The threat landscape is constantly evolving with new threat actors and greater sophistication in attack methods. The enterprise risk profile is also changing with new vulnerabilities emerging, complex applications and increased adoption of digital business.
Our threat and risk management methods are focused on building reliable security intelligence to stay ahead in a dynamic risk environment. Our cyber risk advisors draw on their deep experience to develop or review existing vendor risk, security risk management practices, or vulnerability management programs.
Enterprise & Security Architecture
Make the right technology choices and obtain implementation guidance to optimise the use of technology and drive strategic business value.
Output
- Review of the current state architecture of a domain area or a specific technology
- Assistance with the definition of functional and non-functional requirements and criteria to conduct a technology evaluation and selection
- Definition of conceptual, logical and physical architectures for a specific technology or solution
- Conducting of independent technology selection processes on behalf of our clients
- Recommendations of security architecture that minimises complexity, and effectively leverages existing tooling to meet the security objectives of your organisation
- Development of enterprise level architecture strategies, blueprints and roadmaps
Benefit
- Leverage deep technical knowledge across a wide range of security disciplines to guide your designs and projects
- Incorporate sound architectural governance practices to optimise your technology investments
- Future-proof your technology decisions and implementations with research-backed guidance
Threat Analysis & Security Testing
Get insight into your organisation’s cyber threat posture, system vulnerabilities or perform penetration tests of specific systems. Profile your user awareness of security and ethical practices.
Output
- A selection of both internal and external vulnerability scanning and testing methods can be used to develop the most comprehensive posture viewpoint – uncommon in traditional approaches
- Cyber threat intelligence is conducted by intelligence specialists and provides ‘real world’ threat data from the dark/deep web and intelligence community
- Internal and external vulnerability scanning provides insight into vulnerable systems and remediation prioritisation
- Penetration testing simulates an internal or external attacker and targets either a broad network attack surface or a specific application
- Crown jewel assessment identifies your business critical applications and data assets along with the impact of attack or failure
- Social engineering assessment analyses the human vulnerability and gauges their susceptibility to policy breaches, phishing and fraud
- Physical security testing simulates an attacker gaining access to key locations to compromise assets and exfiltrate information
Benefit
- Augments a top-down view with analysis of your technical environment
- Flexibility of layered viewpoints provide visibility of ‘real’ risks coupled with mitigation actions
- Recommendations for ‘quick wins’ with vulnerability remediation
- Remediation strategy for the vulnerabilities identified
- Guidance from seasoned consultants help interpret the technical jargon into clear priorities and remediation actions
Identity & Access Management
Gain control of user access across your environment through the innovative use of governance, process and automation.
Output
- Definition of the best strategic approach to manage your internal and external identities and related access mechanisms
- Independent oversight of your technical IAM implementation
- Guidance on the design and specification of identity and access management functionality for your business projects
- Assistance with your IAM consolidation, migration or federation strategies
- Assistance with the selection of approach and controls to achieve audit compliance
Benefit
- Leverage consulting expertise in this field who have practical experience with the leading IAM technologies
- Avoid common pitfalls through guidance on how to navigate enterprise and technical complexities
- Achieve quick-wins without elaborate technology
Application Security
Review the security design of your applications or get assistance during your testing process. Improve your development processes embedding security in your SDLC
Output
- Research shows that detecting security vulnerabilities in earlier phases of the development life cycle results in substantially lower development costs while at the same time producing software with fewer security defects.
- Perform security architecture and design review well before your coding is complete
- Use threat modelling to evaluate your designs against a wide variety of common threats and vulnerabilities as well as those specific to your application environment – considering integration points and data flows
- We combine the use of code scanning tools with expert human analysis to provide you with a comprehensive picture of your application’s security posture
- We help you build security into the Software Development Lifecycle (SDLC), creating secure software development guidelines and standards, training software developers and QA analysts, establishing meaningful metrics for management, and determining which tasks to perform in-house and where to bring in outside expertise
Benefit
- Uncover security gaps at at an early stage allowing you to deploy a more robust application with fewer surprises during testing and when in production
- We can assist with security expertise in every step of the way throughout the application lifecycle phases
- Integration of realistic and actionable security review processes into your existing SDLC