Sparrow Security Consulting

Sparrow offers various consulting from information protection consulting to infrastructure vulnerability analysis evaluation

Sparrow Security Consulting

01. Establish information security management system
  • Establish an information security framework based on information security governance
  • Establishment and management of information security management system in accordance with corporate strategy and vision
02. ISMS/ISO 27001 Certification
  • Support important information systematically and efficiently according to domestic and global information protection management system standard
  • Support the entire certification process
03. Establishment of master plan
  • Establishment of a long-term information security plan to maintain the strategic information security activity and security level
  • Establishment of optimal master plan through analysis of the status of information security of companies and budget schedule effect
04. Security Check and Level Diagnosis
  • Development and application of checklist and interpretation of status and regulations applicable to enterprises
  • Checklist based implementation of information security according to company regulations


Establishment of information security management system and improvement of technology

  • Establishment of an information security management system to safeguard important informational assets
  • Maintain the level of information security by eliminating ongoing threats and vulnerabilities
  • Improve capability and system operation technology of the information security organization

Satisfying Compliance

  • Ability to respond to industry sectors’ legal and internal information protection regulatory requirements
  • Enhance competitiveness against security requirements when conducting business with customers / external organizations

Enhancing company image

  • Improve inner and outer image through improvement of information security level
  • Improve internal and external awareness of the level of information security by acquiring ISMS/ISO 27001 certification


  • Phase 01.
    • Kick-off Meeting
    • Identify the environment and requirements
    • Scope definition
    • Cognitive education
  • Phase 02.
    Analysis of Current Situation
    • Analysis of document and status
    • Analysis of Gap
    • Technical vulnerability check
    • Analysis of Compliance
  • Phase 03.
    Risk Assessment
    • Asset analysis
    • Analysis of vulnerabilities/treats
    • Risk Assessment
    • Establish improvement plan
  • Phase 04.
    System Design
    • Designing of ISMS
    • Revision of policy/guidelines
    • Establishment of implementation plan
    • Establishment of countermeasure statement
  • Phase 05.
    Implementation / Improvement
    • Establish master plan
    • ISMS training
    • Optimization of process
    • Mock Examination(Internal security Audit)
Products Security Quality