Enterprise Security Assessment
Establishing a baseline is the first step to taking control. Our security assessments focus on policies, processes, data access, technology and people. It enables us to ascertain maturity levels across the various threat surfaces. It also enables us to assist our customers with identifying their critical assets and take a risk based approach to building an in-depth defense system.
Some of our assessment basics cover the following questions:
- Does the current cyber security programme have full support from the Executive?
- Is the current cyber security programme fit for purpose?
- What are the organisation's most valuable assets?
- Have we completed any Asset Classification & Valuation?
- Who is ultimately responsible for the organisations' cyber security?
Cloud Security Assessment
New Zealand has one of the highest cloud and SaaS adoption rates globally. This presents both opportunity and risk from a security perspective.
SecOps offers Cloud Security assessments which provides customers with the confidence that their digital strategy does not expose their organisation to unacceptable levels of risk. Our assessments are thorough, holistic and practical, enabling customers to execute on remediation and policies, mitigating risk and removing complexity.
Why no assumptions should be made with Cloud Security
- The security and safeguarding of your organisation's assets is always ultimately the responsibility of the asset owner.
- Storing data in the cloud does not mean your organisation is any less susceptible to data breaches.
- Identity, Authentication and Authorisation need to be managed similar to Hybrid or On-Premise
- Embracing cloud can enable an organisation to go digital faster, however insecure interfaces and APIs can result from this agility and possible Governance shortfalls
SecOps Cloud Security Approach
We frame our Cloud Security Assessments around principles and guidelines from Industry bodies and government advisories.
1. Asset Protection and Resilience
2. Data at Rest and in Transit protection
3. Operational Security, including personnel and user access
4. External Interfaces and Separation of Data internally
5. Identity and Authentication
6. Third Party access and Development
7. Continuous Assurance and Compliance
8. Governance and Audit
Wireless Security Assessment
Deploying wireless throughout your organisation can offer extensive productivity benefits but it also introduces an additional risk to your security posture. The risk profile has widened in recent years with ageing networks unable to keep in line with newly discovered vulnerabilities and more sophisticated forms of attack.
SecOps approach is thorough and practical starting with: Design Review, Threat Vector Analysis, Testing and Scanning, Remediation, and Continuous Review.
Why wireless is particularly vulnerable
- Patching is often delayed or not done at all due to potential outages and resource constraints leaving these devices vulnerable to attack
- Budget and resource constraints preventing organisations from adopting fully integrated identity solutions
- Numerous mainstream attack methods: Decryption, Packet Relay, TCP connection hijacking, HTTP content injection and others
- Lack of visibility due to legacy or basic wireless technologies deployed and in some cases poor design decisions
Continuous Wireless Security Assurance
The National Institute of Standards and Technology (NIST: US) advises that companies should be aware that maintaining a secure wireless network is an ongoing process that requires greater effort than that required for other networks or systems.
This is why SecOps promotes a Continuous Assurance approach for Wireless ensuring the wireless network meets compliance standards and matches the stated wireless Security policy.
SecOps provides high quality professional services across a broad range of security product sets and technology vendors.
As security programmes typically consist of multiple projects, covering various technology domains executed at planned timelines, it is not always financially viable for an organisation to employ specialists across a wide range of security related domains and technologies.
This is where SecOps fills the gap. We supply extensively vetted, high quality personnel to assist our customers to execute security projects and also short-notice engineering works.
Why engage SecOps for Professional Services?
- We are 100% information and cyber security focused, therefore our staff and contractors are specialists.
- We understand security therefore our selection process for our resources is rigorous and high quality.
- We are flexible in our engagement model, we can provide services based on: outcomes, fixed price, time & materials.
- We understand security so we have extensive capability in preparing statements and scopes of work.
- We can provide capability across the majority of major security technology vendors.
- We understand urgency for projects or short notice engagements therefore we operate in a flexible, highly responsive manner whilst not compromising quality.
Our expertise includes but is not limited to:
- Check Point
- Cisco Meraki
- Palo Alto
- Carbon Black
- HPe Security