Cyber Risk Assessments:
- Review adequacy of existing security policies, standards, guidelines and procedures
- Analyse assets, threats and vulnerabilities, including their impacts and likelihood
- Review existing perimeter security, network security, end point security, data security, infrastructure design
- Conduct technical and procedural review and analysis of the network architecture, data flow (Egress / Ingress) protocols and components to ensure that they are implemented according to the security policies
- Conduct and review F2F sessions with security team, IT network team, IT security provider
- Review and check all critical IT assets – configuration, implementation and usage of remote access systems, servers, firewalls and external network connections, including client internet connection
- Review identity and access management, patch management, incident management and authentication mechanisms
- Review current level of security awareness and commitment of staff within the organization
- Develop practical technical recommendations to address the vulnerabilities identified, and minimise security risk
Vulnerability Assessment
- Review all processes, policies, assets for units under scope (Operations, Finance, etc) )
- Perform vulnerability assessment of units in scope internal (network / systems / infrastructure /applications)
- Conduct L2 penetration testing (with approval) of units in scope internal (systems / Infrastructure / applications)
- Assess current configuration and patch state
- Assign Risk rating on identified vulnerabilities (i.e. Systems / Infrastructure / Applications)
- Run through hackers hunt scenario test
- Run through inside threat scenario
- Run application exploit scenario
- Scenario test of DOS/DDOS/Top 10 perimeter / network / end point exploit mechanism
- Detailed recommendations for review of management
Cyber security education:
- We impart cyber threat intelligence education service to enable our clients prepare for latest tools/techniques used by threat actors.
- Our 3x per year training is focused on Email, USB, Internet, password, data protection subjects, and 2x social engineering tests per year (e.g. simulated phishing/spam test).
Cyber incident response:
- We assist our client in addressing and managing the aftermath of a security breach.
- Our Cyber incident response includes tactical response to real-time spam, phishing, virus, and malware breaches (i.e. incidents) and insight into threat actors, attack methods, and motives. 5x per month incident analysis.
- We focus on handling the situation in a way that limits damage and reduces recovery time and cost to our client.
Security risk management:
- A unique way of assessment, tracking and remediation for vulnerability management.
- We have designed it to take care of cloud environment too.
Security certifications:
We deliver and support for any industry security certifications like CISSP, ISO, ITIL.
Cloud certifications:
We are in the process of creating detailed curriculum for cloud security training based on the market demand and expectation and we plan to roll this out soon. Visit this page in a few days to see more.
For more details please contact us.