Advisory Services

Compliance Services

Standards/Regulatory/Legislative Based Assessment Service

Cyberm assess’ the organizations regulatory requirements based on their respective market vertical or geographical location. These may include aligning with PCI requirements or the General Data Protection Regulation (GDPR) in the EU.

Technical and Procedural Controls Design

Cyberm design and develop the technical and procedural controls to be implemented to address the standard/regulatory/legislative requirements.

Technical and Procedural Controls Alignment to Business Processes

Cyberm provide oversight to the alignment of the stipulated procedural controls to the organizations infrastructure support operations and business processes and transfer operations to the customer.

Compliance Management and Reporting

Once the relevant controls are implemented within the organization Cyberm manages the respective compliance program providing reports on a scheduled basis. Cyberm Risk Advisors, if required, provide Data Protection Officer services based on an outsource model or a supplementary service to the existing structure within the customer’s organization.

Cyber Defense Center (“CDC”)/(SOC) Services

CDC Review Service

This CDC Review service is only applicable if Cyberm Consulting has conducted an initial CDC Management System (CDCMS) Assessment Service. This service is a follow up service to ensure continuous improvement of the Customer’s CDC Management System.

CDC Assessment and Design

The objective of the CDC Assessment and Design service:

Define the posture of the actual CDC’s Security Services levels, evaluating the technological aspects as the organizational and process ones (AS IS);
Evaluating the actual requirements/controls, in order to measure the current level according to the CMM (Capability Maturity Model);
Execute a Gap Analysis against the Cyberm CDC Management System;
Define a Security Roadmap to improve the CDC Services and the related processes, organization and technology (TO-BE).

CDC Process Development/Operational Manual

Cyberm will develop a Cyber Defense Center (CDC) Operation Manual, which includes Processes and Procedures required to support the Customer’s CDC operation.

Cyberm will review the Customer’s existing processes and procedures as well as the CDC model required. Based on the outcome of the Assessment/Review process and Cyberm’s CDC Operation best practices, a list of processes and procedures will be determined in coordination with the Customer.

OTHER SECURITY ADVISORY SERVICES

Penetration Testing

1. Network Penetration Test

A Cyberm Network Penetration Test (“Network Penetration Test”) reveals security threats from potential attackers, and indicates the possible methods of compromise against a specific network or group of systems. The Network Penetration Test models specific attack vectors, identifies potential vulnerabilities, locates sources of data leakage, and validates identified vulnerabilities.

2. Web Application Penetration Test

A Cyberm Web Application Penetration Test provides insight into the ability of an organization’s application to resist attacks from unauthorized users and misuse from valid users. The Web Application Penetration Test evaluates the security of an application against certain criteria to validate security mechanisms and identify vulnerabilities. The objective of the Web Application Penetration Test is to simulate real-world attacks to provide a current view of vulnerabilities and threats to the Customer’s web application, product or service.

3. Mobile Application Penetration Test

A Cyberm Mobile Application Penetration Test provides insight into the ability of an organization’s mobile application to resist attacks from unauthorized users and misuse from valid users. The Mobile Application Penetration Test evaluates the security of an application against certain criteria to validate security mechanisms and identify vulnerabilities. The objective of the Mobile Application Penetration Test is to simulate real-world attacks to provide a current view of vulnerabilities and threats to the Customer’s mobile application, product or service

4. Wireless Security Assessment

A Cyberm Wireless Security Assessment (“Wireless Security Assessment”) reveals security threats from potential attackers, and indicates the possible methods of compromise against a specific wireless networks. The Wireless Security Assessment models specific attack vectors, identifies potential vulnerabilities, locates sources of data leakage, and validates identified vulnerabilities.

Network Vulnerability Assessment

The Cyberm Network Vulnerability Assessment (NVA) provides a point-in-time security assessment of a network-based computing environment. This infrastructure oriented assessment focuses on a network’s architecture and design, the configuration of the systems and devices connected to the network, and the practices used to manage them. The environment is analyzed based on robust design principles and industry best practices. Further, the network and its components are evaluated for known and potential vulnerabilities.

Social Engineering Vulnerability Assessment

A Cyberm Social Engineering Vulnerability Assessment (SEVA) indicates the ability of an organization to resist attacks from unauthorized parties, valid employees, and contractors who are attempting to gain unauthorized access to resources by manipulating the human aspects of the organization. A SEVA evaluates the security of an organization by simulating real-world attacks. The SEVA uses best practice security criteria to validate security policies and procedures and identify vulnerabilities.

The assessment models specific attack vectors, identifies potential areas of risk, locates sources of information and resource leakage, and validates identified vulnerabilities.

Cyberm suggests performing at least two (2) different simulations of Social Engineering attacks:

Spear phishing
Spreading a malicious payload (backdoor) using USB devices

Network Architecture Assessment

Network Architecture Assessment (NAA) evaluates customer network layout and Cyber Security Attack Detection capabilities. The assessment concentrates on the security of the network from both an architectural and operational perspective and will help identify vulnerabilities that exist at the design, implementation, and operational levels of the network assessed

Data Loss Prevention Risk Assessment

Risk Assessment that allows organizations to quantify and qualify their risk of data loss. The Cyberm Data Loss Prevention Risk Assessment identifies areas of Very High, High, Medium, and Low risk of data across endpoint, network, and storage systems by data type, based on your evaluation of potential severity and your actual frequency of data loss. It will also determine whether Customers have correctly provisioned their security infrastructure with the Customers existing solutions and to highlight any weaknesses or gaps in the Customer’s infrastructure.

Our consultants team helps to create and implement data security policies to discover, monitor, and protect confidential data wherever it is stored or used

Data Loss Prevention Maturity Assessment

The Cyberm DLP Maturity Assessment analyses all aspects of a DLP Implementation and Program, including a review and optimization of their architecture and policies, PLUS overall benchmarking and roadmap to help them achieve optimal DLP maturity.

Using Cyberm services‘ DLP-specific maturity model framework and experienced consultants, organisations can understand the strengths and weaknesses within their DLP investment. The Assessment service offers professional insight and deep technical expertise into methods to increase the performance of the solution and improve overall DLP capability and maturity for the organisation.

The benefit of this service is that it will help reduce customer pain points by reducing the likelihood and impact of experiencing data breaches, non-compliancy and the resultant risks to the business, and ensure long-term value from DLP.

Data Loss Prevention Business Enablement Service

DLP Service Champions Enablement

Provide the business assessment skills required to operate a DLP service. Topics addressed during the service:

Why DLP? Principles of Monitoring and legal considerations
Description of the DLP service in Customer
Drivers, constraints, dependencies (standards, policies, regulations)
Identifying sensitive data (provide common lexicon of terms)
Risk based targeting
Structured / unstructured data at rest
Data in Motion
Data in Use
Operating Model and Stakeholder roles and responsibilities
Incident Response Workflow
Policy Management Rights
Success Measurement and Reporting (KPI)
Employee Communications and end-user awareness
Etc.

Security Architecture Review

Gap analysis of the customer’s enterprise security deployment VS our best practice guidelines. The Enterprise Security Architecture Review (ESAR) has been designed as a service engagement that will rapidly enable Customers to determine whether their current Security Architecture, Risk Management, product portfolio, Security team make-up and supporting processes
It will also determine whether Customers have correctly provisioned their security infrastructure with the Customers existing solutions and to highlight any weaknesses or gaps in the Customer’s infrastructure.
The Cyberm consultant will assist with providing qualitative data to determine how effective the products are from the Vendor, while mitigating the risks of unplanned downtime.

Cyber Security Framework Development

The typical framework focuses on using business drivers to guide cyber security activities and considering cyber security risks as part of the customer’s risk management processes. The Framework would typically consists of two (2) parts:

Framework Core – Controls.
Framework Implementation.

Identifying the correct approach could be a momentous task. The framework will follow an approach that will provide confidence to the customers to implementing the framework.
Example: Cyberm would provide a high-level approach that aligns to international recommendation, the following 8 elements are recommended by the G7 for Cyber Security, which Cyberm will adopt, for Financial institutions:

Element 1: Cyber Security Strategy and Framework
Element 2: Governance
Element 3: Risk and Control Assessment
Element 4: Monitoring
Element 5: Response
Element 6: Recovery
Element 7: Information Sharing
Element 8: Continuous Learning

Compliance Risk Assessment & Treatment Service

As part of Customer’s Information Security enhancement activities, Customer’s are required to determine their Information Systems Risks and prepare and enhance risk treatments plans. This way top management of a Customer will obtain and maintain a specific overview of the risks introduced to information technologies and at the same time will support the adoption and deployment of specific controls and countermeasures in an effort to reduce this risks to an acceptable level. Typical activities addressed during this service:

Report of the current IT risks
Risk treatment plans associated with IT risks over the acceptable level
Repeatable IT risk management methodology
Traceable IT risk management process

Risk Assessment

Risk is normally defined as the chance or likelihood of damage or loss. This definition can be extended to include the impact of damage or loss. In these terms, the risk is a function of two separate components, the likelihood that an unwanted incident will occur and the impact that could result from the incident.

Risk Analysis involves identifying and assessing risks to data and the information system and network, which support it. Typical risks may include:

Data being lost, destroyed or wiped;
Data being corrupted;
Data being disclosed without authority.

Risk Treatment

Risk Management involves identifying; selecting and adopting justified security and contingency ‘countermeasures’ to reduce risks to an acceptable level. Countermeasures may act in different ways such as:

Reducing the likelihood of attacks or incidents occurring;
Reducing the system’s vulnerability;
Reducing the impact of an attack or incident should it occur;
Detecting the occurrence of attacks or incidents;
Facilitating recovery from an attack or incident.

PCI Readiness Assessment Service

PCI Readiness Assessment Service to assist the Customer in identifying the areas of the business that store, process and transmit cardholder data. Where possible, and if applicable, the Consultant(s) will provide recommendations on how to change certain business processes as well as the technical network infrastructure to accurately define what is applicable with regards to your PCI DSS compliance efforts. The aim is to reduce time, effort and costs for on-going compliance.

The Cyberm Consulting team will perform a gap analysis between the relevant current information security environments at the Customer against the Payment Card Industry (PCI) Data Security Standard v1.2 (“the Standard”). The controls to be assessed fall under the following requirements:

1. Build and Maintain a Secure Network
2. Protect Cardholder Data
3. Maintain a Vulnerability Management Program
4. Implement Strong Access Control Measures
5. Regularly Monitor and Test Networks
6. Maintain an Information Security Policy

Speak to us about your requirements.

Contact Cyberm