CQR can test the functionality of your businesses systems to determine the security of your data and potential vulnerabilities. Our technical assurance specialists are highly trained and experienced, so our clients can be confident that we are performing the best testing possible, including certification in CREST, CISSP, PCI, CompTIA Security+, CCNA and MCP.
Cloud storage comes with associated risks, as the storage provider is ultimately in control of your organisation’s data. CQR can help you understand and mitigate those risks. We can work with you to develop expert solutions that effectively and securely manage your cloud infrastructure, ensuring your data remains secure. We can also help you choose the cloud provider that will best suit your security needs.
CQR Cloud Security services include:
- Conducting security testing of cloud based infrastructure
- Providing specialist expertise and experience in the area of cloud computer governance and controls
- Providing industry insight and benchmark information on cloud governance and management frameworks
When an organisation operates incorrectly configured or insecure devices it opens itself up to the distribution of malware. This can potentially cause severe disruption of services and critical business functions and result in lost revenue, data loss and downtime. So it is critical that all devices within your information technology infrastructure are securely configured.
CQR can help protect your organisation with a configuration review that compares your systems against industry standard benchmarks and hardening guides released and maintained by vendors including CIS, NIST, NSA and SANS. Our review will address multiple control areas to ensure your operating systems employ appropriate vulnerability management techniques that are hardened against attack.
Every organisation that handles credit card payments are required to operate in line with the current regulations set by the PCI Security Standards Council. Fines and other heavy penalties apply to those who are not compliant. CQR can conduct a full review of your organisation’s compliance to PCI DSS, rating your risks and closing any compliance gaps.
We are a Qualified Security Assessor (QSA) Company, which means we’ve been strictly assessed by the PCI Security Standards Council. So you can rest assured we have the expertise and highest standards to partner you in ensuring your cyber security and payment card transaction processing are compliant.
CQR Credit Card Security Services include:
- PCI Gap Analysis
- PCI onsite review
- PCI PA-DSS review
- PCI DSS ASV Scanning
- PCI DSS Remediation Services
- PCI Assisted Self Assessment
The Essential Eight is a prioritised extract of key cyber security strategies from the Australian Government’s Information Security Manual (ISM) that, as a collective, have been shown to significantly increase the difficulty that adversaries would face when attempting to compromise a network.
What it is:
- A controls-based model for implementing baseline technical controls that will significantly increase the security posture of a network
- Focused on mitigating the most prevalent technical threats facing Australian businesses today, such as targeted attacks (also known as advanced persistent threats), ransomware, and theft or destruction of information.
What it is not:
- A framework for managing cyber security within an organisation.
- A fool-proof method of protecting an organisation from all cyber security threats.
If your organisation has been compromised, CQR can help. We can investigate how a compromise has occurred and review your affected systems for evidence that can reveal the source of the compromise.
Our Forensic and Incident Response Team can identify and trace malicious activity within your network, whether perpetrated by staff or a malicious entity.
We can examine your digital media and systems with specialised software, creating an audit trail of activities that aims to preserve, recover and analyse your data first. When the clean-up of the attack requires restoration from a system backup, we first examine your backup to ensure no findings of the attack is evident. You’ll then be presented with our findings, opinions and identification of any activities that led to the incident.
Finally, you will receive a detailed report with expert recommendations on how to lower the likelihood of an attack reoccurring.
Incidents happen when you least expect them and many organisations are ill-prepared when they do occur. To maintain a sound level of security and protect your organisation’s information and information assets, you need a planned framework to manage and respond to security incidents. The lack of one could result in legal and financial implications.
CQR has vast knowledge and deep experience in developing incident management frameworks that will support your organisation when you need it most. Our incident management is based on a holistic approach that encompasses incident detection, assessment, response, post-incident review and process improvements.
Security incident management framework provides many benefits including:
- Enabling more cost-effective continuity and recovery of your services
- Improving operational resilience to unforeseen incidents
- Managing exposure to risks of business disruption
- Preserving your client/customer base
- Providing assurance to your business partners and stakeholders that you have thought about the potential for disruption and that you are ready to respond
- Reducing the costs of operating during an incident
- Reducing operational downtime (when you are prepared)
- Reducing revenue losses as a result of an incident
Cyber security is critical to every successful business practice, yet many organisations don’t have the resources and/or skills to achieve it.
At CQR, we can integrate one of our specialists into your organisation to provide the necessary skills that have been tailored for your specific needs. Our specialist will act as an ongoing partner or provide mentoring and support to your staff while you develop your own internal capabilities.
We have security specialists who will seamlessly integrate into your organisation at any decision-making level including:
- Information Security Specialist
- Information Security Officer
- Information Security Manager
All organisations use information technology systems in their day to day business and many are internet-connected. But with the prevalence of client-side attacks such as crypto-lockers and Trojan programs, there is serious risk of system compromise from internal and external threat actors.
At CQR we are experts in thinking and working like a real attacker, so we can identify vulnerabilities in your systems and recommend remediation activities. It means we can address any risks before a real incident can occur.
CQR services include, but are not limited to:
- Internal networks
- Externally available services
- Mobile devices and applications
- Physical site access
- Wireless networks
CQR follows a common methodology of discovery, enumeration, vulnerability mapping and exploitation to ensure complete and consistent results between engagements. Identified vulnerabilities are then manually verified and exploits are targeted to provide your organisation with a realistic understanding of the depth of your exposure.
The most effective firewall invented won’t protect your business from a rogue staff member. Using social engineering methodologies CQR can identify vulnerabilities within your business by assessing the awareness of staff and their potential to breach your network, obtain intellectual property and gain physical access to your site.
All scenarios are designed to align with your staff members’ daily roles and include email (phishing), phone (vishing), physical social engineering and Red Teaming. Once vulnerabilities are identified, CQR can help educate your staff to improve their awareness and vigilance, as well as meet compliance requirements.
The compromise or unavailability of your organisation’s SCADA can make it impossible to manage your critical functions, resulting in financial loss and regulatory action, widespread public service disruption, and potentially injury or death. In addition, many SCADA systems have a long lifecycle, so implemented security measures can be outdated.
CQR can conduct a SCADA security review that highlights risks to your SCADA environment including technical deployment and operational processes. Our review will help you manage risk over the lifetime of your SCADA system and will include a detailed technical examination of your operational system’s implementation and the supporting business processes that maintain them, including:
- System access
- Network interconnections
- Management processes
- Monitoring and reporting
- Disaster recovery planning
Secure development processes are critical in ensuring your organisation’s security, as not only can vulnerabilities in an application expose data to disclosure or modification, it can also provide a foothold to deeper attacks against your organisation.
CQR can help with individual applications and with the overall process improvement. Our highly skilled specialists ensure a secure development framework is created and that the correct processes and standards are in place to develop software security.
Our developer security awareness training provides your staff with the knowledge to recognise and avoid vulnerabilities in their code, while our code reviews provide independent assessments of a developed application to identify any issues that may have been introduced during development.
An investment in security upfront will mitigate risks and potentially save time and expense, and that’s where CQR can help. Our highly skilled specialists can conduct a Security Architecture Review that will examine the design of your proposed architecture, as well as the security controls that protect your IT environment.
We will review the available system architecture and design documentation, and if required we will conduct interviews with key staff to gain a solid understanding of your environment. Then we’ll present a detailed report with recommendations on improving architecture or other areas not adequately addressed. During our review we’ll work closely with all interested parties to ensure project goals and delivery targets are achieved.
Organisations rely heavily on information technology, because without it, their operations simply can’t function. But organisations can be faced with multiple risks that threaten the security and resiliency of their IT system. So, it’s critical to understand, acknowledge and document those risks to ensure the threat of downtime and lost revenue is minimised.
CQR can help with a IT Security Health Assessment that will detect areas in your IT department and information systems that present a risk to your business operations. Our assessment covers the major ISO 27001 domains including:
- Cyber security policies
- Asset management
- Physical and environmental security
- Business continuity management
CQR can also conduct a technical configuration assessment of a group of servers, desktops and infrastructure devices to give an overview of the state of the security controls within your network.
CQR Security Remediation services can help your organisation prioritise your remediation activities and address your most significant vulnerabilities first. We’ll develop a prioritised remediation plan, then help you manage or execute the plan to ensure the security review’s strategies are achieved.
While CQR will tailor your remediation services to your specific needs, they could include:
- Planning remediation activities
- On-site information security management
- Process remediation e.g. reviewing and updating policies, procedures and standards
Technical remediation e.g. deploying security updates or configuration changes
The Cyber Security Small Business Health Check provides grants for small businesses to access cyber security testing by providers accredited by the Council of Ethical Security Testers Australia New Zealand (CREST ANZ).
A certified small business health check will validate how well your business is protected against common cyber attacks by assessing your devices and business practices.
For more information and to contact CQR click here
The following guidelines cover the grant funding for the CREST ANZ component of the program: CREST Program Guidelines
CQR is proud to be part of the Australian Federal Government’s Cyber Security Small Business Program in association with CREST ANZ Ltd
EXTERNAL PENETRATION TEST
How vulnerable are you to a hacker?
CQR will conduct external penetration testing simulating an attack from an anonymous host on the internet, and assess the risks associated with any identified exposures.
The deliverable for this project includes a report that will comprise of:
- An executive summary of the key findings
- An evaluation of the internet-facing network security
- Recommendations to lower the risk for all detected exposures
- An action plan to assist in the implementation of the recommendations.
MATURITY LEVEL ASSESSMENT
What is the maturity of your cyber security practices?
Through interviews and questionnaires CQR will assess the maturity of your
cyber security practices. This will be measured against industry-best practices and
standards. CQR will recommend improvements to business processes and
IT operational procedures.
CYBER AWARENESS TRAINING
How aware are your staff of cyber threats?
Our BeSecuritySmartTM program delivers high quality, user-friendly training through
20 topic-specific animated videos, each less than 2.30 minutes in length, followed by
a short quiz.
Adaptable in-house training workshops are delivered to your business with its specific needs in mind.