Cybersecurity Compliance Consulting

Helping enterprises achieve compliance, address network security-related laws and regulations, and protect the security and compliance of enterprise networks and data

Solution Approach Explore Remediation Directions

The Stages of Compliance Service

We provide full lifecycle compliance consulting services, from assessment to implementation and continuous optimization

First Layer

Regulatory Compliance Requirements

  • Network Security Law
  • Network Security Classified Protection Regulations and Series Standards
  • Critical Infrastructure Protection Regulations and Series Standards
  • Industry-related regulatory documents and standards
  • Security requirements that need to meet regular inspection and evaluation by cybersecurity, public security, and superior competent departments
Second Layer

Business Security Requirements

  • With the application of new technologies and businesses, businesses face challenges from new threats and risks
  • Wide system coverage, large quantity and variety of equipment, need to strengthen centralized security operations
  • Business carries many important sensitive data, prominent data security risks, need to strengthen protection
Third Layer

Continuous Security Operations

  • More intelligent external threats and asymmetric attack-defense cause organizations to struggle with unknown vulnerabilities and threats
  • After system goes online and enters operation period, need to establish long-term mechanisms for security operations
  • Need to quickly discover and handle incidents, rapidly reduce losses, and minimize impact
  • Organizations are in a static passive defense state where risks cannot be perceived and visualized

Compliance Solution Approach

We adopt systematic approaches to help enterprises build compliance systems that meet regulatory requirements while supporting business development

Gap analysis related image, showing data analysis and assessment process
Gap Analysis
Construction and remediation related image, showing system construction and process optimization
Construction and Remediation
Assistance in inspection/evaluation related image, showing inspection processes and assessment reports
Assistance in Evaluation

Attack Path-based
Risk Analysis

Through analysis of correlation analysis between business systems and other businesses, network attack path analysis, and analysis of system components, select representative assets for compliance analysis.

Based on experience from basic security services such as vulnerability scanning and penetration testing, simulate attacker methods by selecting multiple possible attack paths for testing to discover potential system threats as much as possible.

Risk Management-based
Systematic Construction and Remediation

From the perspective of risk analysis, conduct risk analysis from between security controls and layers to provide optimal remediation approaches.

Based on the concept of attack-defense confrontation, conduct weakness analysis and carry out targeted construction.

Assist Grade Evaluation
and Regulatory Inspection

Based on extensive experience in project implementation and inspection assistance, help clients complete grade evaluation and inspection work.

Compliance Consulting Service Process

Standardized service process to ensure efficient and professional compliance consulting services for clients

1

Level Definition and Filing

  • Object Analysis/Determination
  • Level Definition Review/Approval
  • Level Definition Material Compilation
  • Level Definition Result Filing
2

Assist Evaluation/Gap Analysis

  • Evaluation Preparation Activities
  • Plan Compilation Activities
  • On-site Evaluation Activities
  • Report Compilation Activities
3

Construction and Remediation

  • Gap Analysis Result Organization
  • Security Technology Remediation
  • Security Management Remediation
  • Assist Hardening Services
4

Supervision and Inspection

  • Assist Inspection
  • Problem Remediation Verification
  • Continuous Improvement Recommendations
  • Compliance Status Maintenance

Compliance Remediation Directions

For different compliance areas, we provide professional remediation recommendations and implementation support

Security Configuration

Operating system security configuration, network device/security device configuration, middleware configuration revision

Code Modification

SQL injection vulnerabilities, command execution vulnerabilities

Equipment Procurement

APT protection equipment, WAF equipment procurement

Security Management

Security management systems, process optimization, record deficiency

Security Summary

Security issue severity, client remediation requirements (client demands)

Remediation Classification

Security configuration remediation, security code remediation, security management construction, equipment procurement

Recommended Remediation

Implementation of remediation measures, security technology construction, security management construction, security service/operation construction