Cybernetic Global Intelligence. Service Information Package

Transcription

1 Cybernetic Global Intelligence Service Information Package / 2015

2 Content Who we are Our mission Message from the CEO Our services Managed Security Services Penetration Testing Security Audit Web Application Testing PCI Compliance SCADA Security Contact Certifications

3 Who We Are Cybernetic Global Intelligence is a global IT Security firm that helps companies protect their data and minimize their vulnerability to cyber threats through a range of services such as Security Audits, Penetration Testing, Managed Security Services, Web Application Security, and many more. Our services are carried out by certified IT specialists who have made protecting companies from cyber crime their key mission. Cybernetic Global Intelligence is backed by more than 20 years of experience from leading IT security experts and researchers from all around the world. Formed in 2009, we are an emerging and quickly growing company with an exceptional advantage: our security experts are not only employees, they hold a stake in the business. This provides us with committed and empowered employees who are constantly acquiring new qualifications and striving to stay at the forefront of IT Security. We are located in the heart of Brisbane s CBD, yet have a global presence with clients spanning the Asian- Pacific region, Europe, USA, Middle East, and of course Australia and New Zealand. Key Facts Australian Owned & Operated Fully Certified & Accredited Global Client Base +250 Employees Since 2009 Leaders in Innovation Key Benefits Stakeholder Employees. All of our staff are qualified and certified IT security experts with several years experience. Fully Certified. We are a Certified Information Systems Security Professional (CISSP), Payment Card Industry Qualified Security Assessor (PCI QSA), ISO Lead Auditor. Free Staff Training. We can arm your employees with the practical skills required to identify and defend against new and existing cyber threats. Available with any service. Service Guarantee. Upon completion of any of our services, we will return to you at no extra cost to insure that the appropriate recommendations have been successfully implemented. On-going Loyalty Rewards. To reward our clients for continued loyalty, we offer free security training for your IT staff in technical expertise required to effectively secure your organisation against cyber-attacks. *minimum purchase of two services within one financial year. 01

4 Our Mission Educate our customers and the global community on safety in the digital space and promote actions leading to a more aware public. Protect our customer s networks and systems with meticulous diligence, utilizing state of the art practices and technologies. Promote innovation and enable our customers to create and build in safe and secure environment: to show initiative in protecting future advancements in innovation and the Internet of Things (IoT). Provide all organisations with tailored and cost effective protection, regardless of their industry or size. Because everyone deserves to work in a safe digital environment unhindered by cyber threats. Because we believe in a brighter and safer digital future. Message from the CEO We have exceptional assets; an unrivalled portfolio of clients, a robust balance sheet and an outstanding team of IT professionals to protect our clients and build long lasting relationships. We are intensely proud of our company s legacy and of our team who continue to inspire and be at the forefront of the war against cybercrime. CEO, Ravin Prasad 02

5 Our Top 6 Services Managed Security Services Penetration Testing Security Audit Web Application Testing PCI Compliance SCADA Security 03

6 Managed Security Services (MSS) The overwhelming amount of cyber threats targeting businesses today are becoming increasingly sophisticated. In this threat landscape traditional practices involving firewalls and anti-virus software are not enough to protect your business against these threats. Moreover, a vast majority of businesses today lack the necessary competencies or resources to handle their cyber security in-house Real-time Information Security Monitoring of your network. These gaps and inconsistencies in security systems leave millions of businesses vulnerable to attack. To manage the gaps and inconsistencies in their security systems, businesses need to invest in Managed Security Services (MSS). Our MSS is a comprehensive security solution that provides continuous, live monitoring of your system, at every moment of every day, not only detecting attacks or other threats such as malware and virus infiltration, but launching effective counter measures to terminate these attacks before they are successful in penetrating your system. Benefits The benefits of investing in professional security management services are numerous and far reaching, just as the negative consequences of not having adequate threat management in place for your business could be catastrophic. Fully serviced updates and patches ensuring you always have the latest protection. More than 250 certified MSS specialists available around the clock to ensure your network is always monitored. Professional Security: Our managed security services provide a comprehensive threat defence that gives you peace of mind through continuous business protection, day and night. Minimize Risk: Our multi-layered approach to managed security will help you minimise the costs of business disruption, loss of data, and potential legal implications associated with loss of confidential information. Cost Effective: Cybernetic Global Intelligence security solutions come with no hidden costs to assist with your operational planning and free up your IT resources to be redeployed where you need them most. Our MSS Team Our security monitoring experts possess GCIA and GCFA certifications, and have the capabilities to analyse incidents, deal with false positives, and respond appropriately to critical events. Get serious about your business and protect what matters. Speak to one of our experts about your security needs today. Read More Information 04

7 Penetration Testing Penetration Testing is an authorized attempt for certified ethical hackers to breach your system in order to identify its vulnerabilities and to safely close any flaws that real cyber criminals may exploit. At Cybernetic Global Intelligence we specialize in a full spectrum of penetration testing capabilities starting from information gathering, foot-printing, vulnerability assessment, exploitation, and reporting. Penetration testing is an excellent tool for evolving your cyber security as it provides a detailed analysis of where your IT Security weaknesses lie. We work closely with you to ensure the process is userfriendly and hassle free. A Penetration Test can be used to test your servers, endpoints, networks devices, mobile devices, wireless networks and overall systems. Penetration testing will also enable you to measure the level of compromise you and your clients may encounter and determine how far-reaching the effect of a breach on your network can be. Once we know where the flaws in your cyber security are, we can help you prioritize your remediation efforts and help you become more effective against potential cyber attacks. Our consultants are certified as CISSP, CISA, ISO 27001, and GCIA. Benefits Meet industry standards such as ISO and ISO Anticipate emerging security risks: The information gathered from penetration tests can help your business effectively anticipate emerging security risks and prevent unauthorized access to its critical systems and information. Identify gaps and weaknesses in current security practices: This means that you don t need to wonder whether your systems are protected in case of a threat but know exactly where your vulnerabilities lie and how to fix them. Regulation Compliance: Regulatory compliance is a necessary nuisance for many businesses, but we can help your business get a better handle on its application and use of security technologies and processes to ensure cohesion with your overarching business objectives. Our Team Our consultants are certified as CISSP, CISA, ISO 27001, and GCIA; and possess a comprehensive range of technical expertise in a wide array of operating systems, databases, firewalls, Intrusion Detection Systems, Network elements, Code Reviews, Web Servers, Messaging Servers and many more. Read More Information 05

8 Security Audit A Security Audit is a necessary and thorough end-to-end examination of your IT Security infrastructure. Its purpose is to review your business s current security practices to ensure that the most appropriate and upto-date processes and mechanisms are being applied. Furthermore, a security audit will also determine if all your business s security infrastructures and practices are performing in accordance to accepted industry standards such as CoBIT, and any legal requirements specific to the industry and country in which your business operates. Backed by over 20 years of experience. At Cybernetic Global Intelligence, our security auditors will identify any potential gaps and weaknesses in your business s existing defenses, technologies, information handling processes, user practices and other critical areas, and help you determine the most cost-effective actions to mitigate or reduce these security threats. Protect your business against liability and be regulation compliant. Benefits Identify gaps and weaknesses in current security practices: This means that you don t need to wonder whether your systems are protected in case of a threat but know exactly where your vulnerabilities lie and how to fix them. Regulation Compliance: Regulatory compliance is a necessary nuisance for many businesses, but our security audits can help your business get a better handle on its application and use of security technologies and processes to ensure cohesion with your overarching business objectives. Cost effective: Our security audits will help your business save money by finding more efficient ways to protect your information systems, and minimise waste of resources on outdated or ineffective practices. Our consultants are fully certified as CISSP, CISA, ISO 27001, and GCIA. Our Audit Specialists Our consultants are certified as CISSP, CISA, ISO 27001, and GCIA; and possess a comprehensive range of technical expertise in a wide array of operating systems, databases, firewalls, Intrusion Detection Systems, Network elements, Code Reviews, Web Servers, Messaging Servers and many more. Read More Information 06

9 Web Application Testing To ensure your IT security is effective in deterring cyber attacks from all entry points you need to have your web applications tested. Developers often do not have the sufficient amount of time to spend on security which results in easily compromised web applications. If you are developing an app for your business, use WordPress, Joomla, ZenCart or any form of Web Application, then you need to make sure they are properly protected by performing a Web Application Test. A compromised app can lead to poor IT security and result in stolen sessions IDs (cookies), account information theft, database breaches or malicious code being planted on your website, etc. Benefits Our Specialists are fully GCIA and GCFA certified. Cost effective and efficient solution that allows your developers to focus on other issues and meet deadlines. Happy Customers: Security is a top concern for users and web app providers have the responsibility to ensure the apps they offer will keep user information safe. Proper testing is an integral part of creating a positive user experience and will help guarantee that your users never experience complications with your app and never have to worry about their information being compromised. Happy Developers: Developers are the ones who bring your app to life and in the process security can often take a back seat when deadlines become an issue. Your development team needs time to focus on working out other kinks and may not have the time or simply the expertise to perform professional grade testing. Empower your team and help your developers stay on track by authorizing us to take care of the testing for you. Dedicated Team of Web Application Specialists who focus solely on Web Application Testing. Our MSS Team Happy You: Receive the peace of mind you and your users deserve by securing your web application from both external and internal threats. The losses your business can suffer if your application is hacked and data is compromised can be irreversible. Don t let the hard work of developing and designing a web application become obsolete in the case of a data breach. Your business and your users will thank you for it. We have a dedicated team of IT Specialists who focus on Web Application Testing. All of our specialists are fully accredited with several years of experience in reviewing application design, code and features, across various platforms such as Java, PHP, Ruby on Rails, C++, ASP, ASP.Net etc. Read More Information 07

10 PCI Compliance If you use e-commerce on your website or EFTPOS machines for transactions then PCI Compliance is necessary to avoid liability in case of a breach and to avoid fines associated with not sufficiently protecting your customer s credit card information. Cybernetic Global Intelligence provides consulting and PCI compliance certification services to comply with and audit the PCI DSS standard. We can help you in your pursuit of becoming PCI compliant by conducting gap analysis, implementing the necessary controls and also preparing the Report on Compliance (ROC) and Self-Assessment Questionnaire (SAQ). Minimise your liability in case of a data breach with full PCI DSS compliance. Benefits Minimise Liability: Not being PCI compliant could be disastrous for your business. Compromised data negatively effects both consumers, companies and financial institutions, leading to credit card fraud, disruption to processes and huge expenses from reissuing cards. Your business could be found liable if your company is not PCI complaint and breached, resulting in lawsuits, cancelled accounts, fines and loss of reputation that you ve spent years to build. Competitive Advantage: Using best practices and being PCI compliant means you are actively preventing data breaches. Ensuring your data is secure makes it more difficult for hackers to obtain payment card data and makes your customers more confident in using your services. Companies that do not protect customer data are more at risk of theft and security breaches, giving you an edge over your competitors who are not compliant. Peace of mind for both the business and the customers. Minimise your liability in case of a data breach. Our Specialists At Cybernetic Global Intelligence, we have a team of qualified assessors that can assist in all aspects of compliance. Like any compliance system, PCI DSS can be complex and hard to navigate alone. We can take the stress out of becoming PCI compliant by assessing and validating adherence to PCI Security Standards and work with you to develop remediation strategies to help you meet the standard. 08 Read More Information

11 SCADA Security SCADA systems often have a life span of decades, which means whatever original security measures they have been developed with are long out dated. It is important to your overall IT Security that as SCADA systems become integrated with modern technology and internet access, that the threat to these systems is immediately assessed and patched. SCADA security is an integral part of ensuring the integrity of commands and that uptime availability is not compromised. Due to the minimal tolerance SCADA systems have for latency in their communications, scanning for network vulnerability and holes in cyber security is a necessity to ensure your business is safe from attack. Complaince in ICS-CERT, DoE, DHS, NIST SP Rev 4, National ICS Security Standard, and more. Cybernetic Global Intelligence works with many businesses to help them meet challenging monitoring and control requirements. As regulation around reliability and security of services is increasing, a robust yet cost-effective analysis of your SCADA system is essential to meet the demands placed on your business. Our SCADA specialists will identify any potential gaps and weaknesses in your business existing defenses, technologies, information handling processes, user practices and other critical areas, and help you determine the most cost-effective actions to mitigate or reduce these security threats. Benefits Protect mission critical systems and reduce risk and liability. One of a kind protection using AuditPro, our own in-house developed auditing tool. The benefits of investing in professional security management services are numerous and far reaching, just as the negative consequences of not having adequate threat management in place for your business could be catastrophic. Professional Security: Our managed security service provides a comprehensive threat defence that gives you a peace of mind through continuous business protection, day and night. Minimize Risk: Our multi-layered approach to managed security will help you minimise the costs of business disruption, loss of data, and potential legal implications associated with loss of confidential information. Cost Effective: Cybernetic Global Intelligence security solutions come with no hidden costs to assist with your operational planning and free up your IT resources to be redeployed where you need them most. Our MSS Team Our team of dedicated SCADA Security experts ensure clients receive compliance in regulatory frameworks and standards such as: ICS-CERT, DoE (Department of Energy), DHS (Department of Homeland Security), NIST SP Rev 1, NIST SP Rev 4, TR and ENISA guidelines for ICS systems, National ICS Security Standard, Qatar etc. Read More Information 09

12 Contact Cybernetic Global Intelligence Level 19, 1 Eagle Street, Brisbane 4000 QLD, Australia www. cybernetic-gi.com P: E: [email protected] Certifications 10