Managing Technology Security & Cyber Risk

Day 1

Pen Testing

Penetration testing also known as pen testing is a security practice that simulates an attack by a real cybercriminal to bypass the security controls of computer systems, networks or applications. It helps to discover different types of vulnerabilities and risks to the business that can measure an organisations resistance to an attack.

• We will discuss the following areas of testing and apply them in practice
  • Black box testing
  • White box testing
  • Grey box testing

Vulnerability Scanning

Vulnerability scanning is a process that defines, identifies and classifies a wide range of vulnerabilities in an environment. This can be a combination of both manual and automated processes conducted by a technical engineer with an information security background. Vulnerability scanning can be used as the first step to improving the security posture of an organisation.

• We will also discuss and apply SSL and Cipher Suite Testing

Post penetrating testing and remediation

In order to eliminate the threats highlighted in the penetration report, we will discuss what firms should be doing in terms of remediation and the challenges they face. We will apply a solution framework to a case study and also discuss how this can be implemented.

Web Application Firewall (WAF)

A WAF is a device that acts like a more advanced and intelligent firewall that filters out the malformed data of malicious attacks to your environment, checks for valid input before forwarding on to your environment. Some of these attacks include;

• Distributed Denial of Service DDOS
• SQL Injection
• Cross-Site scripting
• After completing a vulnerability scan or a penetration test, you will receive a report that typically details vulnerabilities and threats discovered on your infrastructure, graded according to severity. These Vulnerability assessments by itself solves nothing, you need to act on its advice by implementing some sort of remediation plan to improve your business security before the cyber criminals get to them
• We will discuss how we can apply your vulnerability assessments

Day 2

• GDPR Readiness Review. This is the first step to achieving GDPR readiness for your organisation. The review helps board level management to identify how prepared an organisation is, and what they need to prioritise.
• Data Protection Impact Assessments (DPIA’s). Data protection impact assessments is a tool which can help organisations identify the most effective way to comply with their data protection obligations and meet individuals’ expectations of privacy. Many organisations will be mandated to conduct a DPIA and they may find it very useful to identify the risks associated to personal data they process and the effectiveness of the existing personal Information Management System (PIMS). An effective DPIA will allow organisations to identify and fix problems at an early stage, reducing the associated costs and damage to reputation, which might otherwise occur. The ICO has promoted the use of DPIA's as an integral part of taking a privacy by design approach. A DPIA can address more than one project.
• A minimum of the below information is contained in a DPIA;
  • A description of the processing operations and the purposes, including, where applicable, the legitimate interests pursued by the controller.
  • An assessment of the necessity and proportionality of the processing in relation to the purpose.
  • An assessment of the risks to individuals.
  • The measures in place to address risk, including security and to demonstrate that you comply.

• ISMS Gap Analysis.
• ISO 27001 Implementation and Audits. Discuss and implement your Information
• Security Management System (ISMS) aligned with ISO 27001 Standard
• IASME + GDPR Information Security Certification and Audits
• IT Infrastructure
• Virtualisation Solutions
• End User Computing
• Server Consolidations & Migrations
• Business Continuity and Disaster Recovery