SCAN Associates Berhad

Products & Services

Security Posture

Security Posture Assessment

SCAN Security Posture Assessment (SPA) is meant to establish the current baseline security of the network and systems by discovering known vulnerabilities and weaknesses, with the intention of providing incremental improvements to tighten the security of the network and systems.

Security is concerned with the protection of information access, integrity, reliability and availability. The degree of protection required depends on the value of the information and this, in turn, dictate the security measures needed and afforded.

Information security is implemented by systems, policies, and procedures. Vulnerabilities in the systems present a threat to the information it protects, and if successfully exploited will result an impact. Measures intended to counteract against potential threats are called counter measures.

The purpose of a counter measure is to eliminate or reduce the likelihood or impact of a threat on an information asset. Thus, the objective of a Security Posture Assessment uncovers the potential threats to the information assets, and is therefore, an indispensable starting point in avoiding undesirable impacts. This is indispensable for organisations to require the highest possible assurance and confidence that their networks and systems are protected.

SPA to Secure ICT Assets

SCAN Penetration Test

For more information on this product, email us at

Business Continuity Management

Business Continuity Management

SCAN Business Continuity Management (BCM) is a holistic management process that identifies potential impacts that can threaten the day-to-day operations of an organisation.

It provides a framework for building resilience with the capability for an effective response that safeguards the interests of its key stakeholders, reputation, brand and value-creating activities. In addition, BCM provides an overall program to ensure the plan stays current and up-to-date through continuous training, rehearsals and reviews.

How Can SCAN Help?

SCAN’s ICT Consultants’ extensive knowledge and experience in the areas of business continuity, training and certification will help you and your organisation understand important elements in your business to ensure survivability in the event of a crisis or disaster. Our tailor-made approach is beneficial to ensure requirements met are made as concisely as expected.

We help you through the entire life cycle of Business Continuity Management (BCM) by:-

  • Undertaking impact assessment and risk profiling to determine the recovery requirements and priorities of your organisation.
  • Designing controls, operations and technology architecture to enhance reliability of business operations.
  • Managing implementation of recovery infrastructure and Business Continuity Plan (BCP).
  • Developing options of recovery strategies, defining recovery resources, preparing budgetary costing, and designing the framework of how the BCM program is to be managed within an organisation.
  • Developing policies, plans, manuals, templates and checklists pertaining to recovery activities.

SCAN BCM Approach

SCAN uses a holistic approach to help you establish, implement, maintain and improve an effective BCM program. Based on international best practices such as those developed by ISO, Disaster Recovery Institute (DRI) and Business Continuity Institute (BCI), our tailor-made approach shall ensure that you receive maximum benefits out of such programs.

For more information on this product, email us at

ICT Security Incident

ICT Security Incident Response

A security incident is a deliberate attempt to gain unauthorised access to a company’s system or data in order to disrupt the service or change the system’s characteristics without the owner’s knowledge.

Security incidences can come in many forms, the most deadly being :

  • Malicious codes: These include viruses, worms, Trojan horses, time bombs and pests.
  • Intrusions or breaking: An intruder may bypass a system’s authentication process. A registered user may use his limited privilege to engineer unauthorised activity.
  • Insider attack: This includes industrial or commercial espionage by employees, contract workers or others working inside the company’s premises.

Effects of an Attack

Once a company’s computer security is compromised, it could create:

  • Congested network or system crashes.
  • Data or programs may be altered or lost.
  • Protected data is compromised and classified data may be accessed by unauthorised users.

Response To Security Incidents

The SCAN Response is two-fold. First, it promotes proactive contingency action to tighten a company’s ICT security against incidents. Second, it initiates five stages of response to minimise damage and ensure continuity of operations when incidents do take place. These stages are:

1. Identification

This constitutes determining the exact problem. Using sophisticated detection software and audit information, SCAN’s team investigates the identity, nature and extent of the network attack.

2. Containment

Containment is limiting the extent of the attack. This may involve shutting down the system temporarily if the system is classified or sensitive data is at risk. Another alternative is to keep the system up and risk some minimal damage in order to identify the intruder.

3. Eradication

Once an incident is contained, it is then eradicated. There is specialised software for such procedures. All backups must be ensured clean. At times, systems become periodically reinfected with viruses simply because these viruses are not periodically cleaned from the backups.

4. Recovery

The next phase of action after eradication is recovery. Recovery means returning the system to normal. If the incident attack is network-based, it is important to install patches to all vulnerable holes in the operating system, exploited during the attack.

5. Security Impact Analysis

This follow-up stage, the most crucial, is often neglected. This is a post-mortem analysis that is very valuable as:

  • it helps to create a set of ‘lessons learnt’ as reference to improve future performance in similar situations.
  • it justifies all security measures and efforts to management.
  • it yields information including a formal chronology of events, which may be essential in legal proceedings.

The report also estimates in monetary terms, the amount of damages caused by the incident. This refers to loss of software, data, hardware damage, manpower costs and other costs to restore the altered files, reconfigure the affected systems and so on.

For more information on this product, email us at

ICT Security Risk

ICT Security Risk Assessment

All organisations, large or small, public or private, exist to provide value to their stakeholders. However, there are many risks inherent in the current business environment that may deter an organisation from achieving its objectives. Therefore, risk management is an important business discipline that an organisation should embrace to minimise the effects of risks on its returns and capitals.

In countering risks, it always boils down to striking a balance between cost and consequences. In order to understand the best approach for asset protection, one should conduct a Security Risk Assessment (SRA) to establish the risk profile and subsequently put forward cost-effective protection strategies.

Our Approach

For security risk assessment, there two modes i.e. high-level risk assessment and detailed risk assessment that is tailored perfectly to each customer’s needs. Depending on the size and complexity of your organisation, the risk assessment may differ in duration. Our typical SRA model is as follows:

How Does It Benefit Your Organisation?

1. Better appreciation of threats to the information assets enables management to make a better informed decision on risk mitigation strategies.

2. Helps your organisation in maintaining the confidentiality, integrity and availability of critical information assets within the organisation.

3. Identifying threats and potential hazards in advance, helps organisations in protecting against those anticipated hazards in a more well-planned and disciplined approach.

4. Focuses your security investments toward the most critical priorities.

How Can We Help?

We guide you through the entire life cycle of risk management by:

1. Undertaking security health checks to assess the security posture within your organisation.

2. Designing and implementing a risk management framework for your organisation.

3. Creating the risk mitigation strategies by prioritising the treatment of risk.

For more information on this product, email us at