provide targeted assessments for large organization-wide programs such as:

• IT infrastructure projects that involve technology transformations
• Mergers & acquisitions
• Divestments
• Third-party services integration

We provide specialized consulting during the risk response phase, which involves:

• Collaboration with the relevant stakeholders to review recommended controls
• Propose realistic mitigation plans with inputs from risk champions 
• Effective management of residual risk and alignment with the risk appetite.