Whether you are a small organisation or a large enterprise, new cybersecurity vulnerabilities are being discovered and created every day and it is imperative to find them before someone else does. Agilient’s cybersecurity consultants understand these threats and know that carrying out vulnerability scanning is one of the cornerstone elements to defending your business or organisation against the ever-increasing likelihood of data breaches. From penetration testing to network security and IT governance, Agilient is one of the leading security consultancies in the country, blending strategy and technology to address the most complex, high-priority cyber challenges. We will work with clients to understand, prioritise and manage your cybersecurity needs, addressing the issues of today, as well as preparing you for the challenges of tomorrow.
Cybersecurity Risk & Compliance Management
Agilient’s cybersecurity risk management service model is based on an innovative blend of recognised industry standards, including ISO31000 – Risk Management, Handbook 167:2006 – Security Risk Management, and ISO27005 – Information Security Risk management. Underpinning threat reporting and control-sets are also derived from leading government and industry authorities.
We augment this approach with the most powerful tools available to identify hidden network vulnerabilities and are allied with leading solution providers to deliver the assurance that every CIO/ CISO dreams of.
We also offer an innovative and flexible ‘opt-in’ model, which means that you have complete control over how you engage us. Select a discrete element, or discrete elements, of our comprehensive risk management process, or engage us to deliver a completely customised cybersecurity risk service.
Cybersecurity Risk Management
Our cyber risk management model illustrates our process and is underpinned by methodologies and requirements detailed below:
- ISO 31000 (risk management) and 27000 Series (inclusive of information security and security risk management techniques)
- The Australian Signals Directorate’s Information Security Manual (ISM) and top mitigation control recommendations
- The U.S. Commerce Department’s National Institute of Standards and Technology (NIST) Cyber Security Framework
- The Commonwealth Protective Security Policy Framework and Standards Australia’s Handbook 167:2006 – Security risk management
Our Offering
Click on the plus (+) symbol on each of the sections below to get an overview of our offerings related to cybersecurity.
1. Threat Assessment & Monitoring
- Australian Cyber Security Centre Threat Reporting.
- ASIO Business Liaison Unit Threat Reporting.
- US Dept. of Homeland Security Reporting.
- SANS Institute Threat Reports.
- US Center for Internet Security.
2. Risk Controls Assessment
Using the latest datasets, templates and dashboards, this stage involves Agilient undertaking a rigorous review of current cyber-security procedures to determine their level of inherent maturity, alignment with industry best practices or compliance with internal, regulatory or industry published standards.
3. Penetration and Vulnerability Assessment
Depending on client needs, Agilient’s vulnerability assessments process utilises a tailored combination of best of breed vulnerability tools and scanners to map deficiencies, such as:
- Nmap.
- Nessus.
- SAINT.
- OpenVAS.
- INFRA Scan.
Our penetration testing reports provide practical and real-time guidance on how to address specific vulnerabilities in your cyber-security systems and operating environment.
4. Security Risk Assessment
The SRA a critical step in the development of a Security Risk Treatment Plan, and provides the basis from which to continually review and improve your security risk profile and exposure.
Our approach to SRAs has been lauded over many engagements, and our pragmatic advice reflects recommendations that are clearly understood, realistic and cost-beneficial.
5. Security Risk Treatment Plan
Development of an effective Security Risk Treatment Plan (SRTP) really is the key objective of all preceding stages – it’s where the current period of discovery ends and the minimisation of risks begins.
SRTPs are written in consultation with each client to assure their ability to implement each to achieve the best possible outcomes.
6. Security & Support Options
- Fully outsourced treatment implementation.
- Closely supported treatment implementation.
- On-demand services.
Each expert consultant holds a minimum of 15 years of experience in cyber-security and is intimately aware of the threat landscape, regulatory requirements and associated compliance processes.