Microsoft Modern Workplace

Security and Compliance

GBG tailors security and compliance solutions for your unique workplace through the following:

Egyptian Data Protection Law

The Egyptian Data Protection Law aims to protect and regulate the collection and processing of the personal data of Egypt's citizens and residents. The law applies to all persons regardless of citizenship or residency, as long as the affected data subject is an Egyptian national or a non-Egyptian residing in Egypt.

GBRANDS can help to ensure you comply with EDPL by:

• Performing gap analysis that covers people, business and processes. 
• Providing a road map on how to overcome any gaps found. 
• Creating necessary policies, procedures and guidelines. 
• Completing risk assessments.
• Developing incident response practices. 

GBRANDS has a wide set of technologies from different vendors, such as Microsoft, Palo Alto, One Identity, Stealth Bits, and Clear Swift, that can help you to ensure data protection and defense against attack attempts.

The solutions cover:

• Identity and access management.
• Threat protection
• Data protection
• Device management.
• Security operation, incident response and penetration testing. 

Mapping the best solution for your needs shall be done after risk assessment. 

Endpoint Device Management:

Today’s employees expect to have the ability to utilize their IT assets from anywhere, 24/7.  The challenge is to ensure that these assets are securely and seamlessly managed so that your business can focus on what it does best, whether that is in the office, on the road, at a client’s site, or at home.  

• Imagine having a product that can manage all your end-user devices and apps, anywhere, anytime.
• Imagine having a consulting service that grows and moves with your business as you need it. 
• The end-user management experts at GBG can make your always-on environment a reality with our endpoint management solutions. 
   

ISO 27001 Gap Analysis:

ISO 27001 is the international standard that sets out the specifications for an Information Security Management System (ISMS). Its best-practice approach helps organizations manage their information security by addressing people and processes, as well as technology.

• ISO 27001 formally specifies how to establish an Information Security Management System (ISMS). 
• The adoption of an ISMS is a strategic decision. 
• The design and implementation of an organization’s ISMS are influenced by its business and security objectives, its security risks and control requirements, the processes employed, and the size and structure of the organization.
• The ISMS will evolve systematically in response to changing risks.
• Compliance with ISO 27001 can be formally assessed and certified. A certified ISMS builds confidence in the organization’s approach to information security management among stakeholders.
• ISO 27002 is a “Code of Practice” recommending a large number of information security controls. 
• Control objectives throughout the standard are generic, high-level statements of business requirements for securing or protecting information assets.
• The numerous information security controls recommended by the standard are meant to be implemented in the context of an ISMS, in order to address risks and satisfy applicable control objectives systematically.
• Compliance with ISO 27002 implies that the organization has adopted a comprehensive, good-practice approach to securing information.

Virtual CISO:

The vCISO is a security practitioner who uses the culmination of their years of cybersecurity and industry experience to help organizations with developing and managing the implementation of the organization's information security program.

A vCISO is an outsourced service that provides security leadership to the organization’s IT and security teams, in addition to advice and assurance to the board. The vCISO collaborates with and advises clients' IT departments and helps customers maintain and secure their existing IT infrastructure.

A vCISO’s Main Duties:

• Reviewing regular penetration tests and vulnerability scans. 
• Conducting risk assessments on any major changes in IT, security systems or business processes that can introduce security risks to the environment.
• Reviewing and revising current security policies and procedures, and recommending changes or additions of new procedures.
• Making recommendations for replacing/reinforcing current security tools, resources and policies.
• Overseeing the development and implementation of an information security program, and benchmarking the security posture of the organization with a globally known framework of choice that aids compliance with regulations that may be in the scope of business operations.
• Orchestrating security incident responses in case of cyberattacks.
  

Microsoft 365 Security Management Service:

GBG’s Microsoft 365 security management service is an affordable and structured offering, consisting of a workshop to determine your company’s security profile requirements, and enabling Microsoft 365 security aspects to align with your requirements.

• Security profiling workshop
• Product licenses per user
• Cloud services enablement
• Cloud identity and security
• Security enablement based on profiling
• 12-month security management service to manage tenant health, security compliance and data protection
• 8×5 service-level agreement

Vulnerability Assessment:

A vulnerability assessment is the process of defining, identifying, classifying and prioritizing vulnerabilities in computer systems, applications and network infrastructures, and providing the organization doing the assessment with the necessary knowledge, awareness and risk background to understand the threats to its environment and to react appropriately.

Success starts with security. Choosing the right security partner should never carry the same stress as having to deal with a security breach.

The most effective way to protect against exposure to vulnerabilities is to develop intelligence around your assets via assessment, and to harden these systems to minimize your attack landscape.

The GBG team has in-depth knowledge and experience across several next-generation solutions that are redefining the way that the world looks at information security.

This offering includes the following deliverables:

• Multi-layered security, where we ensure identity, on-premise and cloud-based assets and all-important network edge is no longer a pipe dream but rather a reality.
• Information security gap assessments and remediation roadmap development.
• Cybersecurity testing and improvement service.
• Information security training and awareness.
• Platform and network security assessments and vulnerability scanning.

Microsoft 365 Compliance:

Identity Theft Protection:

• Ongoing monitoring, rapid alerts, and recovery services
• Automate the detection and remediation of identity-based risks.
• Investigate risks using data in the portal.
• Export risk detection data to third-party utilities for further analysis

Microsoft Solutions Security Hardening:

We can help you to apply the security baseline for all Microsoft products, for example:

• Operating System Hardening
  Applying a security baseline that contains recommended settings that Microsoft suggests for Windows workstations and servers, to provide secure configuration and to protect domain controllers, servers, computers and users. Microsoft has developed a Group Policy Objects reference and templates based on the security baselines by using Intune.
  
• Active Directory Hardening
  This active directory hardening design helps in protecting against the following attacks:
  • Pass the hash / Pass the ticket
  • Privilege escalation
  • Credential theft
  • Host intrusion
  • Lateral traversal

The following security concepts are considered during this design:

1. Limiting administrator account usage.
2. Creating different passwords for each local administrator.
3. Lowering privileges by limiting users’ permissions and rights to only what is necessary.

Microsoft 365 Security:

• Software as Service model provides guaranteed reliability and uptime in secure Microsoft datacenters with the highest industry-leading certifications for governance and security
• Easy to grow and shrink depending on your requirements to enable your business to use its IT services in a cost-effective usage-based model
• Integrate and manage existing IT environments without removing current systems while allowing your business to grow into the cloud in a secure and structured way

You can Stay secure and productive anywhere, on any device, with identity and intelligence-driven intelligence.

• Azure Active Directory Premium
• Microsoft Intune
• Azure Information protection
• Microsoft Cloud App Security
• Microsoft Advanced Threat Protection
• Microsoft Secure Score
• Microsoft Defender Advanced Threat Protection

Collaboration

GBG tailors collaboration solutions to meet your day-to-day operations. We provide the following tools to enhance your productivity.

Attendance Application

GBG supports the National Initiative to STOP using fingerprints by enabling employees to sign in/out from anywhere.

• High accuracy & security
• Cost-effective
• Prevents “buddy punching”
• Enables location tracking
• Comprehensive reporting

Learning and Development Application

GBG provides an effective training platform that allows access from anywhere with these key features:

IT Ticketing System

Keep track of customer requests so your team can stay organized, easily prioritize work, and find solutions for customers faster. Our key features include conversations, tickets, automation & routing, live chat, team email, conversational bots, reporting, inventory management, and metrics reporting.

With GBG IT Ticketing Systems, you can:

• Log, organize, and keep track of customer issues all in one place
• Create New Case with Easy Way
• Automate tickets to create a help desk
• Prioritize requests, so critical issues get resolved faster

Meeting Room Reservation System

Schedule and manage online bookings for meeting rooms, internal spaces, and offices. GBG tailors a reservation platform with the following key features:

• Outlook calendar integration for access anytime and anywhere
• Chatbot services over a secure communication

Voice and Video Calling with Microsoft Teams

GBG certifies only select SBC vendors to ensure they are compatible with our Direct Routing guidelines. Our Direct Routing offers you the choice of staying with your existing telephony provider while using Microsoft Teams' calling capabilities. Our solutions enable 3rd party applications integration with the following:

• Easy Transition to Calling in Teams
• Telephony System Inter/Op
• Support for Analog Devices

Chatbots

Improve your employee experience with chatbots designed to support HR needs. GBG’s chatbots extend support through the following:

• Knowledge based response
• Query submission posted to a pre-configured team who acts upon the notification when the programmed response is unavailable
• Link suggestions to recommended HR policies by using pre-configured tags in questions