Capability Assessment & CERT Development
Given the government sector client’s intention to improve its cyber security posture, co-ordinate information sharing, proactively manage cyber risks, and ultimately establish a Computer Emergency Response Team (CERT), Synovum Ltd. was engaged to assist the client and provide a number of specific deliverables.
The initial deliverable documented an assessment of the current practices and human capacities of the client with regards to both information security management and incident response.
The second deliverable documented the proposed vision, suggested governance structure and road-map for the CERT.
The final deliverable documented a proposed strategic plan for the CERT to meet the client’s requirements, the content of which consisted of an action plan, timetable, budget estimation, reference to relevant security standards (ISO, NIST etc.) and a training master plan.
Given the strict delivery timeline imposed by the client, all deliverables were submitted and approved by the client.
Cyber Security Strategy
Following release of the National Cyber Security Strategy for a Middle Eastern nation state, a consultant from Synovum provided subject-matter expertise to a UK-based organisation tasked to provide a number of deliverables forming the basis of a subsequent 3 year implementation programme. This expertise was provided in a number of areas, including standards, compliance, risk, and organisational maturity.
Following completion of the information discovery phase, the consultant provided analysis and identification of appropriate risk/maturity measurement models, in addition to applicable national/international standards to which the subsequent implementation projects/programmes should conform.
The analysis and recommendations were documented and submitted to the client as part of the overall project deliverables.
Data Loss Prevention
Given the risk from unauthorised release of information, the financial services client's requirement existed for of a data loss prevention (DLP) solution to be implemented.
This could ensure that highly sensitive proprietary information was not released via email or USB without sufficient business justification, or through unauthorised upload to an un-managed cloud storage provider.
Following documented agreement of the solution requirements and subsequent configuration and extensive testing, the Synovum consultant successfully managed the deployment of the DLP solution to the organisation.
General Security Consultancy
Planning and implementation of a number of different activities was required to improve security for a number of international locations which regularly communicated with a UK main office.
Following asset identification, a plan to update, patch and monitor these information assets was implemented, in addition to provision and subsequent implementation of best-practice advice in terms of backup management, use of data encryption tools, password management and a security awareness programme for employees.
Following implementation of the recommended best-practice advice, using the CIS 20 Critical Security Controls as a baseline control reference document , the organisation was able to both secure its information assets and ensure that its employees were aware of the potential security risks relating to use of IT.
Social Media Footprinting
In advance of future business development, a request was received to carry out an assessment of the current online footprint of both the organisation and key company personnel.
A comprehensive assessment was undertaken, with the findings and recommendations documented in a confidential report delivered to the client in encrypted format.