Enablement in the following areas:

Above Security’s threat risk analysis covers the following stages:

o Risk Response Selection

o Risk Remediation

o Likelihood Estimation

o Impact Estimation

o Risk Evaluation

o Risk Scenarios Definition

o Vulnerabilities and Threats Identification

1- PCI DSS Compliance

All organizations that handle cardholder information are subject to mandatory

compliance with PCI DSS requirements. As a Qualified Security Assessor (QSA), Above

Security helps you address all PCI DSS requirements while reducing the associated

complexity and costs.

Above Security can simplify the implementation process by providing you with the

following cyber security technologies to ensure that cardholder data is not being

compromised:

2- ISO 27001

The ISO 27001 standard was created to manage the development and the

implementation of an Information Security Management System (ISMS), specifying

conditions to establish, implement, set up, manage, review, maintain and improve the

documented management of IT security systems for your organization. Whether it is to

prepare your organization for an ISO certification, an audit, or simply to better implement

the best practices defined by this standard, Above Security’s compliance consultants will

guide you through the necessary steps of the assessment and implementation of the five

ISO 27001:2005 control criteria:

1. Information Security Management System (ISMS)

2. Management Responsibility

3. ISMS Internal Audit

4. ISMS Management Review

5. ISMS Improvement

3- HIPAA

With the rise of dependence on electronic records, the provisions of the Health Insurance

Portability and Accountability Act (HIPAA) require the establishment of national

standards for electronic healthcare transactions and national identifiers for providers,

health insurance plans, and employers. As a leader in IT Risk Management and

Managed Security Services (MSS), Above Security can help your organization comply

with HIPAA, as well as define policies and procedures in order to comply with both

HIPAA provisions and internal regulations to protect you against external and internal

threats to patient information privacy:

4- GLBA

Under the Gramm-Leach- Bliley Act (GLBA) of 1999, financial institutions are required to

protect consumer financial information by establishing an information risk management

program. With its comprehensive set of security consulting services, Above Security has

been helping financial institutions since 1999 to comply with GLBA regulations, all while

ensuring the highest levels of data and IT infrastructure security:

unauthorized access to customer information

transmission of customer information

a legitimate business reason to see it

vulnerability scanning service

PDAs, cell phones, or other mobile devices

5- Governance

Leverage Our Information Security Governance Expertise For Your Business

Does your organization need to implement and maintain an effective Information Security

Management System (ISMS)? If so, information security governance represents an

important and fundamental component. Through a set of multi-disciplinary policies,

structures, processes, procedures and controls, developed and applied to manage

information at an enterprise level, IT security governance provides guidance on how to

determine information security objectives and how to measure the progress towards

achieving them.

With 20 years of experience in information security and IT risk management, our security

experts have the necessary expertise to walk you through the entire governance

process. Above Security’s governance consulting services ensure that IT risk

management practices are properly embedded in your organization, enabling you to

secure an optimal risk-adjusted return

Qualitative Security Threats and Risks Assessment (Ql-STRA).

Quantitative Security Threats and Risks Assessment (QN-STRA).

Totally built on the RIIOT methodology

Security System Design

1.1. Concept design

1.2. Schematic design

1.3. Detailed performance design

1.3.1. Control room.

1.4. Tendering support.

1.5. Construction phase supervision.

1.6. Test & commissioning T&C.

1.7. Project management

1.8. Training

We applied Standards, Rules, Regulations and Guidelines

The top priority is for the local authorities’ laws and regulations. The proposed set of

services requires a number of activities to be performed in a logical sequence at most of

its successive stages. Different international codes of practice and standards will be

adopted in each.

Uncertainty of financial loss, the variation between actual and expected results, or the

probability that a loss has occurred or will occur, is the fundamental definitions of risk in

our scope. In short words, it is the possible of occurrence of an undesirable event.

1. Local codes and standards to be based on Law24: 2008 and Law 10:2014 issued by

DPS the competent department in Dubai police.

2. API/NPRA Security Vulnerability Assessment 2004 methodology.

3. US Department of Homeland Security – Federal Emergency Management Agency –

FEMA 452: 2005, particularly relating to determining Design Basis Threats.

4. US Department of Defense’s (DoD) C.A.R.V.E.R. target analysis methodology for

considering the attractiveness of potential targets, adapted from Joint Publication 3-

05.1 Joint Special Operation Task Force Operations 2007.

5. The UK Home Office Scientific Development Branch’s guidelines on developing

Operational Requirements for security, 2009.

6. Our risk assessment procedures and reporting are totally in compliance with the

international standards like ISO-31010: 2009, ISO/TR-31004:2013(E) and ISO-

31000:2009(E).

7. The facilities physical security measures are based on ASIS/GDL- FPSM: 2009

guidelines.

8. The threat advisory system response is based on ASIS/GDL- TASR04: 2008.

9. Security management standard of the physical asset protection ANSI/ASIS PAP.1-

2012.

10. ANSI/ASIS SPC.1-2009 is associated with the organizational resilience, security

preparedness, and continuity management systems – requirements with guidance for

use.

11. ISO guide 73:2009, risk management – vocabulary.

12. BSI-BS8549: 2011(R), Security consultancy - Code of practice.

13. BSI-BS7858: 2012, Security screening of individuals employed in a security

environment - Code of practice.

14. BSI-BS8220- 3: 2011(R), Guide for security of buildings against crime - Part 3:

Storage, industrial and distribution premises.

15. BSI PD CLC/TR 62541-2:2010, OPC Unified Architecture Part 2: Security model.

16. BSI BS EN 50132-5- 3:2012, Alarm systems - CCTV surveillance systems for use in

security applications, Part 5-3: Video transmission - Analogue and digital video

transmission.

17. BSI BS EN 50132-5- 1:2012, Alarm systems - CCTV surveillance systems for use in

security applications, Part 5-1: Video transmission - General video transmission

performance requirements.

18. BSI BS EN 50132-5- 2:2012, Alarm systems - CCTV surveillance systems for use in

security applications, Part 5-2: IP Video Transmission Protocols.

19. BSI BS EN 50132-7:2013, Alarm Systems - CCTV Surveillance Systems for Use in

Security Applications, Part 7: Application Guidelines.

20. BSI BS 7958:2009, Closed circuit television (CCTV) - Management and operation -

Code of practice.

21. BSI BS 8495:2014, Code of practice for digital CCTV recording systems for the

purpose of image export to be used as evidence.

22. BSI BS 8418:2010, Installation and remote monitoring of detector activated CCTV

systems - Code of practice.

23. BSI BS EN 50130-4 + A1:2011, Alarm systems - Part 4: Electromagnetic

compatibility - Product family standard: Immunity requirements for components of fire,

intruder, hold up, CCTV, access control and social alarm systems - AMD: November,

2014.

HSE and Quality Management system development and implementation

we conduct a gap analysis to focus on areas of improvement which are then measured

against OHSAS 18001:2007, ISO 14001, ISO 9001 or other best practice standards

such as local legislation.

We can then develop your health, safety, environmental and/or quality management

system and proactive management tools to help you achieve compliance and

accreditation (where appropriate) in line with your chosen management model.

The management system would encompass the following headlines amongst others;

Introduction, policy & leadership, roles and responsibilities, targets and objectives, legal

compliance, risk management, contractor management, emergency management,

regional safe operating procedures, the management of change, training and

competency, hazard near miss accident and incident reporting, audits, communication

and consultation, performance monitoring, document control and management review.

Our consultant would also develop any associated forms, checklists, registers etc. which

link with and support the manual.

Knowledge transfer would also be arranged and company staff coached and mentored

on the new procedures.

Health and safety management

We offer the broadest range of health and safety risk management services to assist

businesses to comply with every aspect of health and safety legislation including:

Audits and assurance activities

Risk assessments and effective control strategies

Specialist health and safety consultancy

Health and safety outsourcing

Design and implementation of health and safety management systems

Occupational hygiene measurements and solutions

HSE system review and audit

our consultants have specialist experience in many health, safety, and environmental

subjects and will provide an independent assessment and evaluation of your particular

risks. The consultant will examine existing arrangements to include organizational

policies and procedures, existing risk control measures and their effectiveness and

observe working conditions and practices.

A baseline organizational position can be established to understand the health and

safety culture within the business, evidence the working environment and understand

how health and safety are currently demonstrated.

Review any existing health and safety systems, manuals, policies, processes, and

procedures. Review and assess the property portfolio to establish areas of high priority

and review and assess the current employee job roles to establish areas of high priority.

Topics covered for audit can include; manual handling, working at height, display screen

equipment, workplace transport, COSHH, machinery arrangements, environmental

assessments, precautions against slips, trips and falls, electrical equipment safety, first

aid arrangements, welfare facilities and general cleanliness and tidiness.

Staff competence can also be assessed based on interview and qualifications.

The benefits of using our services include:

Working with our proven methodologies you will benefit from an investment in quality

procedures and system ensuring that you minimize your exposure to liability and adverse

publicity by having appropriate due diligence measures in place.

Peace of mind from using class-leading skilled consultants, many of whom are ex-

enforcement officers with extensive knowledge of their field.