29/03/2018

Security, legal, regulatory and operations reviews

CyberOps provides tailored security assessments to align with your organisation, industry, regulatory/legal landscape, organisational size and operational requirements.

 

Assessment include:

  • Cyber Security Health Checks of critical operating environments, organisational policies, processes and business alignment to required guidelines/standards/laws/regulatory requirements. Assessments include, but are not limited to:
    • Australian Signals Directorate (ASD) guidelines – TOP 35 and Essential 8 Information Security Manual
    • Australian Defence Security Manual (DSM) and Protective Security Policy Framework (PSPF)
    • Australian Government Information Security Manual (ISM)
    • US National Institute of  Standards and Technology (NIST) cybersecurity guidelines
    • Payment Card Industry Data Security Standards (PCI-DSS)
    • Australian Securities & Investment Commission 26 (ASIC 26)
    • SANS and Centre for Internet Security (CIS) guidelines, hardening guides and security benchmarks
    • Open Web Application Security Project (OWASP) Web, Mobile and thick application development and testing guidelines
    • Office of the Australian Information Commissioner (OAIC) personal information security and Privacy Principles guidelines
    • Australian mandatory Notifiable Data Breach (NDB) law and EU General Data Protection Regulation (GDPR)
    • Australian Prudential Regulation Authority’s (APRA’s) security and governance requirements, guidelines and standards
    • US Health Insurance Portability and Accountability Act (HIPAA)
    • International Standards Organisation security and risk standards such as ISO 27001/2, ISO 22301, ISO 27032, ISO 31000 and others.
  • Review and/or establishment of a Cyber Security road map or framework for the organisation, inline with industry standards/guidelines, laws and regulatory requirements
  • Review and/or establishment of Cyber Risk Management plan consistent with the Risk tolerance of the organisation and industry
  • Cyber Security Operations reviews, assessments of processes & procedures to improve the efficiency of security operations and incident management processes
  • Disaster Recovery (DR) and Business Continuity (BC) maturity
  • COBiT – Control Objectives for Information and related Technology
  • AS/NZS 4360 – Risk Management
  • AS2805 – Electronic funds transfer
  • Capability Maturity Model (CMM)
  • Defence Signals Directorate ACSI33 (Security Guidelines for Australian Government IT Systems), Gateway Certification Guide & Evaluated Products List

Specialist assessments include:

  • IoT Cyber Security Assessment as per Cloud Security Alliance (CSA) security guidelines, including IoT Vulnerability Assessment & Penetration Testing (VAPT)
  • Critical infrastructure Cyber Security Maturity Assessments
    • Oil and Natural Gas Cyber Security Capability maturity modeling
    • Electricity Cyber Security Capability maturity modeling
    • Water Cyber Security maturity modeling
    • Smart Grid Cyber Security modeling
  • Australian Defence subcontractor or supplier organisational readiness reviews
  • SCADA / Critical Infrastructure Cyber Security Operations reviews as per critical infrastructure NIST or other related standards.

 

Contact us to discuss how we can help.

    [email protected]