Kaon Security are a trusted IT security partner for a large number of local government and commercial entities across the ANZ region.
Using our remote location consulting service offerings means you can tap into the same high calibre professional security expertise that larger organisations get ready access to in main centres.
Distance and time are not a barrier to creating a secure computing environment. They certainly aren’t a barrier to cyber criminals.
The services outlined below are designed to help efficiently and effectively develop and improve your security posture.
IT Policy Lite System
One of our recent customers, Broken Hill City Council (BHCC), had the following challenges associated with IT Policies.
- The existing policies were written and developed at different times and were therefore disjointed, with many requiring a thorough review before being updated.
- As policy review dates fell due, someone had to conduct time consuming research into contemporary IT policy standards.
- Writing/maintaining content was a tedious task that wasn’t a priority, resulting in policy review delays.
- BHCC felt a means of informing staff about IT policies through a new interface was needed to help improve the security posture throughout the organisation – particularly for longer serving staff who had completed their IT inductions some years ago and needed a refresher induction based on current best practice IT policies and standards.
Kaon Security offered an off the shelf comprehensive system that was a cost effective solution for BHCC. Selecting the Policy Lite System ensures that the Council’s policies are aligned to their business requirements, industry standards and themes. Users recognise that this isn’t just an internal requirement, but one that also sees BHCC aligning with standards that are implemented across a variety of both Government & non-government organisations.
Click Here to view the Broken Hill City Council case study.
Click Here to view the Policy Lite System details.
Remote Technical Security Audit
Our remote technical security audit provides a snapshot of internal network and operating systems vulnerabilities.
A combination of commercial and public domain tools are used to test systems for well-known vulnerabilities.
Processes covering the security of the systems are reviewed at the time of the audit.
A report is generated detailing our findings. An executive summary, technical summary and all scanner information is included.
Recommendations for remedial action are provided within the report. We can also provide you with feedback specific to how you organisation looks alongside the ASD Essential 8 Maturity Model.
Limiting the chance of email based attacks
Email is a crucial business and communication medium in the digital world. The majority of our communications (including confidential communications) are carried out over email.
Email is also the favourite mode of initial attack or entry point for most cyber criminal activities.
Phishing, whaling, and malware campaigns are the most common examples where email provides a criminal with a platform from which to carry out attacks, as mentioned last month in our newsletter on BEC scams.
Organisations test their internal infrastructure with technical security audits, their external infrastructure with various types of penetration testing, and aim to raise their user awareness with internal phishing simulation activities.
However, organisations routinely forget to regularly check and test the security controls they use to filter, secure, and process emails.
Kaon Security’s Email Security Assessment focusses on addressing this gap and provides unique intelligence based on the outcome of the security assessment.
Some of the key aspects covered during the exercise are:
- An assessment and test of the accuracy of your email spam blocking.
- An assessment and test of the blocking capabilities of your email spam filter.
- A simulation of zero day threat actors and their detection rate.
The outcome from the Email Security Assessment could significantly help with key business and security decisions.
Some of the key benefits of this assessment include:
- You can measure the effectiveness of email security controls.
- The potential risks to your security posture are understood.
- Email security gaps are identified and can be addressed.
- A business case can be developed to support upgrading or replacement of existing controls.
- Awareness training programmes can be introduced or adapted.
This exercise can be supplemented with a controlled real-world external Phishing campaign with uniquely crafted user awareness landing pages.
Our experience shows that these campaigns can yield more impact when compared to deploying an internal phishing simulation run over several months.
To discuss how we can assist your organisation contact Mike or Steve.