Surreal Security | Information Security Consulting
To the Next Stage... by Security Surreal Security Corporation Surreal Security
home About Us Our Services Careers Contacts
Our Services
Information Security Consulting

- Our experienced, professional security consultants will assist you in all situations in planning and deploying information security controls for your company. -

Management-related Solutions

Information Security Risk Assessment
This is a “health check” for information security. All information security controls begin by conducting a risk assessment and having a clear understanding of the current risks and issues.

Information Security Strategy Planning
This is a “medical treatment planning” for information security. We will discuss the treatment plan in details for the “symptoms (issues)” identified during the risk assessment, and finalize a basic strategy plan which will be the foundation for all controls.

Creating Information Security Management Policies
This is a "prescription" for information security. We will create various rules, such as a Security Policy, Operation Regulation, and Control Manual, which are required in order to carry out basic strategies.

Creating Business Continuity Plan
This is an "emergency treatment plan". We will simulate emergency situations (incidents) such as information leaks and information system outages, and create emergency control plans and manuals in advance.

System-related Solutions

Penetration Test and Protecting Computers
We will detect security holes of information systems or internal networks and execute necessary controls to fill up those holes.
The “matrix-like diagnosis” based on the leading-edge know-how is the main feature of our solution.

Security Architecture Designing and Diagnosis
We will assess the security level during the information system designing stage and propose any necessary design specifications. By achieving this before the system deployment, the designing cost and time can be minimized.

Designing and Development for Web Security
We will propose necessary controls in order to prevent any attacks to or information leaks from your company’s website.
Also, we will present the standard guideline of "secure web programming" to the web administrators in your company and help increase their control know-how.

Designing and Development for Security Monitoring System
We will design and develop a monitoring system that protects your information system network from external/internal attacks and intrusions. This solution also supports operation outsourcing of the monitoring system.

Verification and Selection for Security Products Tools
We will verify and select the most suitable security products that perfectly meet your needs.

Achieving Security Certifications and Regulation Compliance Programs

Achieving ISMS/BS7799 Certification
We will support you in acquiring the International Standard of information security management, ISMS/BS7799 certification.

Achieving Privacy Mark Certification
We will support you in achieving the Japanese Standard of personal information protection, Privacy Mark Certification (JIS Q 15001).

Complying with Privacy Protection Act
We will support you in establishing necessary measures for the "Privacy Protection Act" which will go into full effect as of April 2005. This program is best suited for clients who find it necessary to prepare for the Privacy Protection Act, but who do not need to achieve a privacy mark certification.

Security Operation Support Programs

Information Security Training and Seminars
We will conduct best suited security training for various types of personnel such as information security administrators and regular employees.

Information Security Audit
We will check to make sure your company's information security is properly managed from both management and system points of view.

Arrangement of Information Risk Insurance
There is no “absolute safety” in information security. As a damage control in case of a security incident, we will arrange the information risk insurance for you, which reduces the damage from the incident.

Incident Response
We will support you in deploying an emergency response plan (incident response) in case of an actual information security incident.