|
Cyber security is a major commercial concern for senior managers and boards in all organisations, and with Mandatory Breach notification laws applicable, organisations are obliged to report any breaches to the relevant Federal or State authorities.
Cyber security assessments allow your organisation to gain insight into its information security posture. Any deficiencies can be addressed, offering your organisation protection from previously unseen risk. |
Sententia's Cyber Security Assessments are undertaken by our certified, skilled and experienced network and information security engineers. Our team forensically review all aspects of your organisation's cyber security environment to ensure you have the best level of visibility into your overall cyber risk posture.
Initial Cyber Security Health Check
The initial cyber security health check is a low cost, low impact service carried out by conducting an analysis of traffic flows in and out of the organisations network. This analysis is conducted with a network security check-up appliance which will determine threats such as bots, malware, attempted exploits, data loss incidents, high-risk web applications and access to high-risk websites.
An initial health check will also indicate your organisations information security compliance to frameworks such as PCI-DSS, ISO27001, NIST and others.
An initial health check will also indicate your organisations information security compliance to frameworks such as PCI-DSS, ISO27001, NIST and others.
Comprehensive Cyber Security Assessment
Upon completion of the initial health check, any recommendations made should be actioned as appropriate. Following this, it is recommended that a comprehensive cyber security assessment is carried out. This assessment involves:
o A vulnerability assessment that evaluates network connected devices for any application, patching, configuration or setup vulnerabilities and recommends remediation actions.
o A review of the organisations patching and update policy to ensures that device patching takes place within an acceptable time frame and is completed successfully.
o A network assessment that inspects the overall network architecture to ensure that the network (including wired and wireless networking) is configured and managed in the most secure manner possible.
o A firewall rule assessment that reviews the existing firewall rules and policy configuration to ensure that the most secure and appropriate settings have been configured on the firewall.
o A backup and disaster recovery policy assessment reviews the organisations data backup policy to determine if business critical data is being managed in the most fault-tolerant and business resilient method possible.
o A review of cloud applications and platforms being used by the organisation, with an emphasis on whether the appropriate security settings are in place.
o A vulnerability assessment that evaluates network connected devices for any application, patching, configuration or setup vulnerabilities and recommends remediation actions.
o A review of the organisations patching and update policy to ensures that device patching takes place within an acceptable time frame and is completed successfully.
o A network assessment that inspects the overall network architecture to ensure that the network (including wired and wireless networking) is configured and managed in the most secure manner possible.
o A firewall rule assessment that reviews the existing firewall rules and policy configuration to ensure that the most secure and appropriate settings have been configured on the firewall.
o A backup and disaster recovery policy assessment reviews the organisations data backup policy to determine if business critical data is being managed in the most fault-tolerant and business resilient method possible.
o A review of cloud applications and platforms being used by the organisation, with an emphasis on whether the appropriate security settings are in place.
External Vulnerability Assessment
Upon completion of a comprehensive assessment, a list of recommendations is produced. Once these recommendations have been actioned, an external vulnerability assessment can be carried out by conducting:
o vulnerability scans which assess potentially misconfigured externally-facing systems, unnecessary administrator access to externally-facing systems and the possible use of default, weak or dictionary-based passwords.
o inspection of an organisations off-site or cloud deployments to ensure that the necessary security is deployed and implemented.
o optional penetration tests can be conducted through the employment of registered ethical hackers. Penetration tests are only recommended if a comprehensive assessment has been completed and cyber security issues continue to persist.
o vulnerability scans which assess potentially misconfigured externally-facing systems, unnecessary administrator access to externally-facing systems and the possible use of default, weak or dictionary-based passwords.
o inspection of an organisations off-site or cloud deployments to ensure that the necessary security is deployed and implemented.
o optional penetration tests can be conducted through the employment of registered ethical hackers. Penetration tests are only recommended if a comprehensive assessment has been completed and cyber security issues continue to persist.
Social Media Threat Assessment
Threats from social media engineering are becoming more prevalent, usually because inappropriate information about an organisation is available through social media.
A unique offering available through Sententia is a social media threat assessment. This assessment allows an organisation extensive visibility into relevant information available through social media channels including Facebook, Twitter, LinkedIn and Instagram. The assessment assists organisations in formulating a solid social media strategy to ensure that it can best control relevant publically available information.
A unique offering available through Sententia is a social media threat assessment. This assessment allows an organisation extensive visibility into relevant information available through social media channels including Facebook, Twitter, LinkedIn and Instagram. The assessment assists organisations in formulating a solid social media strategy to ensure that it can best control relevant publically available information.
User Awareness Assessment
One of the most critical areas of information security is user awareness and training. The desire for convenience often means that users make inadequate security-related decisions. This can include simple passwords on their user accounts, offering their credentials to others for use, inadvertently "volunteering" information to third parties and opening email attachments without first making an informed and security conscious assessment of the email.
Over 30% of all cyber breaches occur simply because of a lack of user awareness. Surprisingly, very little effort is placed on assessing, educating and incentivising an organisations users into adopting good information security behaviour.
Another unique Sententia offering is a user awareness assessment. This assessment seeks to establish the cyber security readiness of an organisations users to determine how educated users are in information security readiness. The assessment will recommend any improvements needed to minimise an organisations chances of a cyber incident due to human error.
Over 30% of all cyber breaches occur simply because of a lack of user awareness. Surprisingly, very little effort is placed on assessing, educating and incentivising an organisations users into adopting good information security behaviour.
Another unique Sententia offering is a user awareness assessment. This assessment seeks to establish the cyber security readiness of an organisations users to determine how educated users are in information security readiness. The assessment will recommend any improvements needed to minimise an organisations chances of a cyber incident due to human error.