Professional Services

Information Security Policy & Procedures Development

Security policies are the basis for a sound security implementation and are fundamental for the overall security posture of an organization, and provide governance and guidance. The implementation and operation of any security solution without appropriate policies, standards, and procedures may result in inaccurate and ineffective security controls, and higher risks.

Based on our information security expertise, in-depth knowledge of industry practices, awareness of regulatory requirements, and experience of developing and reviewing security policies and procedures for many organizations, we have formulated a methodical process that ensures clarity, consistency, completeness and organization of the developed policies and procedures, to ascertain that all business and IT control requirements are met. We follow international standard ISO 17799:2005 for developing corporate Information Security Policy.

Brochure Download


Technology Risk Management
Technology Risk Management



Business Continuity Management

Business Continuity Management (BCM) is a process that provides a framework to ensure resilience of the business to any eventuality and to ensure continuity of service to key customers and protection of the brand and organizational reputation. It provides ongoing management and governance process supported by senior management to ensure that necessary steps are taken to identify the impact of potential losses, maintain viable and timely recovery strategy, ensure continuity of products/services, and provide a basis for planning to ensure the organization’s long-term survivability following a disruptive event.

The Business Continuity Planning provides detailed procedures to facilitate continuity of business operations while the Disaster Recovery Planning provides detailed procedures to facilitate resumption of IT capabilities at an alternate site.

We use industry standards and guidelines for Business Continuity Management such as NIST and BS25999-1:2006.

Sidat Hyder Morshed Associates develops Business Continuity and Disaster Recovery plans that are clear, concise and customized to the needs of the organization’s business, incorporating international standards, guidelines and frameworks. We assess the readiness and prepare organization’s for unplanned events and disruptive incidents from accidents, criminal activity and natural or man-made disasters that can have catastrophic effects.

Risk Assessment and Management

SHMA simplifies and targets the risk assessment and risk management process to provide the organization with a flexible tool to assist in monitoring and evaluating performance in a systematic and structured way. We develop Information Risk Management Framework based on the international standards BS7799-3:2006 and best practice guidelines of ‘Octave’.

The following core objectives of risk management are addressed in a typical risk management activity:

1. Risk Management Planning
2. Assets Identification
3. Risks Identification & Assessment Techniques
4. Identification of Acceptable Level of Risks (Risks Acceptance)
5. Identification of Risks Treatment Methodology
6. Ongoing Risks Monitoring and Evaluation

The risk management framework facilitates to provide association between Information Assets and corresponding threat to find risks associated to each Information Asset.

While performing Risk Analysis, we consider both approaches i.e. Quantitative and Qualitative.

Information Security Gap Analysis

The Information Security Gap Analysis Program (ISGaP) methodology employs a standardized approach to review and measure the information security posture of an information security program. The objectives are to:

As part of a Security Baseline Review, we identify and report:

  • Identify information security program deficiencies;
  • Identify current Information Security posture of an organization;
  • Establish a security program baseline to measure future improvements;
  • Provide a roadmap and supporting information for developing Information Security Strategy;
  • Prepare for or conduct an assessment, evaluation, or a review of an information security program.

The Information Security Gap Analysis is intended to identify gaps and provide recommendations for developing an information security program, so it will successfully protect information against loss of Confidentiality, Integrity, or Availability, and determine the current information security posture to establish the roadmap upon which a successful Information Security strategy can be built.

As part of a Security Baseline/Review, an organization will receive a report identifying:

  • The strengths of your current information security environment;
  • High Level analysis of current security environment vulnerabilities and associated risks;
  • Identify areas that require immediate attention;
  • Provide assessment of the maturity ranking of information security management within the organization based on CobiT Maturity Model;
  • Propose a target maturity ranking for the organization to aim for; and
  • Recommended roadmap to develop an Information Security Strategy aligned with technology and business requirements.

IT Security Architecture Development

  • SHMA assists organizations by Conducting Current State Assessment (CSA) of the IT infrastructure security status and detection of key concern areas. Recommendations are provided to mitigate the security vulnerabilities by implementing effective controls.
  • Security Architecture provides the framework and a conceptual information security infrastructure blueprint to enable secure communication, protect organization’s business processes and information resources, and ensure that new technologies and methods for delivering services are secure and further ensure the integrity, reliability, availability, and confidentiality of important information while establishing a robust and secure computing environment.

IT Governance Consulting

Information Technology is essential to manage an organization’s operations and business transactions. In many organizations, IT is fundamental to support, sustain and grow the business.

While many organizations recognize the potential benefits that technology can yield, the successful ones also understand and manage the risks associated with implementing new technologies.

Among the enterprise's challenges and concerns are:

  • Aligning IT strategy with the business strategy.
  • Cascading strategy and goals down into the enterprise.
  • Providing organizational structures that facilitate the implementation of strategy and goals.
  • Insisting that an IT control framework be adopted and implemented.
  • Measuring Information Technology’s performance.

IT governance and the effective application of an IT governance framework are the responsibilities of the board of directors and executive management. IT governance is an integral part of enterprise governance and consists of the leadership and organizational structures and processes that ensure that the organization's IT sustains and extends the organization's strategies and objectives.

IT governance framework, such as Control Objectives for Information and related Technology (CobiT) can be a critical element in ensuring proper control and governance over information and the systems that create, store, manipulate and retrieve it.

SHMA uses COBIT IT governance framework and supporting toolset to implement IT Governance structure within organizations that allows bridging the gap between their control requirements, technical issues and business risks. COBIT enables clear policy development and good practice for IT control throughout the organization.

Copyright © 2022 - 2026 Sidat Hyder Morshed Associates - All Rights Reserved.
  • Information Technology Risk Management