Protecting your business interests through intelligent IT security services, consultancy and training

Transcription

1 Protecting your business interests through intelligent IT security services, consultancy and training

2 The openness and connectivity of the digital economy today provides huge opportunities but also creates new risks. Such risks can result in large fines if you operate an e-commerce business or are in a highly regulated industry. Lack of security awareness can result in these risks being exploited and a company losing money, information and reputation. So why isn t IT security at the top of every board s agenda? Does your business know the answer to questions needed to gauge the level of exposure? How attractive a target are we? Do we have assets or processes exposed? What would be the consequences and costs of a successful attack? Asking and addressing these questions should help to avoid complacency and panic. It is essential for a company to consider could it happen to us? and manage their risks within acceptable limits. Many risks or security threats can be countered through employing regular vulnerability assessments and penetration tests across a company s IT assets. CY4OR has extensive experience in providing IT security services to companies of all shapes and sizes. CY4OR information security specialists are QSTM Tiger qualified. They understand the complexities of protecting an organisation s electronic data. They are experienced in conducting information security assessments to provide a comprehensive view of an organisation s security posture. In line with our standing in the industry and demonstrating our commitment to quality and information security, CY4OR is ISO 9001 and ISO accredited. The process of risk management is an ongoing iterative process as the business environment is constantly changing with new threats and vulnerabilities emerging every day.

3 VuLnerabILITy assessment PeneTraTIon TeSTIng SocIaL engineering PhySIcaL SecurITy CY4OR s vulnerability assessment service enables organisations to quantify and qualify security risks and apply resources to remediate those risks in the most efficient manner. The business environment is constantly changing and new threats and vulnerabilities emerge every day, therefore it is an iterative process which should be repeated indefinitely. The remediation plan provided gives organisations the tools necessary to make choices about which counter measures to employ, striking a balance between productivity, cost effectiveness and the value of IT assets being protected. CY4OR s penetration testing service helps to safeguard an organisation through: Identifying business systems and processes which may result in financial loss Preventing revenue loss from internal fraud through employees or externally through hackers Providing due diligence and compliance to your industry regulators, customers and shareholders Protecting an organisation s brand by avoiding loss of consumer confidence and business reputation CY4OR can identify real risks to an organisation s data and infrastructure through testing against the world s largest, fully tested and integrated public database of exploits. Social engineering is becoming a more common way of compromising the security of a business IT assets and data. It is a non technical part of information security which relies on influencing and manipulating people into divulging confidential information. This psychological deception exploits human weakness to access computer systems, commit fraud, industrial espionage, identity theft or simply information gathering. CY4OR can provide consultancy in this area and, with written authority from the business owner, can also undertake social engineering exercises to test or validate the information security. It is all very well undertaking vulnerability assessments and penetration tests to ensure that your IT infrastructure is secure, however, the physical security of your business premises should also be prioritised. For example, you can have the best firewalls, information security and user policies but if you leave the door open to the server room for an outsider to walk in, it negates any front end security that you have in place. If your virtual environment is locked down but your physical stance is not, there is potential for an outsider to gain access to your IT assets and your confidential data. CY4OR can provide an assessment of your outer perimeter, inner perimeter or interior security. We will provide you with a remediation plan which will identify holes in your security and the best course of action to take to eliminate these security risks.

4 IncIdenT response Following a security incident, seconds count and delays can have a severe impact on the finances and reputation of the company. It is also crucial that forensically sound methodology is used to investigate the cause of the security breach and any parties involved. At CY4OR we understand the time critical element of security incidents. our experienced team of investigators is available 24 hours a day to respond to nationwide incidents. We follow ProVen methodology In approaching each IncIdenT: Lock-doWn Perform the actions necessary to prevent further damage to the organisation and mitigate business risk. PreSerVe evidence Forensically capture data on compromised or affected systems. InVeSTIgaTe IncIdenT use forensic and information security tools to determine source of attack and capture perpetrator. Cy4or.Co.uk management report Provide a full log of investigation undertaken and the results of this investigation.

5 DESIGN AND PrINT By HoLDENANDSoNS.Co.uk Cy4or ALL rights reserved Cy4or.Co.uk London 90 Long acre covent garden London Wc2e 9rZ T f manchester Po box 439 bury bl8 9ag T f aylesbury Po box 777 aylesbury hp20 9br T f emergencies out of office hours T