![[Downloader.la]-61e561921c1f9.jpg](https://static.wixstatic.com/media/924484_7a5fc9be705449d9a0ea4908faa95e65~mv2.jpg/v1/fill/w_147,h_59,al_c,q_80,usm_0.66_1.00_0.01,blur_2,enc_auto/924484_7a5fc9be705449d9a0ea4908faa95e65~mv2.jpg)
Cloud Security
How secure is your cloud data?
Our Services & Solutions
Cloud Security
Cloud Security Assessment
Assessment of cloud workloads against Cloud Security Alliance, CIS and ISO practices to create strategic action plans and actionable recommendations.
.png)
Cloud Security Risk
Assessment Inventorizing cloud assets, identifying key vulnerabilities and building risk scenarions to deliver a risk register with treatment plans. Additionally, Risk assessment methodology development, implementation and training.
Cybersecurity Incidence Response Plan (CIRT)
Developing, implementing and exercising Cybersecurity Incident Response Plan - a risk mitigation measure to deal with impact of cybersecurity and data breach incidents.
Cloud Security Alliance’s Cloud Control Matrix
Implementing, certifying and self-assessment for Cloud Control Matrix
Singapore's SS584
Multi-Tiered Cloud Computing Security
Implementing, certifying and self-assessment for Singapore SS584
Information Security
Information Security Management System
Implementing ISO 27000 as the gold standard of Information Security Management Systems in order to get certified successfully.
Policies and Procedures Advisory
Assist organizations make sense of overlapping standards - ISO 27001/27002/27701/20000-1, NIST, CSA's CCM, SS584 - to select best-fit depending on organizational situation and maturity.
Additionally, developing and implementing tailored IT and IT Security Policies and Procedures
IT Security Training
We conduct frequent in-house cybersecurity training for organizations to keep their users abreast with constantly evolving threats.
-
Based on International Standards such as CREST, OWASP, SANS etc
-
Leverage use of world’s largest security awareness training and simulated phishing platform to track user performance and trends over time
-
Periodic phishing simulations to validate user awareness, benchmark against industry peers and identify improvement plans
-
Trainings are customised to align with organisation's existing IT Security/Cybersecurity Frameworks.
Vulnerability Assessment and Penetration Testing
Vulnerability Assessment
Assessment of on-premise and cloud deployed hosts, databases, and web applications for potential vulnerabilities.
Typically covers:
-
Weaknesses in patching and configuration management
-
Configuration and patch management plans and procedures
-
Security weaknesses and aggregate level of risk
-
Test compliance for audits and regulations, including MAS TRM, PCI-DSS, ISO 27001 etc.
Penetration Testing
Tailormade penetration testing to identify threats to mobile applications (Android and iOS), web applications and network infrastructure.
Throughout the engagement, we provide ongoing insights, immediate notification of critical vulnerabilities, and knowledge transfer to development teams to mitigate identified vulnerabilities along with a management focused report providing complete understanding of exploitable vulnerabilities and recommended remediations.
Static Application Security Testing
Source Code Review Source code reviews of mobile and web applications.
Typically involves:
-
One time code audit engagement
-
Managed service to review source code periodically to align with major releases
-
Customized report to identify weak areas & recommendations to mitigate vulnerabilities.
-
Industry leading Static Application Security Testing tools are leveraged to minimize presence of vulnerabilities.
Resiliency and Business Continuity
Business Continuity Management System
Assist in achieving resiliency by implementing, maintaining and getting certified for Business Continuity Management System based on ISO 22301.
Typically covers:
1. Gap Assessment
2. Implementation
3. Training
4. Internal Audit
5. Support during Certification Audit along with migration from ISO 22301:2012 to ISO 22301:2019, annual certification maintenance and conducting internal audits.
Monetary Authority of Singapore's (MAS) Business Continuity
Guidelines Implementing and maintaining a practical and fit for purpose Business Continuity Management Framework based on Monetary Authority of Singapore (MAS's) BCM guidelines covering all 7 principles for the uniquely stringent needs of financial services industry.
Exercises and Trainings
We conduct frequent in-house Resiliency and Business Continuity trainings for organizations customized for their existing BCM framework. The focus is on current and relevant threats to test and validate plans and preparedness.
Data Privacy
Privacy Information Management System
Implementing, maintaining and getting certified on Personal Data Protection Management System based on ISO 27701.
.png)
Singapore Personal Data Protection Act (PDPA)
Implementing and maintaining Personal Data Protection Act (PDPA) obligations within the organization.
Typically covers:
-
Identifying risks and gaps using PDPA Assessment Tool for Organizations (PATO)
-
Document data assets and flows using a Data Inventory Map
-
Data Protection (DP) Policy
-
Action plan for data breach response
-
Training, monitoring and audit
Singapore Data Protection Trustmark (DPTM)
Implementing and getting certified on Data Protection Trustmark (DPTM).
Typically covers:
-
Gap Assessment
-
Policies and procedures
-
Implementing controls
-
Training, monitoring and audit
-
Support during Certification
PCI-DSS Compliance
Assist organizations in complying with PCI-DSS (12 requirements comprising 300 controls).
-
Scoping and Segmentation
-
Gap Assessment
-
Policies and procedures
-
Implementing controls
-
Assessment
-
Training, monitoring and maintaining certification
SaaS Spend and Security Risk Assessment
Assessment of SaaS deployment and configuration, conducting audit for cybersecurity risks and leveraging proven solutions to reduce spend and maximize Return on Investment:
-
Analyze licenses spend vs usage
-
Identify users and account at risk
-
Identify high exposure processes
-
Compare Baseline vs Changes over time
-
Reclaim licenses and eliminate risks
Freshworks Implementation and Support Services
End-to-end Freshworks implementation and maintenance services.
-
Assessment, re-engineering and streamlining Helpdesk and Service Processes.
-
Implementing FreshDesk/FreshService tailored for the organization's specific situation.
-
Support for existing deployments.
-
Optimization of current deployment to maximize return on investment.
-
Training.
About Us
Our Approach
As a consulting firm who are vendor, platform and product agnostic, our aim is to be able to effectively engage with organizations and counsel them on industry insights, advice, guidance and services in a way that is most appropriate for the organization's situation. We strive to ensure that our proposed solutions are aligned with clients’ strategy, business objectives, wider IT architecture and business environment.
Our leaders and seasoned resources are intensively engaged, and lead all engagements with decades of experience in understanding and managing client requirements and expectations. In a typical client engagement, our team will represent at least 40+ years of consulting experience.
Our Work
Having work extensively with fortune listed, mid-sized, start-ups and government organizations across various industry segments throughout Asia, Europe and North America, we have a proven track record of delivering projects successfully while adhering to timelines and costs. Our services are also availed on an ongoing basis by some of the largest technology behemoths, established Small and Medium Enterprises, Government bodies and cybersecurity conscious new-age upcoming start-ups as a testament to the quality of our deliverables.
A global Information Technology major
An investment firm
Start-up with user count approaching 100 million
A renewed global university
Government-linked research entity
Communications gateway and carrier services provider
A global biologics firm
Law enforcement and Government security services provider
Our Partners
We work in concert with the world's leading SaaS Solution Providers as our partners in the areas of Cybersecurity, Customer Relationship Management, Resiliency and Risk Management Data Privacy.
We are also in longstanding partnerships with global certification bodies in Singapore to guide and train industry leaders and stakeholders.
Our Story
Nestor is a management consulting firm originally envisioned in Singapore with the aim of providing highest quality professional services in the areas of Cybersecurity and Risk Management backed by Subject Matter Experts to assist businesses in protecting their online presence, data, reputation and customer trust.
Vineet Sinha
Founder/CEO
Vineet has over 28+ years of Consulting experience. He has spent more than 18 years leading a Big 4 consulting team in Singapore and Asia Pacific. He has personally led over 200+ engagements. He has served government, financial services/fintech, telecom and manufacturing industries. He has extensive experience in cybersecurity, IT risk management, business continuity, data protection, regulatory compliance and SaaS solution implementation.
Vijay Gour
Director
Vijay has 16+ years of consulting experience. He has more than 4 years with a Big 4 consulting firm in Singapore and South East Asia. He has served numerous public and private sector clients across Southeast Asia. He has extensive experience in Cybersecurity, PMO, Risk Management, Business Continuity Management and SaaS Solution Implementation.
Contact Us
Request a Quote
To request a quote for any of our services, Please click here or reach out to us at sales@nestor.sg or +65 8661 9550.
Become a Partner
We are always on the lookout for partners providing groundbreaking and radical products which can assist our customers in their needs. If you are similarly passionate about assisting organizations achieve improvements and are keen to partner with us for providing this service then click here
Careers
No opening currently
