We can implement a full cyber hygiene health-check audit to review your technical systems, your administrative processes and your your users levels of awareness. We can then work with you to implement any subsequent recommendations to ensure your organisation is secure.
As part of the technical review, a full vulnerability assessment of your infrastructure can be carried out using industry standard tools. Following review of the assessment results, we can provide advice to ensure successful remediation and subsequent re-assessment.
Further to any cyber security assessment we can offer full life-cycle implementation services to manage planning and implementation of cyber security elements to support day-to-day operations of the organisation. These may range from implementation of a network access control, managed anti-virus, to a security incident & event management (SIEM) solution for example.
For organisations restrained by budget but still wishing to adopt good-practice in the area of cyber security, we can, following an initial assessment, implement measures which can provide some measure of mitigation of any identified security risks to the organisation.
Many organisations pay lip service when it comes to security education for their employees. They concentrate on implementation of solutions to mitigate technical risks, and do not fully understand the risks from their own employees. In many cases, organisations rely solely on an annual 'point and click' awareness multimedia presentation, which, while it may include some measure of assessment, rarely ensures that the subject gains sufficient knowledge and skills in the area, to result in both significant retention and application of the information.
We will work with you to review your current training programme and provide recommendations where appropriate to ensure that learning activities are not limited to an annual event, but are part of an ongoing education process which will provide knowledge and skills. If no training material is currently used, we can put together tailored material for your organisation.
Where required, as discussed above in terms of the vCySM™ services available, we can also provide delivery for any required training programme.
Given the plethora of information available to anyone with an internet connection, it should be remembered that much of it is often freely-available to anyone with a browser, some specialist tools and some time. This information is known as open-source intelligence (OSINT); sources can include organisational websites, promotional material and job sites to name a few.
Using industry standard tools, we can provide a service to both organsiations and individual through which OSINT can be acquired, analysed and reported upon. When combined with social-media intelligence (SOCMINT) which includes Facebook, Twitter, LinkedIn etc., a detailed footprint of any corporate or personal information freely-available on the internet can be supplied.
Due to the widespread risk for an organisation's employees to be exploited by malicious parties, whether by voice, email or in person, we offer social engineering assessment services, by which at-risk individuals (such as system administrators, PAs/EAs, support desk teams, CxOs) or organisations as a whole can be 'targeted'.
Further information regarding services in this area can be found on the humanredteam website.