INTRODUCTION PRICORIS 101

Business Desk PVQ LLC

PVQ (PRICORIS VENTURES LLC QATAR)
Email us at : [email protected]
www.pricoris.qa
 ABOUT PRICORIS
The acronym “pricoris” is derived from the initials of three domains of cyber services that we support –

PRIVACY, COMPLIANCE and RISK.

We are Qatar based international setup, – we plan to work closely with the local agencies to support their project delivery
in the domain of information security, data protection & compliance..

Leadership behind the PRICORIS brings to their clients more than 50 years of cumulative experience of IT and ITeS projects
delivered internationally including many critical projects in GCC.
Our expertise, are based on simple, sustainable and strategic ties with strong regional partners. We believe in providing the
muscle and delivery engine for your Information Security and data Protection projects.
PVQ is a specialized services group focused on managing the delivery of projects related to Information Security and
regulatory compliance programs, by bringing best-in-class cross industry knowledge. Our delivery methodology includes
employing program and project managers who are subject matter experts of IS and IT.
At a strategic objective layer - we enable our clients to gain a sustainable competitive advantage, optimize business
performance and increase bottom line revenues.

pvq
 WE SUPPORT REGULATORY REQUIREMENTS OF AND FROM

Qatar Privacy Law

CSF 22 FRAMEWORK CYBER ESSENTIALS
Cloud & IoT Policy

pvq
 WE SUPPORT A FIXED SET OF SERVICES DOMAIN

IT & IS AUDITS OT & SCADA DATA PRIVACY

ISMS

DATA CLASSIFICATION RISK MANAGEMENT CYBERSECURITY DATA GOVERNANCE

pvq
 BENEFITS OF THE PVQ SERVICES
• Easy access to resource pool of - qualified and experienced Cybersecurity professionals
• Through understanding of NIA, FIFA CSF22, QCB CSF and Qatar Privacy Law 13
• Highly cost effective resourcing of projects – through our crowd sourcing model
• Designated Project Managers and Consultants working on site with your team
• Pragmatic, straightforward, solution-driven advice for your proposal and RFI
• Experience and shared best practice gained from working with over 200 clients
• Pre-existing model documentation tested and validated across varied industry sectors
• Stable and demonstrable Qatar and Pan-GCC expertise

ü We will never cross your line of relationship with your accounts/end customer
ü Flexible with both Onsite and Offsite Model of engagement
ü Flexible with pricing models and payment milestones
ü We believe in sharing success and risk with our partners
pvq ü We are a services company, and your products will be always our priority.
 INFORMATION SECURITY OR CYBERSECURITY AUDIT
We understand the subtle differences of Information security which deals with information, regardless of its format.
Our security audit identifies network and systems weaknesses, so organizations are better equipped to avoid the
cost and damage that result from a security incident.
An information security or cybersecurity audit assesses data security practices within an organization and addresses
gaps that could result in information systems being compromised.
PVQ and its partners have extensive experience in conducting technical assessments and providing services related
to enhancing an organization’s security program, including:

• Assessing Physical Security of Data Centres and Logical Security of Databases

• Ensuring Adequate Protection of Data at Rest and in Transit
• Development of a Security Incident Plan
• Training on Event Monitoring and Identification of Suspicious Audit Logs
• Forensic Analysis and Reporting
• Vulnerability Assessments
• Penetration Testing
• Security Policy Development
• Security Maturity Assessment
pvq
 OUR DATA PRIVACY AND PROTECTION UNIVERSE

QATAR
PRIVACY LAW

FIFA CSF22
EU GDPR
ISO 27701

pvq
 WE SUPPORT FIFA CSF22 UNIVERSE (selected layers)

pvq
 CSF INDIVIDUAL CAPABILITIES SUPPORTED BY PVQ

• Data Protection – in all environments.

• Operation Technology – PLCs /SCADA/CNC, Building Management and Building Automation Systems (BMS)/(BAS)
• Data Privacy – Qatar Privacy law, GDPR, CCPA
• Internet of Things – engineers, VAPT & Design
• Cloud Security – audit, architecture and VAPT

ISO
NIA ON CLOUD
CSF22 ON PREM
NIST HYBRID

pvq
 CYBER SECURITY CONSULTING
Cyber Security Consulting Services and Strategies to put you on top.
Every business faces its own set of challenges, from rules and regulations to highly sophisticated data security
threats. And regardless of company size, one-on-one counsel from a dedicated cyber security engineer is often
essential to keep pace. Still short of hiring a CTO, it can be challenging to pinpoint hidden vulnerabilities, draft the
right action plan, or choose the best technologies for your environment to safeguard data assets and comply with
new laws—particularly within our fast-paced and ever-adapting threat landscape.

• But with our Cyber Security Consulting, we offer a no-compromise solution that eliminates new hire commitments
while delivering the executive-level counsel needed to succeed. Gain a level of service previously only afforded by
larger enterprises. We’ll work alongside management to best align security policies and practices with business
objectives to advance your operational goals.
• Tap into a vast knowledge base while implementing cyber security strategies that work perfectly with your
business model and budget. Enjoy on-demand and as-needed support from experienced consultants who are able
to step in when you need us most. We specialize in executive advisory support, vendor assessment, and policy and
technical implementation. And we’re available on a one-time or ongoing basis to ensure you address the myriad of
security situations that present themselves throughout the year.

pvq
 WHY HIRE AN INFORMATION SECURITY CONSULTANT?
• Our advisory services are designed to meet security project goals in shorter time periods.
• We provide product specific experts to configure systems that reduce cyber threats.
• We alleviate staff to focus on other goals while we focus our attention on risk management.
• We can provide on-demand, hourly, or by project security consulting throughout the year.

We shelter our clients from cyber risk with collaboration of services and best industry tools
• We take an impartial look at operations, benchmarking your environment with comparable organizations and
situations. From security program design through audit preparation, our clients benefit from insight gleaned from
our unique vantage point.
Our Strategy and Advisory Services
• Every business reaches a point that necessitates the level of insight unattainable through in-house staff. We help
you better compete, innovate, and grow by augmenting your existing expertise with the right blend of business
and cybersecurity counsel. Define your direction and priorities while appropriately allocating resources to grow
and advance your business.

pvq
 WE DO SOC II BASED COMPLIANCE PROGRAMS FOR BFSI

SOC 2 Compliance attestation helps you provide services to the largest organizations around the globe.
• SOC 2 GAP Assessment
• SOC 2 Audit Assistance
• SOC 2 Complete Management and Outsourcing

pvq
 PENETRATION TESTING
The different types of penetration testing services.
• External Network Penetration Testing. We pinpoint potential avenues of network attack where access might be gained through
internet-connected servers or network equipment by individuals outside of your organization who lack appropriate rights or
credentials. We then conduct a mock attack to test security controls, developing and presenting you with a cybersecurity
assessment on findings along with solutions and recommendations you can use to remediate the issue.
• Internal Network Penetration Testing. We help companies mitigate risk due to internal threats against their corporate network.
While external testing investigates avenues that remote hackers might use to enter networks, internal testing looks at ways
employees or insiders might lead to a breach either through neglect, malice, or the accidental download of an application, such
as ransomware or malware, which has the potential to bring an entire network down.
• Application Penetration Testing. We investigate potential threats and vulnerabilities posed by the many internet-based
applications in use throughout your enterprise. Conveniently accessed from any location worldwide and just as easily breached,
web applications offer significant points of access into credit card, customer, and financial data. Vulnerability assessment services
investigate the security of those solutions and controls in place, providing recommendations and strategies to block access to any
data that might be stored within.
• Wireless Penetration Testing. We bring advanced expertise in a range of wireless technologies, offering ethical hacking services
to investigate and identify potential access points where hackers could enter your internal network. This involves threat
assessment and security control audits for traditional Wi-Fi and specialized systems. We then compile findings into a
cybersecurity assessment report complete with recommendations you can put into place to mitigate damage.
• Social Engineering Penetration Testing. We survey employees to see how well they understand your organization’s information
security policies and practices, so you know how easily an unauthorized party might convince staff into sharing confidential
information. Social engineering penetration testing might include badge access points and mock phishing attacks or password
pvq update requests. We’ll then recommend ways to improve success through training or new processes that help employees better
protect sensitive data.
 OUR IoT UNIVERSE
IoT security includes both physical device security and network security, encompassing the processes, technologies,
and measures necessary to protect IoT devices as well as the networks they’re connected to. It spans industrial
machines, smart energy grids, building automation systems, employees’ personal IoT devices, and more, including
devices that often aren’t designed for network security.
Our consultants help our client discover and design IoT device security to protect systems, networks, and data from a
broad spectrum of IoT security attacks, we target four types of vulnerabilities:

• Communication attacks, which put the data transmitted between IoT devices and servers at risk.
• Lifecycle attacks, which put the integrity of the IoT device as it changes hands from user to maintenance.
• Attacks on the device software.
• Physical attacks, which target the chip in the device directly.

We support Security Assessment & Penetration Testing for:

•Security Audit •Embedded Devices
•Secure Product Design •Radio Interfaces
•Secure Architecture •Cloud
•Compliance & Certification •Mobile/Web Application
pvq
 CLOUD SECURITY

Our team can support your needs on:

•Security Audit
•Migration and integration
•Secure Product Design/deployment
•Secure Architecture
•Compliance & Certification

pvq
 OUR SERVICES ON MICROSOFT AZURE IoT SUIT

pvq
 OPERATIONS & TECHNOLOGY CONSULTING - UNIVERSE
Our expert insurance Operations & Technology consulting group advises you through the planning, deployment and
ongoing usage of new technology solutions and the operational changes that accompany them. During decades of
serving all aspects of business for insurance organizations of all sizes, we understand how the moving pieces of the
insurance industry fit together. We offer advice and consulting services that eliminate the guesswork and help you
make smart, well-informed and fact-based decisions.
PLANNING & STRATEGY
We help you figure out how to get what you’re looking for. By reviewing your priorities and gaining an in-depth understanding of your business goals,
we create an actionable plan to move you forward, supported by a compelling business case and logical solution architecture.

OPERATIONS ASSESSMENTS
You need to see the big picture of how well-considered organizational changes can positively impact your business. We conduct a comprehensive
review of your internal operations and the external relationships that support them, and compare it against industry benchmarks for efficiency,
effectiveness and agility.

BUSINESS PROCESS MANAGEMENT

To gain an understanding of your current operations, we first conduct intensive discovery using surveys, staff interviews and data mining. We then use
state-of-the-art modelling techniques and simulations to assess the impact of proposed changes, identify the most appropriate solution alternatives
and create implementation plans that enable a smooth transition to a better way of working.

IMPLEMENTATION SUPPORT
We support you throughout your new technology initiatives by providing project oversight, redesigning impacted workflows and documenting
insurance product requirements to accelerate delivery and dramatically reduce project risks.

pvq
 OUR PROFESSIONAL SERVICES
PRODUCT-SPECIFIC EXPERTISE
Simple strategies go only so far to take organizations where they need to be. That’s why we take an individualized
approach, connecting management with the most suitable firewall consultants, intrusion prevention consultants,
SIEM consultants, network access control (NAC) security consultants, antivirus security consultants, and vulnerability
scanning consultants. Our team is expert in delivering projects for your Data Governance, Data Classification and DLP.
We know the leading security products. We understand how to implement them in very unique environments. Our
team of hands-on experts focus on security controls and standards specific to your business.

OUR CUSTOM SECURITY PROGRAM DESIGN

Safeguarding proprietary and sensitive customer data is a critical component to conducting business
in the digital era. We work with clients to create a cyber security framework—outlining business
objectives, assessing risk, defining tolerance levels, and prioritizing gaps. We can then implement your
program, bring staff up to date on policies and best practices, and train personnel to prepare and
respond to incidents.
SECURITY CONTROLS AND COMPLIANCE
Work with a team of professionals who can advise executive management and design procedures that adhere to the
latest laws, industry standards, and government regulations. We help clients assess their risk versus controls to
comply with FIFA CSF, NIA, PCI Data Security Standards (PCI DSS), GDPR, HIPAA, EI3PA, GLBA FFIEC, NIST 800-53, and
ISO 27002.
pvq
 OUR VIRTUAL CISO CAN ASSIST YOUR ORGANIZATION?
A vCISO is your security point-of-contact for all security related issues, offering a direct
line to experts as questions naturally arise. A virtual CISO will also respond to incidents,
answer security-related questionnaires for your customers, and respond to data breach
should that arise.
In addition to ongoing and ad hoc support, a vCISO will tie into meetings when security
expertise and guidance are needed. Additional vCISO support includes:

• Security Awareness Training

• Vulnerability Management Monitoring
• Data Classification
• Data Loss Prevention/Plan Implementation
• Compliance Initiatives (PCI, FERPA, FACTA, HIPAA, SOX)
• Security Program Design
• Security Standards (ISO 27001, NIST, FISMA, FFIEC)
• Privacy Program Implementation
• Vendor Contracts and Risk Management
• Identity and Access Management
• Security Architecture Design and Policy Development
• Bring Your Own Device (BYOD) Strategy and Policy Design
• Information Risk Reviews and Risk Management
• Audit Remediation and Audit Management
• SOC Readiness and Compliance
pvq
 OUR END TO END DPO SERVICES (Data Protection Officer)

DPO
AS A SERVICE

pvq
 HOW WE OPERATE IN QATAR
• We plan to support your delivery
• Without facing client or representing you
• We would selectively partner in the region
• No plans to sell products
• Building a long term pipeline is goal

QATAR CUSTOMER BASE

• We will bring industry insight and intel TRUSTED SYSTEM INTEGRATOR
• We can write your technical proposals
• Flexible in choosing a transfer price model
• Aim to establish consulting practice

CLIENTS
LOCAL CONSULTING PARTNER

TECH PARTNER
PARTNER(S)

LOCAL LAW FIRM

pVq
pvq
 OUR LEADERSHIP
RICKY RAKESH JHA (FIP,CIPP,CSM, CIPM, PMP, ISO27LA)
PRINCIPAL CONSULTANT – PVQ
He is a seasoned project management professional, and has certifications including CIPM,
CSM, CIPP/E, Lead Auditor and Implementer - ISO 27001. (15 Years)

He is instrumental in regional market for working closely with regulators and developing
various industrial laws, by law and industrial guidelines which shapes the requirements of
and for Cyber Security, Data Protection and related domains. With detailed understanding
of FIFA Cybersecurity Framework 22, Qatar NIA and QCB’s requirements pertaining to
information security controls – he is considered one of the key resources on the
aforementioned matters and have been appointed by clients in Doha to re-design their
internal frameworks.
He will lead the strategic alliance with all regional and international stakeholders that would
be required for timely delivery of proposals, successful winning and final delivery of project.
This will include managing operations, resource manage net and project management .
Read more at - https://www.linkedin.com/in/rickyjha/

pvq
 OUR LEADERSHIP
SANDHYA KHAMESRA
PRINCIPAL – PVQ & MENA DELIVERY
CEO – PRICORIS INDIA
She is a qualified charted accountant, and has certifications including DISA(ICAI), CISM, Lead
Auditor and Implementer - ISO 22301, ISO 27001, ISO 20000, ISO 31000, BS 65000 and BS 10012.
(35 Years)
Driven by her passion to assist organizations create cybersecurity, conscious environments,
Sandhya advises businesses in a range of industries on cybersecurity and data security best
practices. Her past engagements include consulting and project delivery for large marketing
firms, insurance and health sectors, banks, technology companies, defence, financial service
providers and the public sector.
Sandhya’s ability to lead engaging strategic cybersecurity discussions and project delivery is
highly commended by PRICORIS clients internationally.
Prior to pursuing entrepreneurial journey, she was leading BSI (British Standard Institute) as a
Chief Operating Officer for their consulting and business resilience practices.

She will lead the delivery and technical aspects of all the project proposal, drafts and deliverable
definition.
pvq Read more at : https://www.linkedin.com/in/sandhya-khamesra-3087766/
 OUR LEADERSHIP
ASEEM MUKHI (CISM, CSA-STAR, DCPLA)
CONSULTANT – CYBERSECURITY
EX Director PWC
He is experienced professional with a demonstrated history of working on projects related to
Information security, Cybersecurity, Data Privacy, IT Security Strategy and Technology Risk
assurance. (20 Years)
Over 20 years’ rich experience with organizations like EY, PWC and DSCI he has demonstrated
expertise in a wide gamut of projects in Cybersecurity strategy and transformation, security
risk assessment, review and advise on security architecture, Risk management, Compliance,
Policy development, Privacy assessment and Business Continuity Management

He will lead the design and project aspects of all the engagements, proposal, drafts and
deliverable definition.
Read more at : https://www.linkedin.com/in/aseem-mukhi-cism-csa-star-dcpla-1544854/

pvq
We thank you for your time and consideration,
and we will wait to hear more from you.

RICKY RAKESH JHA MEENAKSHI CHANOTIA

CEO – PRICORIS QATAR Director - Qatar
Email : [email protected] email : [email protected]