Governance Risk & Compliance

ISO 27001

Organizations are seeking to demonstrate to their stakeholders, business partners and customers some form of ‘fit for purpose’ assurance regarding their information security. Organizations need to define and maintain controls to avoid risk of leakage or destruction of confidential information. ISO/IEC 27001 gives information on measures, on what effects they have and how to implement them. The standard defines the desired best practice methods for controlling and protecting information – Confidentiality, Integrity & Availability. ISO/IEC 27001 compliance certificate provides assurance that the management system for information security is in place, but says little about the absolute state of information security within the organization.

Avian Technologies PVT LTD understands all these issues and can perform the necessary assessment /Improvement to help you achieve ISO 27001:2013 Certification. Our experience and knowledge of the current cybersecurity environment protect your business from all forms of risk including data breaches, disruption of services, and real world attacks.

Our specialized team will assist you with implementing and finally with the audit before the final ISO Certification with an affiliated certified body in Sri Lanka.

Security Awareness Training

Security awareness training is the process of providing formal cybersecurity education to your workforce about a variety of information security threats and your company’s policies and procedures for addressing them. Rather than a one-time event, security awareness training is most useful when approached as a critical ongoing practice in the context of a bigger security awareness program. The training and the program are integral to building a culture of security in modern, digitally dependent organizations

If an organization needs to comply with different government and industry regulations, such as ISO, FISMA, PCIDSS, HIPAA etc. it must provide security awareness training to employees to meet regulatory requirements.

Awareness trainings will address the unique threat profile when deciding the subjects to cover. Some of the most common subjects are,

  • Phishing
  • Physical security
  • Desktop security
  • Password security
  • Wireless networks
  • Malware
  • Social engineering