Information Security CARES Services


XecureIT provides comprehensive information security Consultancy, Assurance, Research and Development, Education, and Solutions (CARES) services.

XecureIT professionals use two primary references to deliver information security CARES services:

  1.  XecureIT Governance and Evaluation Framework (XGEF) as a standard framework.
  2. Standar Arsitektur Keamanan Tingkat Tinggi Informasi (SAKTTI), is our standard architecture to build a digital fortress system which integrates the SAKTTI’s information security controls and principles to enforce the consistency of information security strategy.


  • Develop security strategy, such as policies, procedures and architecture.
  • Assist to conform and to comply with standards and regulations.
  • Implement system security hardening and awareness program.
  • Perform incident response and cyber crime investigation.


  • Perform information security audit, assessment and penetration testing.

Research and Development

  • Research information security problems, trends and new hacking techniques.
  • Our in-depth research of Internet Banking proves that it is too easy to do internet banking robbery even though the transaction is protected using hardware security token.
  • Develop high grade and integrated information security solutions.
  • Develop custom defensive solutions for our clients.

Education and Community Development

  • High quality professional trainings and certifications, such as:
    • Advance Hacking Techniques and Defense Strategies
    • Certified Information Systems Security Professional (CISSP)
    • Certified Information Systems Auditor (CISA)
    • ISO 27001 Fundamental, Lead Implementer and Lead Auditor
    • ISO 27035 Certified Lead Incident Manager (CLIM)
    • ISA 62443 Security for Industrial Automation and Control Systems (IACS)
  • Internal security team development through customize in-house training.
  • Public awareness campaign through free web based training, posters, articles and seminars.
  • Direct involvement in information security communities, such as Cyber Security Certified Professional Association (CSCP), Indonesia Security Incident Response Team on Internet Infrastructure (Id-SIRTII), Komunitas Keamanan Informasi (KKI), APEC Telecommunications and Information Working Group, Asia Pacific Computer Emergency Response Team (APCERT), Forum Incident Response and Security Team (FIRST), etc.


  • XecureZone secure virtual data center appliance, together with XecureClient (PC, Laptop, Phone and Browser), provides an integrated high grade information security solution that implement SAKTTI Architecture.
XGEF Framework

XecureIT Governance and Evaluation Framework (XGEF) is a standard framework used by our professionals to deliver information security CARES services.

XGEF ensures that our professionals provide effective and efficient recommendations to reduce information IT and security related risks, increase the value of existing IT investment, and ensure compliance and conformance with regulations and standards. XGEF has been developed as a comprehensive information security framework by XecureIT core team based on our 23 years international experiences and various information security regulations and standards, including well-known IT governance framework and security practices, such as:

  • Indonesia Cyber Law (UU Informasi dan Transaksi Elektronik).
  • Peraturan Pemerintah tentang Penyelenggaraan Sistem dan Transaksi Elektronik (PSTE).
  • ISO 27001 Information Security Management System (ISMS)
  • ISO 27035 Information Security Incident Management (ISIM)
  • ISO 22301 Business Continuity Management System (BCM)
  • Payment Card Industry Data Security Standard (PCI DSS)
  • ISA 62443 Security for Industrial Automation and Control Systems (IACS)
  • TIA-942 Data Center Standards
  • Information Systems Security Assessment Framework (ISSAF)
  • Open Security Architecture (OSA)
  • Open Source Security Testing Methodology Manual (OSSTMM)
  • Open Web Application Security Project (OWASP)
  • National Institute of Standards and Technology (NIST) SP 800 Series
  • Various security checklists related to specific technology or solution