A Security Operations Center (SOC) is the first line of defense against cyber attacks and plays a critical part of an organization’s threat containment strategy.
Despite best efforts and money spent, only 42% of organisations rate their SOCs as highly effective.
Staffing shortages, budget allocation, and inadequate analytics are among the challenges organisations face when implementing and operating a Security Operations Center.
SOC-as-a-Service has proved to be an invaluable solution to carry out critical security functions 24/7 year-round.
Attacks can hit at any time. Our SOC services are always on standby. We’re continuously monitoring, detecting, and remediating
The Cyber Resilience Review (CRR) is a no-cost, voluntary, interview-based assessment to evaluate an organization’s operational resilience and cybersecurity practices. Through the CRR, your organization will develop an understanding of its ability to manage cyber risk during normal operations and times of operational stress and crisis.
The CRR evaluates the maturity of your organization’s capacities and capabilities in performing, planning, managing, measuring, and defining cybersecurity capabilities across 10 domains:
- 1. Asset Management
- 2. Controls Management
- 3. Configuration and Change Management
- 4. Vulnerability Management
- 5. Incident Management
- 6. Service Continuity Management
- 7. Risk Management
- 8. External Dependency Management
- 9. Training and Awareness
- 10. Situational Awareness
The External Dependencies Management (EDM) assessment is a no-cost, voluntary, interview-based assessment to evaluate an organisation’s management of their dependencies. Through the EDM assessments, organisations can learn how to manage risks arising from external dependencies within the information and communication technology (ICT) supply chain. The ICT supply chain consists of outside parties that operate, provide, or support ICT.
The ICT supply chain consists of outside parties that operate, provide, or support information and communications technology. Common examples include externally provided web and date hosting, telecommunications services, and data centres, as well as any service that depends on the secure use of ICT. Through the EDM assessment, the stakeholder will be able to evaluate the maturity and capacity to manage risks related to its external dependencies across three areas:
- 1. Relationship Formation
- 2. Relationship Management and Governance
- 3. Service Protection and Sustainment
The Cyber Infrastructure Survey (CIS) is a low-cost survey service that evaluates the effectiveness of organizational security controls, cybersecurity preparedness, and overall resilience. CIS provides an assessment of the organization’s cybersecurity practices in place for a critical service.
The CIS focuses on a service-based-view versus a programmatic-view of cybersecurity. Critical services are assessed against more than 80 cybersecurity controls grouped under five top-level domains: cybersecurity management, cybersecurity forces, cybersecurity controls, cyber incident response, and cyber dependencies. Following the assessment, your organization is provided with a user-friendly dashboard for reviewing and interacting with the survey findings. Your organization can use the dashboard to compare its results against industry peers, review results in the context of specific cyber and physical threat scenarios, and dynamically adjust the importance of in-place practices to see the effects on overall cyber protection.
The Phishing Campaign Assessment (PCA) is a low-cost, security awareness training offered to our clients, as well as Critical Infrastructure and Private Sector Companies, that evaluates an organisation’s susceptibility and reaction to phishing emails. The results of a PCA are meant to provide guidance, measure effectiveness, and justify resources needed to defend against spear-phishing and increase user training and awareness.
A Risk and Vulnerability Assessment (RVA) is a low-cost offering that combines national threat and vulnerability information with data collected and discovered through onsite assessment activities to provide customers with actionable remediation recommendations prioritised by risk. Engagements are designed to determine whether and by what methods an adversary can defeat network security controls. Components of the assessment can include scenario-based network penetration testing, web application testing, social engineering testing, wireless testing, configuration reviews of servers and databases, and evaluation of an organizations detection and response capabilities.
Vulnerability Scanning (formerly known as Cyber Hygiene Scanning) of Internet-accessible systems for known vulnerabilities on a continual basis as a no-cost service. As potential issues are identified, DHS notifies impacted customers so they may proactively mitigate risks to their systems prior to exploitation. The service incentives modern security practices and enables participants to reduce their exposure to exploitable vulnerabilities, which decreases stakeholder risk while increasing the Nation’s overall resiliency.
The Validated Architecture Design Review (VADR) is a voluntary, no-cost assessment based on standards, guidelines, and best practices. The assessment encompasses architecture and design review, system configuration, log file review, and sophisticated analysis of network traffic to develop a detailed representation of the communications, flows, and relationships between devices and, most importantly, to identify anomalous (and potentially suspicious) communication flows.
- Message from our CEO
Atman Therios Donald Pong
- Master of Security Information
- Security Information Lecturer, HKU
- Influential Secutity Guru
Best-in-class cybersecurity solution for your business.
Entrusted by Leading Brands
