As our lives and businesses are increasingly connected through cyberspace, protecting our ‘information’ is an imperative priority. The data that a business holds in its IT systems, whether customer records, financial details, pricing and product information or intellectual property, are essential to the running of the business. The consequences if this data is stolen, leaked or tampered with can be disastrous.
The majority of companies that fall victim to cybercrime or other malicious activity have not been specifically targeted but are discovered by opportunistic hackers that use freely available tools to take advantage of common weaknesses (vulnerabilities) in the security of the victim’s IT systems;many of these types of attacks can be prevented by applying some simple ‘cyber hygiene’ measures such as those outlined in the Cyber Essentials scheme.
A challenge that many organisations face is knowing where to focus energy, how to keep up with the constantly changing threat landscape and how to be prepared to respond to a cyber incident. This is where an information security management system (ISMS) such as IASME comes in to its own.
At Black Spider Consulting we offer advice and assistance in defending against and managing the impact of cyber-attack.
Our services include:
Our vulnerability assessment service can be carried out as a one-off activity or on a regular basis. We use a combination of automated tools and manual activity to assess where vulnerabilities exist and to rate their ease of exploitation.
Security Architecture Consultancy
An organisation’s security architecture should allow them to meet their business objectives within an operating environment that does not expose them to unacceptable levels of risk. Our Security Architecture services can assist in the selection of frameworks, creation of policies and design and selection of security controls.
Security Information and Event Management (SIEM) Services
Knowing when a cyber-attack or security incident is in progress is key to limiting the impact that it has on the organisation. Indicators that an attack is underway or is imminent are hidden within the log files that your IT systems create; SIEM systems provide a mechanism to intelligently inspect logs and detect when there is unusual or malicious activity.
Our SIEM services range from determining what should be logged, the selection of SIEM technology and design of the solution architecture, through to definition of rules, reports and use cases. Where an organisation already has an SIEM solution in place our optimisation services will allow the business to get more value out of their investment.