Cyber-attacks can impact the operation of any organisation or compromise critical data within minutes. To avoid this all organisations must prepare and maintain processes and systems to ensure business continue to operate.
To achieve this many organisations implement software and tools to enable rapid response and recovery through collaboration with service providers, partners and customers. Often organisations invested in tactical tools to monitor, detect, alert, manage events and provide forensic evidence.
Tools such as these can be very effective in addressing the technical, compliance, and assist in reporting against regulatory requirements. At CyberOps we understand that implementing tools in isolation, incorrectly positioned or technically ineffective does not provide the necessary business assurance to ensure a complete, cohesive or effective coverage.
Our CyberOps team possess the technical experience and business understanding to validate that the right tools are in place and are in alignment with critical business requirements to provide the management assurance necessary in today’s evolving business operations. With well-defined, documented, and measured Readiness, Response, and Recovery systems and processes and effective response to complex cyber threats and vulnerabilities can be achieved.
High -level objectives when evaluating Cyber Security coverage considers the following:
- Cyber risks management and governance processes
- Implementation of industry standards and best practices; don’t simply rely on compliance
- Business activities to evaluate and manage specific cyber risks
- Measure and test the true effectiveness of the program
- External, Internal and 3rd party vulnerability scans and penetration testing
- Development, maintenance and testing of incident response plans and procedures
- Coordination of cyber incident response planning across the enterprise, partners and service providers
- A business and operational understanding of the enemy aligned with critical assets and data
- Design and enforce technology perimeters/zones
- Layer and segregate differing service requirements and security architecture
- Consider content publishing requirements (applications and databases)
- Hosted and outsourced services – relevant internal skills, vendors, perceived transference of risk to an outsourcer i.e. DMZ, Website and Cloud computing
- Design and enforce secure methods at each layer, zone and path (user, session, application, service and devices) i.e. Mobility security (BYOD, wireless), workstation/device/network patching, virus/malware controls
- Coordinate cyber incident response planning across the enterprise, partners and service providers
- A business and operational understanding of the enemy
- Processes which maintain and evolve situational awareness of cyber threats relevant to the business
- Evidence of business oversight and review; not only reporting.
To achieve this the CyberOps team have established an approach to review, analyse, evaluate and report on activities and capabilities to greatly assist in the preparation and survival of differing Cyber Security incidents.