Cyber Assessment Services
Tailored to your requirements, our cyber assessment services range from a single application test to far-reaching tests where no vulnerability information is provided and every system and network is in-scope.
Assessments can go as far as to gain access and control of systems by any means (aggressive) or to simply illustrate that it “could” be done by “taking these next steps”, without actually taking the steps.
All of our cyber security assessments are conducted on site, with any technical access agreed beforehand so that business operations are not impacted or disrupted.
Cyber Security Review
Our questionnaire and interview-based Cyber Security Review is designed to provide a high-level assessment of a client’s information security capabilities. The assessment covers business, operations and technical requirements associated with information security and will specifically cover cyber controls and objectives for your people, process and technology.
Our vulnerability assessment starts from the outside of your organisation and works inwards. Through the use of both Open Source and Commercial tools and techniques we will conduct an electronic technical scan and assessment of an organisations IT infrastructure to identify and report on any potential vulnerabilities that may exist.
Our vulnerability assessment can cover the following (but will be agreed with you):
- Managed / Un-Managed Switches
- User Access Devices (UAD)
- Servers (Windows / Unix)
- Wireless Access Points
- Web Applications
- Public Website
Our Penetration Test uses Open Source information and specialist capabilities to act and behave as an aggressive and disruptive force to assess the identified systems and vulnerabilities. This will cover the following cyber attack techniques (but is not limited to):
- SQL Injection
- Cross Site Scripting
- Covert Data Harvesting
- Password and Credential Harvesting
- Denial of Service
- Application and Operating System Exploitation
- Server and Network Shut Down
This highly technical assessment phase will be undertaken by our Cyber Technical Experts and managed both safely and securely to ensure the availability, confidentiality and integrity of all client information assets.
A Red-Team Exercise is one of the best ways for an organisation to test their real world defences. This is where a team of individuals play the role of a determined attacker, using all means available to them, to try to infiltrate the organisation both physically and digitally.
It is intended that only a few members of the organisation are made aware of the Exercise to provide maximum coverage and results from the physical security teams to the Board. Our Red-Team exercise is flexible enough to cover multiple sites over multiple locations.
It is recognised that the ISO/IEC 27001:2013 standard is accepted as the certification of choice for an organisation to achieve and maintain the highest level of information security maturity. Our certified ISO/IEC 27001:2013 Lead Auditors will undertake a gap analysis against all of the controls and objectives within the standard and will provide a road-map and timeline to prepare for the phases of certification.