ES implements Strategy Management Systems in different sectors and organizations, with on site delivery experience and certified staff, mainly in Latin America and the Caribbean. Successful implementation of the Execution Premium Process Methodology in sectors such as energy, mining, finance, military, services among others. ES partners with ESM Software, to deliver succesful strategy projects, using the best of the breed in strategy software. The only strategy software built by the creators of the Balanced Scorecard, Drs. Robert S. Kaplan and David P. Norton.
ES delivers Cybersecurity services and solutions to organizations. If the organization is facing a security challenge, a compliance requirement or taking proactive measures ES can provide custom solutions and services to successfully achieve the goals. In today’s technology dependant world, executives and managers can’t afford to be held back by cyber threats. They need to make quick decisions and feel confident that their cyber strategy, defenses and recovery capabilities are up to their business operations needs.
Using international standards and best practices ES helps organizations to comply with information security requirements. Information Security refers to the processes and methodologies which are designed and implemented to protect print, electronic, or any other form of confidential, private and sensitive information or data from unauthorized access, use, misuse, disclosure, destruction, modification, or disruption. Experience, background and certifications of ES Staff play a huge role in reducing compliance time to the minimum in organizations.
Pentesting and Vulnerability Assessment for Network Infrastructure, Operative Systems, Web/Mobile Applications, ATM Infrastructure and WiFi Networks. Certified consultants and ethical hackers perform manual and automated tests, always using methodologies and standards such as OSSTMM, OWASP and NIST. Testing security controls from physical security to Social Engineering, providing visibility and mitigation tasks. Some tests may include Code Analysis.
Credit Card Payment Industry became one of the prime targets of hackers and cyber threats. ES provides consulting and solutions for PCI-DSS compliance requirements. The PCI Standard is mandated by the card brands and administered by the Payment Card Industry Security Standards Council. The standard was created to increase controls around cardholder data to reduce credit card fraud. Validation of compliance is performed annually.
Information security risk assessment is an on-going process of discovering, correcting and preventing security problems. The risk assessment is an integral part of a risk management process designed to provide appropriate levels of security for information systems. Risk assessment will help each organization to determine the acceptable quantitative level of risk and the resulting security requirements for their processes and areas. Risk Analysis is done using ISO27005.
ISO/IEC 27001 is an information security standard, part of the ISO/IEC 27000 family of standards. ISO/IEC 27001 specifies a management system that is intended to bring information security under management control and gives specific requirements. Organizations that meet the requirements may be certified by an accredited certification body following successful completion of an audit. Note that ISO27001 is designed to cover much more than just IT, it covers other areas of the organization such as Human Resources, Supply Management, Physical Security among others. ISO27001 gives an holistic approach to Information Security.
Business continuity is the planning and preparation of a company to make sure it overcomes serious incidents or disasters and resumes its normal operations within a reasonably short period. This concept includes the following three key elements: Resilience, Recovery and Contingency. ISO 22301 is a management system standard that specifies requirements to plan, establish, implement, operate, monitor, review, maintain and continually improve a documented management system to protect against, reduce the likelihood of occurrence, prepare for, respond to, and recover from disruptive incidents when they arise.
ISO/IEC 20000 is the first international standard for IT service management. Formally: ISO/IEC 20000-1:2011 includes "the design, transition, delivery and improvement of services that fulfill service requirements and provide value for both the customer and the service provider. This part of ISO/IEC 20000 requires an integrated process approach when the service provider plans, establishes, implements, operates, monitors, reviews, maintains and improves a service management system. ISO/IEC 20000, like its BS 15000 predecessor, was originally developed to reflect best practice guidance contained within the ITIL framework, but includes another.
Risk management is the ongoing process of identifying, assessing, and responding to risk. To manage risk, organizations should understand the likelihood that an event will occur and the potential resulting impacts. With this information, organizations can determine the acceptable level of risk for achieving their organizational objectives and can express this as their risk tolerance. With an understanding of risk tolerance, organizations can prioritize cybersecurity activities, enabling organizations to make informed decisions about cybersecurity expenditures.
Information Security and Cyber Security Certified Training:
Information and Cybersecurity requirements and needs change between organizations, depending on the sector and size. InfoSec360 is a model that allows organizations from all sizes and sectors to introduce and reinforce information and cybersecurity controls to their processes and areas. ES performs several activities depending on the information security maturity in the organization, in order to identify and protect information assets. Reducing cybersecurity risks by delivering information and visibility.
Certified team members with international experience:
Members of the ISO/IEC JTC 1/SC 27/WG 1 the committee where ISO27001 is created.
OWASP Guatemala Chapter President on the Team Lead
ISOC Cybersecurity Sig Members
Team Certifications: CISSP, CCNA, OPST, CISA, ISO27001 Lead Auditors, ISO20000, CISM, ISO27005, ISO22301, CCSA, CCSE, ITIL, Ethical Hacking, Forensics, PMP, among others.
Countries with successful deliverd projects: Guatemala, El Salvador, Mexico, USA, Colombia, Panama, Nicaragua, Peru, Brasil, Argentina, Uruguay, Ecuador, Dominican Republic, Bolivia.
Project Management in all projects and services.
Vía 4 1-00 Zona 4, Edificio Tec 2 Oficina 1001 Guatemala City, Guatemala. 01004