Cyber Security Advisory and Implementation

Cyber security advisory and implementation services

Cyber Security Strategy and Roadmaps

We believe in a risk-based approach to Cyber Security. An Organisation’s risk environment can be quite unique, depending on their Information assets, the nature of IT systems, their staff and culture and of course their risk appetite.

We have helped organisations through some or all the following

· Defining and establishing their objectives with respect to their Cyber Security posture.

· Reviewing their existing policies and procedures as well as their Governance and operational structures to helping define the gaps or areas of concern.

· Defining the systems and Management controls that would help address the gaps.

· Develop a roadmap to progressively implement the controls.

· Define Governance principles for overseeing the implementation of the strategy.

ISMS design and implementation

Centropy has a proven track record of developing practical and “fit for purpose” Information Security Management Systems (ISMS’) for various clients.

We have helped a large number of clients implement ISMS that are compliant with ISO 27001:2013 and ISO 27001:2022.

For clients that do not have a specific need to be compliant to a Global standard such as ISO 27k or PCI-DSS, we have assisted by leveraging our depth of expertise in designing ISMS’ that are practical and pragmatic for their strategic objectives.

Our ISMS development engagements typically involve:

Reviewing the client’s Information Security strategy and policies to define the scope of their ISMS or the reference framework.
Performing an ISMS gap analysis, threat and risk assessment
Support the development of the various Policies and procedures
Work with the internal stakeholders to implement the controls and operationalise the policies and procedures.
Support the selection of any systems / tools that might be beneficial to the the client’s ISMS implementation.
Provide ISMS training.
Perform an ISMS internal audit and conduct an initial management review to get the ball rolling.
Update the ISMS Threat & Risk Assessments, Risk Treatment Plans and Statement of Applicability where applicable to reflect the results of the internal audits and management review.

Vulnerability assessments and Penetration testing

We have typically been engaged to perform 3 types of vulnerability assessments and penetration testing services

Internal vulnerability assessments - Network Level

A network level internal vulnerability assessment is typically performed from within the client’s network to simulate an internal attack. This is the scenario that assumes that the first line of perimeter defence using firewalls and routers has been compromised.

Typically, these tests identify any residual weaknesses associated with the network, identifying any internal access points and insecure hosts or workstations, including security provided by network configuration. This provides an indication of whether the internal network is resilient to external hacker and insider attacks.

External Penetration Testing - Network Level

In general, the objective of an External Network Penetration Test is to analyse external firewalls, Internet routers, other networked systems and applications visible from the Internet at large.

While performing this test our aim is to ascertain security configurations to assess the level of susceptibility to Internet-initiated attacks. This is accomplished by performing a controlled and managed simulation of an actual attack/intrusion attempt against the network and security devices supporting the Internet provided business services.

The attack simulation tests the various infrastructure components against all possible attack scenarios, taking into consideration different levels of sophistication of potential hackers and the resources available to them, including AI tools.

Wireless Penetration Testing

Wireless networks are now the de facto solution in most work places. However, these comes with the potential for attack as they expand an Organisation’s logical perimeter.

From rogue access points to weak encryption algorithms, threats to wireless networks are various and the risks can be significant. Wi-Fi networks can provide opportunities for attackers to infiltrate an organisation’s secure environment – irrespective of security access controls.

Our Wireless Network Penetration Testing can help identify weaknesses in the client’s wireless infrastructure. Our testing will typically include, but not be limited to:

Identifying Wi-Fi networks, including wireless fingerprinting, information leakage and signal leakage;
Determining encryption weaknesses, such as encryption cracking, wireless sniffing and session hijacking;
Identifying opportunities to penetrate a network by using wireless or evading WLAN access control measures; and
Identifying legitimate users’ identities and credentials to access otherwise private networks and services.