Advisory Services

Our security advisers can provide access on-site to scarce skills and resources. They’ll help you develop more robust strategies to manage and mitigate cybersecurity risks and protect your organization and its data assets.

We PROVIDE:

  • Information Security Management Systems (ISMS)
  • IT Risk Management
  • Compliance Management
  • Security Monitoring
  • Data Loss Protection
  • Network Protection
  • Incident Response
  • Digital Forensics

WHY do I need Advisory Services?

Our Advisory Services have much in common with our Managed Cybersecurity Services: they provide access to scarce skills and resources and can be a cost-effective alternative to hiring new, specialist staff.

Our experts work in co-operation with risk and security teams to identify problems, design and implement solutions to protect data and systems, detect adverse ‘cyber events’ and ensure effective response and recovery.

Consultants with decades of experience, they’ll help you and your employees manage the challenges of increasingly complex technologies and increasingly complex security systems – and develop cyber resilience.

WHAT Advisory Services does Cognosec offer?

We can help with all aspects of IT security – from the development of effective management systems to ‘forensic’ investigation of information security breaches.

More specifically, we advise on:

  • Information Security Management Systems (ISMS)
  • IT Risk Management
  • Compliance Management
  • Security Monitoring
  • Data Loss Prevention
  • Network Protection
  • Incident Response
  • Digital Forensics

Unlike our Managed Cybersecurity Services, which include forms of outsourcing, our Advisory Services are mostly provided onsite.

Brief descriptions of each one of our services follow.

Information Security Management Systems (ISMS) Advisory

WHAT is it?

ISMS Advisory services help you develop a coherent set of policies, processes and systems to manage risks to information assets and improve IT governance.

They allow you to see your organization through the lens of an objective third party – and therefore to compensate for ‘blind spots’ and weaknesses in procedures and systems.

WHY do I need an ISMS Advisory service?

Effective IT risk management depends on effective Information Security Management Systems.

Our advisers look at an organization across the three core dimensions of technologies, processes and people.

They ensure there are robust systems to:

  • Identify critical infrastructure and data.
  • Keep track of IT security solutions and investments.
  • Monitor changes that might render current solutions obsolete or inadequate.
  • Report, escalate and record adverse cyber events.
  • Monitor staff training needs, and document relevant training programmes.

They’ll take a step back, see the ‘big picture’ of the organization – and help ensure you have the right information systems for information security.

WHEN do I need it?

The answer will vary by organization. Generally, the more under-developed the current systems, the greater the need for third-party intervention.

In any organization, however, ISMS need continuous monitoring and fine-tuning as technologies and the risk landscape change.

IT Risk Management

WHAT is it?

IT Risk Management is the practice of identifying risks to your systems and data assets and implementing measures and policies to reduce them to an acceptable level. Integral to ‘internal control’, it is the cornerstone of good IT governance.

WHY do I need an IT Risk Management Advisory service?

A third party can help you:

  • Identify risks – and rank them according to their likelihood and potential impact.
  • Define your risk appetite – and acceptable levels of risk.
  • Prioritize security projects and new investments in security technologies.
  • Begin the remediation process and implement controls.

Our extensive experience in a wide variety of organizations means we’ve been able to develop proven methodologies for risk assessment and mitigation.

WHEN do I need it?

IT risks assessments will need to be carried out annually to comply with the requirements of regulators. This, however, is the base position. In more progressive organizations, ‘real-time’ assessments, using technology that reveals the current level of risk at the push of a button, are becoming common.

Compliance Management

WHAT is it?

Compliance Management ensures that you continue to meet the requirements of IT and data-security regulations.

WHY do I need a Compliance-Management Advisory service?

The costs of non-compliance can include fines and, in extreme cases, prison sentences, and serious reputational damage. Third-party advisers can help you keep track of changing regulatory and legal requirements – and reduce the risks of expensive compliance failures.

Through gap analyses, our security experts can pinpoint areas where you might be falling short of expected standards – and recommend fixes and solutions.

They can also provide electronic governance, risk and compliance (GRC) toolsets that enable you to identify your compliance level quickly – and so accelerate the auditing process.

WHEN do I need it?

In theory, compliance management takes place once a year, in line with the annual audit. In practice, however, it needs to be a continual process. ‘Gaps’ can appear and widen as technologies and regulations change.

Security Monitoring

WHAT is it?

Security Monitoring uses security incident and event management (SIEM) tools to collect logs from systems, databases and multiple devices, correlate events and create incident reports.

WHY do I need a Security-Monitoring Advisory service?

Due to the ongoing implementation of new legislation and the vast deployment of networked servers, workstations and other devices over the past decade, the sheer amount of logging information has become phenomenal. The transfer, storage, analysis and elimination of security logs can be extremely complex and, sometimes, unmanageable for organizations.

Our advisers and security experts simplify the process: they support the design, implementation and customization of log management systems to ensure that objectives are achieved with minimal impact on performance.

We can help fine-tune security monitoring and configure it in ways that provide the most useful information – in the most useful ways.

WHEN do I need it?

Security monitoring needs to be expertly designed – and then checked and updated regularly.

Annual reviews by third-party advisers can provide the assurance that the ‘system’ is functioning effectively.

Data Loss Prevention

WHAT is it?

Data Loss Prevention (DLP) strategies ensure that sensitive data is not lost, misused, or accessed by unauthorized persons. Software tools are used to classify and protect confidential and critical information to prevent data being shared (by accident or by design) in ways that could put the organization at risk.

WHY do I need a DLP Advisory service?

High-profile cases of data theft, and the introduction of more stringent data protection laws such as the EU’s GDPR (General Data Protection Regulation), mean data-loss prevention has become an urgent priority for organizations.

We can carry out an assessment of the IT-infrastructure handling the data and ensure that the protection of confidential and sensitive information is properly managed. We offer complete design, implementation, and customization support for access-rights management systems and data-leakage prevention solutions.

Importantly, our solutions go beyond perimeter defence to protect information as closely and tightly as possible – at endpoints, server levels and database levels.

WHEN do I need it?

Advice on data-leakage and data-loss prevention will be required regularly – and particularly when regulations change or new threats emerge.

Network Protection

WHAT is it?

Network security has been important to organizations for the past 30 or more years. It separates your internal network from the Internet by using firewalls and properly configured routers and switches, and ensures only legitimate traffic passes through the perimeter ‘fence’.

WHY do I need a Network Protection Advisory service?

As networks become more complex, so does the task of limiting access to them. We can help you choose the right security technologies – and use them in the right ways.

WHEN do I need it?

Network security should be an integral part of day-to-day operations. However, it needs to be regularly reviewed – to ensure it continues to be effective and remains at a level that matches your risk profile.

Incident Response

WHAT is it?

Incident Response ensures that the right things are done at the right time if things go wrong. The goal is to handle the situation in a way that limits damage and reduces recovery time and costs.

An incident-response plan includes a policy that defines, in specific terms, what constitutes an ‘incident’ and provides a step-by-step process for follow-up.

WHY do I need an Incident-Response Advisory service?

When an incident occurs there isn’t always the time to ‘think on your feet’: you need to refer to established protocols and procedures. An advisory service ‘buys’ you the practical experience of people who’ve ‘been there before’ and know how to limit the damage. It provides pre-defined guidelines that help you respond calmly and effectively with a systematic and organized approach.

Our advisers will prepare you for adverse events through tried-and-tested procedures. Our Incident Response solution will also help establish new defences, protecting your systems and data from future attacks.

WHEN do I need it?

Like fire-safety policies, incident response plans need to be formally established – so they can be implemented when needed.

Unlike fire-safety policies, however, they will need to be reviewed very regularly – so they continue to reflect the ‘dynamic landscape’ of IT risks.

Digital Forensics

WHAT is it?

The IT-insight and research specialist Gartner Group defines digital forensics as “the use of specialized, investigative techniques and technologies to determine whether illegal or otherwise inappropriate events have occurred on computer systems, and provide legally defensible information about the sequence of those events.”

We’d add to that that it also allows organizations to learn from past experience and past security failures – by gathering and ‘securing’ evidence that can be assimilated and analyzed internally. It’s part, in other words, of a long-term defence strategy against cyber attacks.

WHY do I need it?

As indicated above, digital forensics can help your organization in three important ways:

  • Providing evidence if you decide to press charges against attackers.
  • Proving that all required controls were in place and that there was no negligence on your part.
  • Helping prevent similar problems occurring in the future.

We provide tools and processes that secure the necessary ‘intelligence’ and prove that it hasn’t been tampered with – so you can admit evidence in court and learn from it internally.

WHEN do I need it?

The services of a digital forensics team are a bit like the services of an insurance company: you never know when you might need them. Consequently, they need to be available to you before an incident occurs.

WHY Cognosec?

Seven good reasons…

  1. We are focused on value not volume – and on building long-term relationships with our clients.
  1. Certified to ISO 27001, the international standard for ISMS, we have first-hand experience of robust systems for risk management, and we practise what we preach. We work on the principle that you should never recommend something you wouldn’t be happy with yourself.
  1. Our forensics teams have carried out several investigations into cyber crime cases and know the information required for court cases.
  1. Never complacent, we monitor our own monitoring, regularly reviewing systems and tools for their effectiveness and ‘currency’.
  1. We have ‘secured the environments’ of a wide range of organizations – and are able to balance IT and data-security priorities with your organization’s practical, day-to-day needs.
  1. We are a NASDAQ-listed, agile EMEA company, capable of responding quickly to rapid changes in the risk landscape.
  1. More than all this… We take a ‘bespoke’ approach, tailoring our services to help our clients make the right decisions and the right investments. Our experts have experience as both providers and clients – they understand what it’s like to be on the customer’s side of the fence, and the need to balance (often competing) spending priorities.

5 – Recover

Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event.

Products

Active Response

Bolster your defenses beyond foundational endpoint protection with endpoint threat detection and response.

Intel Security

Intel Security

Description

Designed to monitor, control and alert when endpoints are compromised.

An endpoint detection and response tool for advanced threats.

Bolster your defenses beyond foundational endpoint protection with endpoint threat detection and response. McAfee Active Response is a leading innovation in finding and responding to advanced threats. As a key part of an integrated security architecture, it offers continuous visibility and powerful insights into your endpoints, so you can identify breaches faster and gain more control over the threat defense lifecycle. McAfee Active Response gives you the tools you need to correct security issues faster in the way that makes the most sense for your business. Key features include:

Collectors: Find and visualize data from systems.

Triggers and persistent collectors: Continuously monitor critical events or state change with one set of instructions.

Reactions: Get pre-configured and customizable actions when triggered, so you can target and eliminate threats.

Centralized management with McAfee ePolicy Orchestrator: Use a single console for comprehensive security management and automation.

Specification

Supported client operating systems

  • CentOS 6.5, 32-bit
  • RedHat 6.5, 32-bit
  • Microsoft Windows
    • Windows 8.0, Base, 32-bit, and 64-bit
    • Windows 8.1, Base, U1; 32-bit and 64-bit
    • Windows 2012, Server Base, R2; U1; 64-bit
    • Windows 2008 R2 Enterprise, SP1, 64-bit
    • Windows 2008 R2 Standard, SP1, 64-bit
    • Windows 7 Enterprise, up to SP1; 32-bit and 64-bit
    • Windows 7 Professional, up to SP1; 32-bit and 64-bit

 

Links

Data Sheet
Solution Brief
Product Guide
ExpertCenter

Download as PDF

Services

Forensics

Cognosec can assist you with your digital forensics investigations. This is the application of science to the identification, collection, examination, and analysis of data while preserving the integrity of the information and maintaining a strict chain of custody for the data.

Cognosec Services

Cognosec Services

Features

The process for performing digital forensics comprises the following basic phases: Collection: identifying, labeling, recording, and acquiring data from the possible sources of relevant data, while following procedures that preserve the integrity of the data. Examination: forensically processing collected data using a combination of automated and manual methods, and assessing and extracting data of particular interest, while preserving the integrity of the data. Analysis: analyzing the results of the examination, using legally justifiable methods and techniques, to derive useful information that addresses the questions that were the impetus for performing the collection and examination. Reporting: reporting the results of the analysis, which may include describing the actions used, explaining how tools and procedures were selected, determining what other actions need to be performed (e.g., forensic examination of additional data sources, securing identified vulnerabilities, improving existing security controls), and providing recommendations for improvement to policies, procedures, tools, and other aspects of the forensic process.

Description

Over the last decade, the number of crimes that involve computers has grown, spurring an increase in companies and products that aim to assist law enforcement in using computer-based evidence to determine the who, what, where, when, and how for crimes. As a result, computer and network forensics has evolved to assure proper presentation of computer crime evidentiary data into court. Forensic tools and techniques are most often thought of in the context of criminal investigations and computer security incident handlingóused to respond to an event by investigating suspect systems, gathering and preserving evidence, reconstructing events, and assessing the current state of an event. Cognosec can assist you with your digital forensics investigations. This is the application of science to the identification, collection, examination, and analysis of data while preserving the integrity of the information and maintaining a strict chain of custody for the data.

Specification

During a forensic investigation Cognosec will identifyi potential data source and acquire the data from the sources. Data acquisition will be performed using a three-step process:

  1. developing a plan to acquire the data
  2. acquiring the data
  3. verifying the integrity of the acquired data

After data has been collected, the next phase is to examine the data, which involves assessing and extracting the relevant pieces of information from the collected data. This phase may also involve bypassing or mitigating OS or application features that obscure data and code, such as data compression, encryption, and access control mechanisms. Once the relevant information has been extracted, Cognosec will study and analyze the data to draw conclusions from it and then prepare and present the information resulting from the analysis phase.

Download as PDF

Incident Response  

Cognosec’s Incident Response solution is an organized approach for responding to the an incident appropriately and managing the aftermath of the security breach.

Cognosec Services

Cognosec Services

Features

Cognosec can assist you with the following steps:

  1. Creating an incident response policy and plan
  2. Developing procedures for performing incident handling and reporting
  3. Setting guidelines for communicating with outside parties regarding incidents
  4. Establishing relationships and lines of communication between the incident response team and other groups, both internal (e.g., legal department) and external (e.g., law enforcement agencies)
  5. Determining what services the incident response team should provide
  6. Training the incident response team

Description

Combating malicious software and events in your environment isn’t just a matter of implementing the right technological solutions. Effectively combating malicious activities is a solution that combines people, processes, and technology.

Cognosec’s Incident Response solution is an organized approach for responding to the an incident appropriately and managing the aftermath of the security breach. Cognosec’s Incident Response solution will also help establish new defenses, protecting your systems and data from future attacks

Specification

According to the SANS Institute, there are six steps to handling an incident most effectively:

Preparation: The organization educates users and IT staff of the importance of updated security measures and trains them to respond to computer and network security incidents quickly and correctly.

Identification: The response team is activated to decide whether a particular event is, in fact, a security incident. The team may contact the CERT Coordination Center, which tracks Internet security activity and has the most current information on viruses and worms.

Containment: The team determines how far the problem has spread and contains the problem by disconnecting all affected systems and devices to prevent further damage.

Eradication: The team investigates to discover the origin of the incident. The root cause of the problem and all traces of malicious code are removed.

Recovery: Data and software are restored from clean backup files, ensuring that no vulnerabilities remain. Systems are monitored for any sign of weakness or recurrence.

Lessons learned: The team analyzes the incident and how it was handled, making recommendations for better future response and for preventing a recurrence.

Download as PDF

Compliance Management     

In general, compliance means conforming to a rule, such as a specification, policy, standard or law. Regulatory compliance describes the goal that organisations aspire to achieve in their efforts to ensure that they are aware of and take steps to comply with relevant laws and regulations.

Cognosec Services

Cognosec Services

Features

In general, compliance means conforming to a rule, such as a specification, policy, standard or law. Regulatory compliance describes the goal that organisations aspire to achieve in their efforts to ensure that they are aware of and take steps to comply with relevant laws and regulations. Due to the increasing number of regulations and need for operational transparency, organizations are increasingly adopting the use of consolidated and harmonized sets of compliance controls] This approach is used to ensure that all necessary governance requirements can be met without the unnecessary duplication of effort and activity from resources

Description

Cognosec’s extensive experience and expertise in the Governance, Risk, and Compliance (GRC) sector has proven invaluable to countless organizations expecting to meet internal and external requirements in preparation for receiving certification. Cognosec’s independent and objective assessment on the policies and processes fulfills four major roles:

  • Prepares you for the challenging process of certification.
  • Avoids the potentially severe financial loss you may suffer for being incompliant with external regulations
  • Prioritizes the corrective measures in order of maximum efficiency and effectiveness to your business processes.
  • Ensures your regulators, customers, and shareholders that proper due diligence measures have been taken.

Our specialists will work side by side with the compliance, security, and risk officer in the design and improvement of company frameworks, guidelines, and processes.

Download as PDF

ISMS Advisory

Cognosec will provide you with an independent and holistic evaluation of your organization’s tasks and activities used for planning, implementing, controlling, and monitoring organizational information security activities.

Cognosec Services

Cognosec Services

Features

As with all management processes, an ISMS must remain effective and efficient in the long term, adapting to changes in the internal organization and external environment. The Plan phase is about designing the ISMS, assessing information security risks and selecting appropriate controls. The Do phase involves implementing and operating the controls. The Check phase objective is to review and evaluate the performance (efficiency and effectiveness) of the ISMS. In the Act phase, changes are made where necessary to bring the ISMS back to peak performance

Description

No matter how big or small an organization is, having a well-established Information Security Management System (ISMS) is necessary. Data and information systems need to be kept secure, therefore every facet of your system needs to be taken into consideration. You are only as strong as your weakest link after all. Cognosec will provide you with an independent and holistic evaluation of your organization’s tasks and activities used for planning, implementing, controlling, and monitoring organizational information security activities. Security frameworks can be designed and tailored to your requirements. Cognosec covers everything you need throughout the establishment, development, and maintenance of your new ISMS including the implementation of state-of-the-art GRC solutions, enabling you to automatically map your organization’s business policy framework to industry best-practice frameworks.

Specification

The development of an ISMS framework based on ISO/IEC 27001:2005 entails the following six steps:

  1. Definition of security policy
  2. Definition of ISMS scope
  3. Risk assessment (as part of risk management)
  4. Risk management
  5. Selection of appropriate controls
  6. Statement of applicability
Download as PDF

Penetration Testing

The overall objective of penetration testing is to provide an independent and reliable view of the security of the internet-facing infrastructure of an IT environment.

Cognosec Services

Cognosec Services

Features

Penetration testing is recommended annually, and in the event of major changes to your infrastructure. It is essential for companies holding intellectual property, information linked to personal identities, or financial information such as credit card data – and is often mandated by regulators. Penetration testing will help:

  • Prevent severe financial losses that could arise due to unreliable infrastructure or fraud
  • Provide the necessary proof of due diligence for regulators, customers, and shareholders
  • Protect the brand from the dreadful loss of reputation

Description

Penetration testing is a crucial element in securing your IT systems. Our team of experts can simulate an attack on multiple levels to determine whether sensitive data is at risk. The overall objective of penetration testing is to provide an independent and reliable view of the security of the internet-facing infrastructure of an IT environment. The assessment identifies weaknesses and vulnerabilities and quantifies the severity thereof – providing the information needed to address and control the threats.

Specifications

Penetration testing is a ‘mock’ or staged attack to identify vulnerabilities in information systems. Our testers, ‘white hat hackers’, put themselves in the position of someone determined to gain access to resources without knowledge of usernames, passwords and other normal means. Like a hacker or cyber criminal, they try every trick in the book, every possible plan of attack. They find the ways applications could be modified, and confidential information such as price lists or customer databases stolen or subverted. They then provide a report – explaining how they ‘broke in’ and how an organisation can avoid it happening ‘for real’.

Download as PDF