Security Resilience and Business Continuity

This domain covers all security operations starting from contingency activities and business continuity operations, all the way to regular operational security processes concerned with the detection and response activities based on logs and forensic investigations.

Services Offered:

Business Continuity Planning (BCP)

Business continuity planning is the implementation of policies, procedures and processes in a manner that addresses the posing risks, sustains the continuity of the business by minimizing disruptions, and reduces the impact of any risks to the minimum if they were to occur.

SBS provides this service based on:
  • ISO 22301 framework
  • A tabletop exercise: meeting with all business units to focus on the plan and look for gaps
  • A structured breakthrough: go through the plan components, identify weaknesses and correct them, update the plan and distribute it
  • Disaster simulation testing

Disaster Recovery Planning (DRP)

A Disaster Recovery Plan comprises a compilation of detailed procedures used when a significant damaging event occurs causing the interruption of critical business functions at primary site. Hence, the disaster recovery plan is initiated. The purpose is to run critical business functions from an alternate site, in order to avoid business disruption, while restoration and amendments are being down at the primary site in order to bring operations back to normal.

After the development and implementation of a DR plan, it must be regularly revisited and exercised. This plays role in training personnel on what to do in case of emergency and unveils any slips or errors. Disaster recovery exercises act as preventive maintenance which plays a critical role in organizational success on the long run.

Incident Response Planning (IRP)

An incident response plan is a document that guides the IT team on how to respond in case an incident occurs. It contains certain procedure about how to detect, how to respond and how to recover.

SBS offers guidance on building an incident response plan and walks through several phases with clients to insure they have a well-defined and well-built plan.


Security Operations Center (SOC)

SOC or SOCaaS is a service that provides real time monitoring, detection and analysis of cyber security threats. This service goes above and beyond by a reactive and proactive detection of advanced targeted attacks that have gone undetected by existing perimeter controls. It comprises the three pillars: People, Process, and Technology for managing and securing the organization’s assets and data.

Cyberthreats are evolving nowadays and take lots of challenges, investment and expertise to be able to defend against them.

SBS SOC team will integrate with all your environment critical assets in order to extract logs to SBS Secure Cloud. The Logs from different applications will be processed by the Security Platform.

Digital Forensics & Incident Response (DFIR)

Digital Forensics & Incident Response is a solution that identifies, contains, eradicates and recovers from cyberattacks revealing traces and evidence that can be used later in forensic investigations. Moreover, it reveals the types of threat actors, their techniques, tactics and procedures that can negatively impact business availability and business continuity.

Digital Forensics Paradigm:
  • Identification of media and collection
  • Data collection from media
  • Data acquisition and order of volatility
  • Reporting
Incident Response Phases:
  • Detection
  • Containment
  • Eradication
  • Recovery

Security Information & Event Management (SIEM)

SIEM (Security Information and Event Management) is a major IT tool which later became a general security concept that is meant to aggregate, correlate, and analyze activity logs from network devices, servers, and other resources. In other words, it overlooks the entire IT infrastructure and keeps logs of all activities and makes them human-accessible and usable for investigations in the case of cyberattacks and IT threats.

SIEM enables:
  • Threat detection
  • Investigation
  • Time to respond