Compliance
Assessments

Business managers and technical teams don’t always have a clear understanding of what is required to protect both their business and its information assets in an increasingly connected operational environment.

This service provides you with an objective view of your current level of cybersecurity maturity and a pragmatic roadmap to help you raise the bar. Our consultants have extensive experience with various frameworks.

Our service includes the following:

• A gap analysis determining the shortfalls between your current state and your chosen cybersecurity controls framework.
• If required, we can help you select an appropriate framework for your organisation.
• Prioritised recommendations to remediate identified gaps.
• A full gap analysis review with detailed findings for technical staff, including an executive summary.
• For a longer commitment including regular reassessment as controls are addressed, we also provide access to our cloud-based tool so you can review your most recent assessment data in real-time.

Organisations may need to demonstrate a level of cyber maturity by becoming certified.

A cybersecurity certification readiness assessment provides you with greater knowledge and understanding of your system’s cybersecurity posture before you involve the certification auditor.

Our consultants work to assist you with the following activities:

• Assess your system before your official certification assessment to help you identify any areas of concern to be addressed.
• Provide input on which findings should be prioritised for remediation or mitigation.
• Create mitigation statements if required.

If you can’t measure it, you can’t improve it!

This service provides you with a detailed assessment to determine the efficacy of information security controls, as a standalone review and report, or as part of formal review of your information security management system (ISMS).

For these engagements we work within your controls framework, risk management, and treatment methodologies.

You will receive:

• An assessment of the effectiveness of your organisation’s security controls
• Information that allows a focused and efficient approach to improving your security posture

There is a misconception that cybersecurity threats are limited to technology and online activity, however your physical environment could be equally at risk. When staff are distracted, they may not pay attention to unauthorised people attempting to access restricted areas, or they may leave their unattended computer unlocked.

Our team has significant experience simulating unauthorised access to restricted areas during office hours.

This service assesses how easy it is for an unauthorised person to access your environment.

The three main assessment areas include:

• physical access to restricted office areas
• access to an unattended and unlocked computer, including sending an email from it to your security team
• physical access to a server or equipment room

Following the assessment, we provide you with a report of our findings and recommendations.

Penetration testing is important in helping you understand your application, network, and perimeter-based vulnerabilities that hackers could exploit. Understanding what these gaps are, is the first step towards remediation.

We have partnered with ZX Security to provide you with the following services:

• External penetration test – Review your presence on the Internet and susceptibility to being compromised, either through misconfigured, unpatched, or insecure servers. Other areas that could be tested include access to administrative interfaces, webmail, and remote access service portals.
• Internal penetration test – Test whether a consultant can make their way through the network, obtain administrative permissions, and determine if the security team monitoring the network can detect and/or stop the intrusion.
• Red team engagement – A wide scope test of people and systems for security weaknesses as well as the operational security response to a real-life intrusion.