ACSC Essential Eight

 

The Essential Eight developed by the Australian Cyber Security Centre (ACSC) are strategies designed to help organisations protect themselves against various cyber threats. While the Essential Eight may be applied to cloud services and enterprise mobility, or other operating systems, it is highly recommended to employ alternative mitigation strategies in conjunction to mitigate unique cyber threats to these environments.

At AusConnexion we provide guidance on the 8 strategies and help organisations implement and achieve the varied maturity levels.

ISO 27001 CONSULTING

With the increasing cyber attacks in today’s world, companies are becoming more and more conscious about securing their sensitive data and information and strengthening their security systems. An information security standard is therefore becoming an utmost necessity.

By implementing an information security management system, companies can protect their businesses at all times from security threats and vulnerabilities. This can thereby assure that the company’s security systems meet the information security standards.

AusConnexion takes pride in providing ISO 27001 consulting services to help companies and organisations establish an effective information security management system at a cost-effective budget.

Our expertise team will work with the client company throughout the entire certification process along with providing ongoing support and security services. They not only implement a well functioning information security management system but are keen on implementing a well-established risk assessment methodology which means that the company’s security systems are in place at all times thereby protecting sensitive data and information at all times.

An AusConnexion ISO27001 consulting services includes the following:

  • Risk assessment
  • Information security management system
  • PSP support (Policy, standards and procedures)
  • Internal audit to see if all the controls adhere to the requirements of an ISO27001
  • Security Metrics
  • Road map definition
  • Risk management
  • Operations and communications security
  • Incident management
  • Business continuity management
  • External and internal security management
  • Access controls and entry point regulation
  • Security building into applications
  • Physical and environmental security
  • System acquisition, development and maintenance
  • Human resources security
PCIDSS Compliance

PCI DSS was established to protect cardholder data to ensure that all companies that process, store or transmit credit card information maintain a secure environment. PCI DSS is applicable for all the below and entities who store, process and transmit cardholder data:

  • Merchants
  • Issuers
  • Service providers
  • Acquirers

PCI compliance is a continuous process.

AusConnexion will help your organisation to identify the gaps and then embark on a journey to get compliant towards PCI DSS standard based on a continuous process:

  • Assess: Identifying cardholder data, taking an inventory of IT assets and business processes for payment card processing, and analysing them for vulnerabilities.
  • Remediate: Fixing vulnerabilities and eliminating the storage of cardholder data unless absolutely necessary.
  • Report: Compiling and submitting required reports to the appropriate acquiring bank and card brands. 
3rd party vendor assessments

With reliance on 3rd parties growing for strategic advantage and business value, comes the challenge to meet regulatory requirements and protection of data. Organisations going down that path need to reconsider how they approach, identify, and manage their 3rd party risk.

As organisations grow in size and complexity, the ability to manage third-party relationships becomes ever more critical to success. Organisations that struggle to expand their third-party ecosystem, for fear of the risks it can create, will be disrupted by organisations who can confidently identify and manage risk.

AusConnexion can help your organisation mitigate digital risks by establishing a 3rd party security risk management process culminating in the assessment of the 3rd party to determine the overall suitability of a third-party for a given task and increasingly whether they can keep the information secure.

AusConnexion would focus on key areas like Information security and privacy, Physical and data centre security, Web application security and Infrastructure security

SECURITY ARCHITECTURE AND DESIGN REVIEW

A deep dive analysis from a security perspective to assess the architecture and design of the software applications in the IT systems.

AusConnexion will help your organisation evaluate the security of the web applications and also understand and implement the architecture and design of the applications for better and secure performances of the applications. This will help in identifying the weaknesses earlier so that these weaknesses converting into high-risk vulnerability can be avoided. It will also help your organisation to understand the importance of the appropriate architecture and design of the applications in the IT systems.

After conducting the extensive review of the architecture and design, the identified architectural threats are summarised; thereby helping in the remediation that can be applied in order to sort the problems. The critical aspects that will be approached include input validation, sensitive data, configuration management and exception management, auditing and logging, authorisation and authentication etc.