End-to-End Information Security

In our ever-changing environment, taking a pro-active approach around your Information Security is no longer optional.

With monetary and data threats and the risk of reputational damage and increasing loss of consumer trust, it is imperative to align your IT environment against industry technical control standards and raise security awareness within your organisation.

 

ES2 offers a full spectrum ‘End-to-End’ Advisory Services and First Line of Cyber Defence to help our customers protect themselves and suitably respond in the case of cyber-attacks. In the first 5 years of operation, over 150 businesses across Perth have chosen ES2 as their trusted security advisor, significantly reducing their cyber security threat.

 

We have carried out over 250 simulated cyber-attacks and penetration tests across high profile Financial, Resource, Utilities and Governments customers. Through targeted testing and educating your users with (customised) training campaigns, you can equip your staff with the knowledge to avoid scams that exploit the human element, such as (spear) phishing and social engineering.

 

With the ability to instantly monetise credit and debit card information, credit card fraud is high on the target list for cyber thieves. Our QSAs assist businesses with PCI DSS, securing the channels you use to solicit, store, process and transmit credit card information.

 

Is your Remote Access Secure? Are your privileged users well regulated? Are you securing applications and systems with a focus on critical assets and sensitive data?

ES2 assists businesses with effective strategies to mitigate Cyber Security Incidents by aligning their environment against ISO, ASD, CIS and NIST’s most effective technical control standards.

 

ES2 also offers Australia’s first Cyber Incident Response Services, available 24/7 via 1800 372 732.

 
arrow&v

Cyber Security - Outsourced Monitoring

Cyber Security - OT (SCADA) Review

Cyber Security - Code Review

Privacy Impact Assessment

Cloud Access Security Assessment

CISO as a Service

Penetration Testing - WiFi

Wireless networks pose the potential for access to your systems and networks from persons either within or external to your organisation that have not been authorised to connect. ES2 testers will work on site at your office locations to establish the potential for infiltration onto your networks via your Wi-Fi installation. Testers will search for, vulnerabilities, mis-configuration and for the potential of attacks originating externally to your office locations.

Penetration Testing - Web Application

Web Applications are the virtual shop window for your organisation and if not secure, that window is open to unauthorised access to exploit your organisation’s data and information. There are many vulnerabilities hidden within the code of web applications and their hosting server, which can be exploited by an attacker and this is why Web Applications are a major target for internet based attacks.

Social Engineering

Your people are your greatest asset and your weakest link. Human nature tells us all to be helpful and we want our staff to be helpful but we do not want to be helping potential attackers. Your helpful attitude of your staff can be a massive benefit to and organisation and often are the reason that customers come back for more. Your staff do need to be able to identify the difference though between a business request and an attack. Spear phishing is a frequently utilised social engineering technique in the current environment where users are deceived into believing that an attacker is actually a genuine customer or a threat.

Penetration Testing - Multi-Vector

ES2’s multi-vector penetration test is the most realistic penetration test that your organisation can undergo. Like a real attack ES2’s assessors will combine penetration testing expertise with social engineering techniques. In this test rather than enumerating all possible vulnerabilities, this test aims to achieve a level of penetration by using social engineering against susceptible persons, then using the information gained to aid the access of information through penetration testing techniques.

Penetration Testing - Mobile Application

Mobile Applications are the biggest area of growth in the IT enterprise, these applications are often made publicly available where anyone globally can download and install, taking your product and services directly to your client’s pockets. The use of mobile applications Web applications are both a benefit and a risk to organisations providing an additional vector that can be attacked at leisure.

Penetration Testing - Internal

Your internal networks and systems may seem to be well protected and safe but in reality are susceptible to attack from coerced or malicious staff members as well as from contractors and consultants with access to the environment. The majority of attacks and security breaches involve an internal component whether intentional or coerced through social engineering techniques. There are many possible vulnerabilities and potential mis-configurations that can aid an attack from an internal perspective.

Penetration Testing - External

Your Internet facing technologies are visible to all Internet users globally and if not tested could be providing valuable information to competitors or attackers. Your externally facing technologies are the outside defences for your organisation and need to be given the same degree of protection that you apply to the front door to your business.

PCI - DSS QSA Services

The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary Information Security standard designed to protect credit card data. It sets out the rules and requirements for people, process and technology involved in processing credit card information. All Merchants, Service Providers and Card Issuers that handle credit card information are required to comply with PCI DSS. Those processing 20,000 transactions per year are required to assess their compliance against PCI DSS yearly and submit a statement of compliance to their issuing bank. ES2 is certified by the PCI Security Standards Council as a PCI DSS Qualified Security Assessor company. We have three certified Qualified Security Assessors (QSA) on staff and have assisted dozens of Australian clients with their compliance efforts.

Cyber Security - Review

Information Security is a key consideration for any business with information assets, either owned by or entrusted to the business. The best way to identify security issues is through regular independent security reviews. Many regulatory and compliance standards now mandate routine reviews and/or audits and having the right security controls in place can vastly reduce your risk of data loss and business disruption from malicious or accidental security events. Demonstrating that your IT infrastructure and applications are secure assures your staff, customers and business partners that their information is safe in your care. A Security Review will ensure that you have total visibility of the risks posed by or through your IT environment, help you to prioritise work in areas of weakness, assist in the improvement of your company’s security posture and your management of information security.

Cyber Security - Policy

ES2 has considerable experience in the development of policy and other security governance documentation to ensure that organisations have an appropriate and effective level of control over the application of security. From federal government to the heights of corporate operations to niche organisations, ES2 have designed and developed appropriate and business enabling governance frameworks and Information Security Management Systems (ISMS). ES2 has developed the ‘Security Policy as a Service’ to maximise our combined experience to empower your business to develop professional and effective governance of information security.

Cyber Security - Incident Response Plan

In today’s world, an organisation’s systems regularly face threats from multiple sources including malicious hackers, organized crime, and issue-motivated groups. Unfortunately, despite the best efforts to prevent malicious activity, the malicious parties are often successful in gaining access to the organisation’s systems. When your organization suffers a security incident, it is critical to have access to timely, standards based, forensically sound incident response methods to acquire and investigate all related digital evidence. Expert examination of this evidence is vital to drawing appropriate, objective conclusions and taking appropriate and timely actions. ES2 can help you with all aspects of incident handling from planning and policy to development to onsite incident investigation and management.

Cyber Security - Incident Response Services

Cyber Security Incidents can happen at any time, 24/7. In fact, they are often more likely to occur outside of normal working hours when an effective response is the hardest to achieve. However, a rapid response when you have been compromised is critical to minimise the impact of the incident.

Information Value Assessment

An Information Value Assessment establishes an accurate view of your organisation’s information; any governance, processes and controls in-­place; business processes and associated access control for sensitive information; and the qualitative value of risk associated with loss, disclosure or theft of critical information. An Information Value Assessment is particularly useful before attempting any widescale information governance initiative. Information classification, data loss prevention, RTO/RPO and DR are all activities that would benefit from information analysis before starting.

Cyber Security - NIST Review

Information Security is a key consideration for any business with information assets, either owned by or entrusted to the business. The best way to identify security issues is through regular independent security reviews. Many regulatory and compliance standards now mandate routine reviews and/or audits and having the right security controls in place can vastly reduce your risk of data loss and business disruption from malicious or accidental security events.