Cyber Risk Assessments:

• Review adequacy of existing security policies, standards, guidelines and procedures
• Analyse assets, threats and vulnerabilities, including their impacts and likelihood
• Review existing perimeter security, network security, end point security, data security, infrastructure design
• Conduct technical and procedural review and analysis of the network architecture, data flow (Egress / Ingress)  protocols and components to ensure that they are implemented according to the security policies
• Conduct and review F2F sessions with security team, IT network team, IT security provider
• Review and check all critical IT assets – configuration, implementation and usage of remote access systems, servers, firewalls and external network connections, including client internet connection
• Review identity and access management, patch management, incident management and authentication mechanisms
• Review current level of security awareness and commitment of staff within the organization
• Develop practical technical recommendations to address the vulnerabilities identified, and minimise security risk

Vulnerability Assessment & Penetration Testing (VAPT)

• Review all processes, policies, assets for units under scope (Operations, Finance, etc) )
• Perform vulnerability assessment of units in scope internal (network / systems / infrastructure /applications)
• Conduct L2 penetration testing (with approval) of units in scope internal (systems / Infrastructure / applications)
• Assess current configuration and patch state
• Assign Risk rating on identified vulnerabilities (i.e. Systems / Infrastructure / Applications)
• Run through hackers hunt scenario test
• Run through inside threat scenario
• Run application exploit scenario
• Scenario test of DOS/DDOS/Top 10 perimeter / network / end point exploit mechanism
• Detailed recommendations for review of management

Cyber security education: 

• We impart cyber threat intelligence education service to enable our clients prepare for latest tools/techniques used by threat actors.
• Our 3x per year training is focused on Email, USB, Internet, password, data protection subjects, and 2x social engineering tests per year (e.g. simulated phishing/spam test).

Cyber incident response: 

• We assist our client in addressing and managing the aftermath of a security breach.
• Our Cyber incident response includes tactical response to real-time spam, phishing, virus, and malware breaches (i.e. incidents) and insight into threat actors, attack methods, and motives. 5x per month incident analysis.
• We focus on handling the situation in a way that limits damage and reduces recovery time and cost to our client.

Security risk management: 

• A unique way of assessment, tracking and remediation for vulnerability management.
• We have designed it to take care of cloud environment too.

Project Management and Security certifications:

We deliver and support for any industry security certifications like PMP, CISSP, CEH, etc.,

For more details please contact us.