Cyber security is a major concern for senior managers and boards in all organisations. Cyber security threat assessments allow your organisation to gain insight into its information security posture. Any deficiencies can be addressed, offering your organisation protection from previously unseen risk.
Cyber Security Threat Assessments are undertaken by Sententia's skilled and qualified network and information security engineers. Our team forensically review all aspects of your organisation's cyber security posture. |
Initial Cyber Security Assessment
The initial assessment is carried out by conducting:
o A network assessment that inspects the overall network architecture to ensure that the network (including wired and wireless networking) is configured and managed in the most secure manner possible.
o A firewall rule assessment that reviews the existing firewall rules and policy configuration to ensure that the most secure and appropriate settings have been configured on the firewall.
o An endpoint protection assessment that evaluates the existing endpoint protection measures for effectiveness and advises on best practice endpoint protection techniques and practices.
o A review of the organisations patching and update policy that ensures that the appropriate measures are in place so that device patching takes place within an acceptable time frame.
o A backup and disaster recovery policy assessment reviews the organisations data backup policy to determine if business critical data is being managed in the most fault-tolerant and business resilient method possible.
o A network assessment that inspects the overall network architecture to ensure that the network (including wired and wireless networking) is configured and managed in the most secure manner possible.
o A firewall rule assessment that reviews the existing firewall rules and policy configuration to ensure that the most secure and appropriate settings have been configured on the firewall.
o An endpoint protection assessment that evaluates the existing endpoint protection measures for effectiveness and advises on best practice endpoint protection techniques and practices.
o A review of the organisations patching and update policy that ensures that the appropriate measures are in place so that device patching takes place within an acceptable time frame.
o A backup and disaster recovery policy assessment reviews the organisations data backup policy to determine if business critical data is being managed in the most fault-tolerant and business resilient method possible.
Comprehensive Cyber Security Assessment
Upon completion of the initial assessment, any recommendations made should be actioned as appropriate. Following this, it is recommended that a comprehensive cyber security assessment is carried out. This assessment involves:
o An in-depth analysis of traffic flows in and out of the organisations network. This is conducted with a number of tools including a network security check up appliance and internet link and application visibility appliance.
o These tools will determine threats such as bots, malware, attempted exploits, data loss incidents, high-risk web applications and access to high-risk websites.
o A review of cloud applications and platforms being used by the organisation, with an emphasis on whether the appropriate security settings are in place.
o An endpoint assessment evaluates the state of each endpoints protection systems and determines whether each endpoint is running the most up-to-date operating system software.
o A compliance assessment to any relevant frameworks such as PCI-DSS, ISO-27001, NIST and others as mandated in your organisation's jurisdiction.
o An in-depth analysis of traffic flows in and out of the organisations network. This is conducted with a number of tools including a network security check up appliance and internet link and application visibility appliance.
o These tools will determine threats such as bots, malware, attempted exploits, data loss incidents, high-risk web applications and access to high-risk websites.
o A review of cloud applications and platforms being used by the organisation, with an emphasis on whether the appropriate security settings are in place.
o An endpoint assessment evaluates the state of each endpoints protection systems and determines whether each endpoint is running the most up-to-date operating system software.
o A compliance assessment to any relevant frameworks such as PCI-DSS, ISO-27001, NIST and others as mandated in your organisation's jurisdiction.
External Vulnerability Assessment
Upon completion of a comprehensive assessment, a list of recommendations is produced. Once these recommendations have been actioned, an external vulnerability assessment can be carried out by conducting:
o vulnerability scans which assess potentially misconfigured externally-facing systems, unnecessary administrator access to externally-facing systems and the possible use of default, weak or dictionary-based passwords.
o inspection of an organisations off-site or cloud deployments to ensure that the necessary security is deployed and implemented.
o optional penetration tests can be conducted through the employment of registered ethical hackers. Penetration tests are only recommended if a comprehensive assessment has been completed and cyber security issues continue to persist.
o vulnerability scans which assess potentially misconfigured externally-facing systems, unnecessary administrator access to externally-facing systems and the possible use of default, weak or dictionary-based passwords.
o inspection of an organisations off-site or cloud deployments to ensure that the necessary security is deployed and implemented.
o optional penetration tests can be conducted through the employment of registered ethical hackers. Penetration tests are only recommended if a comprehensive assessment has been completed and cyber security issues continue to persist.
Social Media Threat Assessment
Threats from social media engineering are becoming more prevalent, usually because inappropriate information about an organisation is available through social media.
A unique offering available through Sententia is a social media threat assessment. This assessment allows an organisation extensive visibility relevant information available through social media channels including Facebook, Twitter, LinkedIn and Instagram. The assessment assists organisations in formulating a solid social media strategy to ensure that it can best control publically available information pertaining to that organisation.
A unique offering available through Sententia is a social media threat assessment. This assessment allows an organisation extensive visibility relevant information available through social media channels including Facebook, Twitter, LinkedIn and Instagram. The assessment assists organisations in formulating a solid social media strategy to ensure that it can best control publically available information pertaining to that organisation.
User Awareness Assessment
One of the most critical areas of information security is user awareness and training. The desire for convenience often means that users make inadequate security-related decisions. This can include simple passwords on their user accounts, offering their credentials to others for use, inadvertently "volunteering" information to third parties and opening email attachments without first making an informed and security conscious assessment of the email.
Over 30% of all cyber breaches occur simply because of a lack of user awareness. Surprisingly, very little effort is placed on assessing, educating and incentivising an organisations users into adopting good information security behaviour.
Another unique Sententia offering is a user awareness assessment. This assessment seeks to establish the cyber security readiness of an organisations users to determine how educated users are in information security readiness. The assessment will recommend any improvements needed to minimise an organisations chances of a cyber incident due to human error.
Over 30% of all cyber breaches occur simply because of a lack of user awareness. Surprisingly, very little effort is placed on assessing, educating and incentivising an organisations users into adopting good information security behaviour.
Another unique Sententia offering is a user awareness assessment. This assessment seeks to establish the cyber security readiness of an organisations users to determine how educated users are in information security readiness. The assessment will recommend any improvements needed to minimise an organisations chances of a cyber incident due to human error.