Energy and UtilitiesEnergy companies and utilities face a growing threat from sophisticated attack by nation-state actors and issue-motivated groups. At the same time, regulators are demanding greater transparency and reporting on cybersecurity as a condition of operations. Often there is poor integration between IT Cybersecurity team and OT engineering, and convergence of technology is invalidating some of the traditional assumptions about control system safety from cyberattack.
Our Experience
Relevant expertise:
|
eCommerce and ePaymentsEcommerce and ePayments come under constant attack, because when breached the allow access to payment card data and personally identifiable information. There have been on the vanguard of defending against sophisticated cyber-criminal syndicates for over two decades.
Our Experience
• 20 years experience in ePayments control design • Management of large PCI-DSS compliance programmes • Experience in implementing payments terminals and switches, and complying with PCI SSC standards • Development of cryptographic management standards for a global payment processor • General eCommerce program and project management for large online retailers and community services organisation Relevant expertise:
• Program Management (Agile and MSP) • Project Management (Prince 2 and Agile) • ISO 27001 • PCI-DSS • PCI Secure coding / PA DSS • PCI and VISA PIN |
Banking and FinanceBanks and finance companies have regulatory requirements to implement effective cybersecurity controls. Regulators are increasingly looking to include cybersecurity with regular stress testing exercises. Criminals and internal bad actors continue to look for ways to exploit your controls, to steal money, commit fraud and steal customer information.
Our Experience
• Systems Threat and Risk Assessments • Technical Security Assessments (Pen testing) • Fraud risk assessments • Cybersecurity control audits • IT transformation program management in a T-Corp • Program management in a F500 transactional banking organisation Relevant expertise:
• ISO 27001 implementation • PCI-DSS • PCI Secure coding / PA DSS • PCI and VISA PIN • PPG 234 compliance • Assisting with ISAE 3402 audits |
TransportTransport has not traditionally considered itself a target for cyber-attack. As a result, its level of cyber preparedness has been low. This threat level is evolving, and it is now recognised that cyber-attack represents a real emerging threat to safety. As a result, regulators are requiring operators and manufacturers to lift their level of preparedness. This is not a simple exercise, as the infrastructure in transport systems often has long lifecycles and historically the focus has been to rely solely on electrical and electronic isolation.
Our Experience
• Lead authors of the Australian standards for Rail Cybersecurity • Communications systems engineering in a rail operator. • Security advisory for an airport operator • Security advisory for a rail operator Relevant expertise:
• ISO 27001 implementation • IEC 62443 implementation • Rail cybersecurity AS7770 • Cybersecurity program management |
Defence and GovernmentDefence and Government face the more sophisticated of cyber adversaries, and while they have a raft of mandatory security standards, these standards often do not reflect the emerging threats or the practical requirements of the constituencies they are serving. The challenge faced is how to meet compliance, and also manage a dynamic and evolving cyber defence posture, with the challenges of heavy compliance burdens. Over the past decade we have been able to help governments at all levels develop effective cybersecurity programs to manage their risk and compliance requirements, beyond the traditional ‘tick & flick’ models.
Our Experience
• Acting EL2 - Head of Enterprise Architecture & Cybersecurity within the Federal government • Program and project manager in state government departments • Large technical security assessment for state government agencies • Redesign of training curriculums for the Defence Force School of Signals • Development of an ISMS for a federal government agency • Cryptographic asset manager within Defence Relevant expertise:
• PSPF • ISM • ASD Essential 8 • ISO27001 • Defence Cryptographic Accounting • Defence Security Manual |
Health CareHealth service providers are a primary target for hackers and ransomware. This is due to the sector traditionally deprioritising investment in cybersecurity. As health transforms into eHealth, organisations need to significantly uplift their own and their supply chain’s cybersecurity capability. Health organisations and SaaS service providers hold large amounts of personal information, which criminals seek to sell on the dark web. Health providers also show a willingness to pay ransoms to unlock encrypted files, which has made them target de jure for criminals. Hospital networks now are becoming connected and digital – presenting many risks to patient safety.
Our Experience
Relevant expertise:
|
Feel free to contact us
⇣ Drag elements to your Custom Footer Container ⇣
⇣ Drag elements to your Bottom Footer Container ⇣