Your compliance with the Cybersecurity framework is our mission

We have the mission to support complex organizations in implementing cyber security frameworks, thanks to the Security Operations Center (SOC) operated by Axians Switzerland and

E-Venture Business Solutions cyber governance experience when supporting Clients directly on site.

E-Venture Business Solutions
National Institute of Standards and Technology (NIST)

National Institute of Standards and Technology (NIST)

We support you in designing and implementing the  NIST cyber security framework.

SOC services implementation with  Transition projects

SOC services implementation with  Transition projects

Following PMI standards, we are responsible for the Transition Project, integrating the Axians SOC services into your organization.

Post-production maintenance and support

Post-production maintenance and support

After the Transition Project, we assign you a dedicated Account Manager and provide local technical support to facilitate your business and maintain the solution.

Cyber security awareness training

Cyber security awareness and Cyber safety training

Everyone in your organization is responsible for cyber security, from the top management to the employees level. Our Cybersecurity Awareness workshop program is tailored according to your needs.

E-Venture Business Solutions Cybersecurity National Institute of Standards and Technology NIST Bahrain Gulf Cooperation Council Cybersecurity NIST Framework

National Institute of Standards and Technology:
an interdisciplinary approach to cyber security

Cyber security is an acknowledged discipline transversal to any corporate organization, requiring different skills from the involved professionals. Cyber security is no longer a field dedicated to IT professionals only but rather everyone's responsibility. 

We assist you in implementing your cyber security framework according to the National Institute of Standards and Technology (NIST) approach.

E-Venture Business Solutions Cybersecurity National Institute of Standards and Technology NIST Bahrain Gulf Cooperation Council Cybersecurity NIST Framework

Following the NIST cyber security framework (Core, Implementation Tiers and Profile), our business analysts will drive you through the processes and procedures' design and implementation phase, a requirement to comply with regulators and international industry standards (e.g. in Bahrain NIST methodology is a requirement for the Central Bank of Bahrain).

E-Venture Business Solutions Cybersecurity National Institute of Standards and Technology NIST Bahrain Gulf Cooperation Council Cybersecurity NIST Framework

Understanding the complexity of your organization is the first step to developing a proper cyber security framework, proceeding with a complete inventory of your assets, identifying the ones that need to be protected to grant the continuity of your operation. 

Detecting and responding to a security incident is the second step and needs to be executed with cutting-edge technology tools like the one provided by a SOC. 

Establishing a SOC to identify, investigate and respond to cyber incidents is a legal requirement for many regulators (e.g. in Bahrain, the Central Bank of Bahrain, ref. OM-5.5.35).

E-Venture Business Solutions Cybersecurity National Institute of Standards and Technology NIST Bahrain Gulf Cooperation Council Cybersecurity NIST Framework Data Governance Data Classifications

Knowing your assets means understanding your IT infrastructure but it requires also a deep understanding of your information data structure. Developing a Data Governance framework is a must to prevent cyber security incidents.

"Data Governance is the specification of decision rights and an accountability framework to ensure the appropriate behaviour in the valuation, creation, consumption and control of data and analytics"
Data Governance Definition (Gartner)

Public: information of public domain or easily accessible by every individual inside and outside the organization.

Internal: information not accessible outside of the company but shareable between different departments. Personnel can have access to internal information with specific user profiles.

Confidential: information accessible only with specific authorization procedures. Data loss of confidential information could create a severe impact on the business operation.

Restricted: unauthorized access to restricted information can have a disruptive impact on the company’s business and, under certain circumstances, is a breach of law.

E-Venture Business Solutions RACI Template Cybersecurity National Institute of Standards and Technology NIST Bahrain Gulf Cooperation Council Cybersecurity NIST Framework Data Governance Data Classifications

Cyber security incidents are not related to IT Infrastructure attacks only. Data leakages are often due to a wrong data design and organizational responsibilities arrangements.
Our executives will support you in developing the correct approach in defining your Data Governance framework, following international standards of quality.

Transition Projects - Activate Axians' SOC
services at your site

Before activating the 24x7 Axians' SOC operation, we design and implement a Transition Project to integrate SOC services into your IT Cyber security framework.

E-Venture Business Solutions is responsible for the Transition Project. We adopt international standard methodologies for the Transition Project implementation, adapting the solution depending on the Client's reality.

E-Venture Business Solutions Transition Project Cybersecurity National Institute of Standards and Technology NIST Bahrain Gulf Cooperation Council Cybersecurity NIST Framework

Phase 1 - Conceptual design

This phase aims to conceive and plan the implementation of the SIEM architecture and the adaptation of the future way of working. In addition, we define the interface process for the classification, processing and escalation of security incidents and coordinate the customer and Axians' teams.

Phase 1 includes the following work packages executed at the customer's site:

 

  1.  Kick-off workshop;

  2. SIEM rollout planning; 

  3. SOC process adjustment; 

  4. Client's cyber security framework analysis. 


The output is a detailed project plan for the technical and procedural implementation, based on the results developed and documented in these workshops. The parties have to approve the project plan as it is the first milestone of the overall Transition Project.

Phase 2: Installation phase

The Axians' SOC parameterization setup starts based on the collected use cases during installation.
Use cases are continuously refined and adjusted as part of the standard transition and implementation project.

The installation phase includes the following work packages:

 

  1. SIEM (Security Information and Event Management) set-up;

  2. Process integration; 

  3. Testing. 


The SIEM availability is a crucial prerequisite for the operational takeover for the parameterization and the test activities of the overall solution.

The SIEM as a component of the Client cyber solution is a legal requirement for many regulators (e.g. Central Bank of Bahrain OM-5.5.31)

Phase 3: Optimization phase

After the installation phase competition, the system optimization starts as part of a pilot operation, including the below:

 

  1. Pilot operation;

  2. Structure of service management and reporting; 

  3. Final validation. 


After verifying the service functionality, the transition to continuous security monitoring and operation of the platform is complete, though even after commissioning, regulations and processes are continuously analyzed and maintained.

Dedicated Account Management

E-Venture Business Solutions Account Manager
04 W.png

Vulnerability Management and Compliance Service (VMC)

The cyber security framework is continuously evolving and has to be maintained and tailored according to the Client's needs and changing requirements,

Our Account Managers are executives with solid experience and technical skills; they are the trade union between the business organization, Axians' expertise and our business analysts involved in all the aspects of the cyber security framework development and maintenance.

E-Venture Business Solutions Cyber training

E-Venture Business Solutions Cybersecurity National Institute of Standards and Technology NIST Bahrain Gulf Cooperation Council Cybersecurity Awareness

The ever-increasing complexity of Information and Communications Technology highlighted the fragility of security infrastructures, although technologically advanced, if not integrated with a good training course for end-users.

Cybercrime prevention is not the technical specialist's responsibility only, but any employee's duty, as improper behaviour might impact all the company.

In the form of an interactive workshop, the seminar aims to provide participants, regardless of the IT background, with a deep understanding of how the daily practice's correctness can foil many of the most known cyberattacks.

We started our Cyber security awareness and Cyber safety workshops cooperating with universities in Bahrain in October 2021, and new training sessions are also under planning for 2022.

Contact us for having the complete workshop agendas overview or, if you prefer, to have tailored sessions at your site.

Attackers tend to follow a repetitive pattern; they prefer low-hanging fruit provided by easy targets. That’s why protective measures should be geared to improving one’s digital resilience or maintaining it at a high level. We rely on a vulnerability scanner that is integrated in our security incident management process as an optimal augmentation of our SOC services. Axians’ vulnerability management & compliance service (VMC) provides for the identification, assessment and remediation of (technical) infrastructure vulnerabilities. Axians offers you a 360-degree VMC service. We take care of planning and architectural design, implementation and integration in your infrastructure, and attend to the operative management of scanning, reporting, automation and integration. And we advise you in the remediation process if the need should arise.