Threats are increasing constantly, and IT teams are managing increasingly complex environments. Creating and maintaining comprehensive security and risk management policies that are appropriate for your business can be both difficult and extremely time consuming.
Consider these statistics:
- An average organisations takes 197 days to identify breach and another 69 to contain it
- The average cost of a breach is $3.86m
- Each personal record is $148 per record on the Dark Web (Ponemon Institute Report 2018)
- Cybersecurity incidents are predicted to cost Australia $29 billion a year.1
- There are now 3,317 families of malware, and 17,671 malware variants.2
- Since Australia’s Notifiable Data Breaches scheme began, there have been an average of 2.6 breaches reported every single day.3
- Of all of the data security breaches reported to the Office of the Australian Information Commissioner in Q4 2017, 36% were due to human error.4
The risks and costs are significant and growing by the day – are you confident that your security measures are up-to-scratch?
Feedback Form
How can PhoneTek help?
PhoneTek’s experienced and skilled team offers a range of consulting services which can help your business understand your current security posture and take the necessary steps to ensure the most appropriate security measures to manage those risks. These include:
As IT environments become increasingly complex and technology continues to evolve across multiple platforms, it can be difficult to stay on top of potential security issues. A third-party Security Audit can help you size up the potential risk and develop a comprehensive remediation plan.
Brennan IT conducts audits against the ISO 27001:2013 standard; assessing your current security policies, processes and practices to a globally-recognised standard.
What’s included:
- A highly detailed audit process that includes interviews with key stakeholders across the business; review of documentation including policies, procedures, processes and practices; physical inspection of sites; review of technical configuration of selected systems.
- A comprehensive Security Audit Report detailing all major security risk scenarios and acceptable risk mitigation controls.
- A security implementation roadmap, outlining security risks, remediation priorities and projects timelines.
- A walk-through of any identified security risks and ownership.
This risk assessment process will enable you to –
- Identify security risks within your organisation.
- Determine your risk remediation strategy.
- Track progress of the risk remediation actions.
- Allocate accountability for remediation
- Improve your organisational risk posture
What’s included:
At the start of the process, we review your existing Risk Management Policy and align both our risk assessment methodology and the Risk Register with your policy. Alternatively, we can create a Risk Register which aligns with ISO 27005, ISO 31000 & NIST SP 800-30 risk management standards. The end result is a comprehensive Risk Register, detailing the vulnerability, risk, impact including worst-case assessment, actions, ownership and resolution dates across your business.
No industry sector is immune from attack, which is why it’s imperative you consider a vulnerability assessment. Undertaken regularly, this process identifies, quantifies and prioritises the vulnerabilities in your system, application or network component, and can be used to demonstrate security compliance by your organisation.
Quarterly vulnerability assessments are a requirement for obtaining and maintaining PCI DSS Compliance certification – a basic precondition for companies accepting credit and debit payments. A Vulnerability Assessment can also be performed in preparation for a penetration test, in order to identify the weaknesses to be exploited by the test.
What’s included:
- Scan – Our team can identify vulnerabilities associated with a range of IT assets, including operating systems, network devices, databases and applications.
- Report – we provide a detailed report outlining each vulnerability, including vulnerable host(s), operating system weaknesses, level of security risk for and our recommendation for remediation.
- Action – while the Vulnerability Assessment does not itself fix any found vulnerabilities, we can then work with you to take the most appropriate course of action.
People represent one of the biggest risks to your organisation’s security. To ensure high levels of protection, your people need to be regularly informed about their roles and responsibilities with regards to security. Our skilled team can deliver a security training based on your existing security controls, with a specific focus on your security gaps or pain areas. We communicate with your people and get them up to speed on security hygiene and best practices for protecting classified data, using strong passwords, as well as avoiding sophisticated phishing and social engineering attacks. We also provide security presentations to specific staff members, tailored to your needs.
What’s included:
- A fully customised training program
- A security awareness training presentation.
- A follow-up quiz to help measure training effectiveness
- Training compliance report
To stay protected, and compliant, your organisation needs to continually update your documented information security policies. However, most organisations struggle to consistently allocate the resources or skill-sets to effectively prepare and maintain these policies internally. Brennan IT can help by working with you to determine your requirements, evaluate your current policies, and prepare new, updated documentation.
What’s included:
A comprehensively updated set of security documentation covering:
- Information Security Policy
- Risk Management Procedure
- Information Security Management System (ISMS) Policy
- Statement of Applicability
- Security incidents and actions procedure
- Vulnerability management procedure
- Password standards
A comprehensive Security Governance framework provides the leadership, drive and oversight for implementing and enhancing security within the organisation, by guiding management to make the appropriate resources available to drive information security. This is the foundation to ensure security tasks are performed at planned intervals, incidents are managed effectively and resources remain available to operate the ISMS.
Brennan IT manage the complete Security Governance process, by:
- Establishing your Security Governance structure
- Identifying membership and formulating your Security Committee
- Creating security monitoring documentation
- Developing Security Metrics and Measurements against your security objectives
- Conducting Management Reviews to track the effectiveness of your ISMS
- Develop your Security Calendar document to identify recurring security tasks and actions
Brennan IT can work closely with your business to achieve ISO 27001:2013 certification. This valuable certification can help your business ensure you are meeting all stakeholders’ security expectations, enhance your business prospects and strengthen your supplier security relations. It can also help you improve your overall security posture and reduce ongoing security incidents. Plus, it can protect the confidentiality, integrity and availability of your data. Brennan IT’s expert security team can work with you from start to finish to ensure you have everything you need to attain this certification.
What’s included:
- A new security governance structure
- Development of security policies and supporting procedures
- An in-depth risk assessment and creation of risk registers
- A detailed security audit
- Review of your Business Continuity Plan
Why PhoneTek IT for your security consulting?
- Experience and expertise. Brennan IT has the in-depth security knowledge and experience to help you identify and mitigate key areas of risk.
- Practical, pragmatic approach. We are logical and cost-effective in how we prioritise what you implement.
- End-to-end approach. Unlike many other consulting firms, Brennan IT can also help you action any recommendations and provide a complete security service, from start to finish. We can work with you to apply best practice relating to configuration, patching and updates, define policies, and develop documentation as well as help you meet compliance requirements.
[1] CIO Magazine, Cybersecurity Incidents Could Cost Australia $29 billion a year, [online], accessed 20 September 2018, <https://www.cio.com.au/article/642963/cybersecurity-incidents-could-cost-australia-29-billion-year/>
[2] Fortinet, Swarming IoT attacks – Cryptojacking and ransomware drive dramatic spike in malware, [online], accessed 20 September 2018, <https://www.fortinet.com/blog/threat-research/swarming-iot-attacks–cryptojacking–and-ransomware-drive-dramat.html>
[3]OAIC, Quarterly Statistics Reports – Notifiable Data Beaches Quarterly Statistics Report, accessed 20 September 2018, [online], <https://www.oaic.gov.au/privacy-law/privacy-act/notifiable-data-breaches-scheme/quarterly-statistics-reports/notifiable-data-breaches-quarterly-statistics-report-1-april-30-june-2018#executive-summary>
[4]OAIC, Quarterly Statistics Reports – Notifiable Data Beaches Quarterly Statistics Report, accessed 20 September 2018, [online], <https://www.oaic.gov.au/privacy-law/privacy-act/notifiable-data-breaches-scheme/quarterly-statistics-reports/notifiable-data-breaches-quarterly-statistics-report-1-april-30-june-2018#executive-summary>
Different businesses have different needs.
Find out which products meet your needs.