Getting The Most Out Of Your Penetration Testing
If you are intending to conduct a penetration testing exercise during the coming months it may be worth booking an hour with one of our consultants to undertake some initial planning to ensure you take the opportunity to get the scope of the testing right and maximise your budget allocation.
6 key points to consider about a Penetration Test:
- Conduct a risk assessment to establish where your organisation may be exposed
- Establish what should be tested and why – e.g. infrastructure, web application, mobile, wireless
- Agree on the type of Penetration Testing to be conducted – e.g. internal or external, white/grey/black box
- Understand the impact testing may have on your business operation, and agree on the ideal timing for the exercise to be conducted
- Determine how to maximise the value of your assessment outcome – conduct an in-depth review meeting of the results, create an action list, if appropriate compile a developer report for defect fixing etc
- Ensure that you obtain a detailed scope and price document before awarding the contract to a provider
New Policy System Development Project Concludes
Next month we will be making some important and exciting announcements regarding the conclusion of our development project and the availability of our new cloud-based IT Policy System and Policy Management as a Service offering. More details to follow.
Two of our new policy customers, Wellington International Airport and Maitland City Council, kindly agreed to document a case study regarding their recent IT Policy System projects.
Click here to read their studies.
Policy Work Or A Root Canal Procedure?
If you are struggling to develop, deliver and maintain the right level of IT Policies for your organisation you are not alone! - Drop us a note to arrange a discussion. An initial 15 minute walkthrough of our system provides clients with a good understanding of how we can assist them get this exercise in hand.
I Love It When A Plan Comes Together! A.K.A Putting Your Incident Response Plan Into Action
Some recent analysis by Tenable of 700+ breach events found that over 35% were caused by ransomware attacks, while 14.4% of breaches were the result of email compromises.
How is your organisation placed to deal with an incident? - even organisations that have invested in cybersecurity may still be unaware of how to prepare for and defend against a ransomware attack.
Do you have an actionable incident response plan? - and if yes - has it been operationalised? Click here to view details on our Incident Response Execution Pack
Our First Responder Forensic Toolkit (FRFT) is a cost effective kit that can be quickly deployed by customers in the event of an incident, as urgent action is usually required. If you are responsible for documenting and maintaining an incident response plan, then it may be worth scheduling a call with one of our consultants to discuss how the FRFT will allow you to quickly take control of an incident, and ideally manage it to a positive conclusion.
How Does The FRFT Assist You In The Case Of An Incident?
The FRFT allows an organisation to perform in-depth forensic searches, collect evidence and complete 32 predefined key investigative tasks. Some common use examples being –
- A Ransomware outbreak means users are unable to access their data as it has been encrypted. The FRFT will assist an organisation to quickly gather the right evidence regarding the attack and most importantly help identify recoverable copies of the data affected with ransomware. Should this option prove to be not possible then the FRFT can also aid in the recovery process by gathering relevant information that may help create a decrypt key.
- Data breach - there is a requirement to identify which people have, without authorisation, elevated their system account privileges to access confidential company information and sent it to an external third party. The FRFT will identify system changes, detail user activity, and if required, recreate or recover system logs even if they have been deleted. Our technical experts advise that logs that never existed can be created!! – using data correlation techniques.
Finding a needle in a haystack
- An organisation is concerned that over time it has collected and stored credit card numbers on internal systems, however it cannot locate this data readily and is concerned that:
o They could be in breach of PCI-DSS requirements
o The data could be identified and used in the future by a hacker or rogue employee
The FRFT can be used to perform a search for card numbers used by 12 major credit card providers.
These common use examples provide a simple snapshot of the capabilities and power of the FRFT.
Click Here to view a detailed infographic we created on common use examples.