Solutions > Cybersecurity

Cybersecurity

Secure your digital assets and maintain data integrity today.

In partnership with Spartans Security, we provide robust protection across your network, applications, and cloud systems, ensuring seamless security in a connected world.

Cybersecurity

Secure your digital assets and maintain data integrity today.
SharePoint Access Files from Anywhere

In partnership with Spartans Security, we provide robust protection across your network, applications, and cloud systems, ensuring seamless security in a connected world.

Request capability statement

Connect

Everything you need

to know about our cybersecurity services

Critical Infrastructure Security

Conduct a desktop-based security assessment for critical infrastructure.

Application security

Web application penetration testing and reviewing current web architecture to meet industry best practices.

Network security

Complete internal network security assessment and internal penetration testing.

Cloud security

Cloud Application Assessment (Azure and AWS) and Cloud Best Practice Reviews and Assessment (Azure and AWS)

Internet of Things (IOT) Security

Conducting IoT Security Assessment with recommendations and a roadmap.

Monitoring Services

Sentinel Implementation, Microsoft Defender Implementation and Incident Response Retainer-based service.

Cyber Capability & Education

User Awareness Training using KnowBe4 and Microsoft 365 and running tailored awareness and education programs.

Security Testing

Internal and External Penetration Testing and Cloud Penetration Testing.

Incident Response

Incident Response Uplift (review and Update Policy and Playbook). Incident Response Simulation: running a simulation-based workshop(s) to test customer readiness for responding to Incidents. Incident Response Retainer Services: A retainer-based service that the customers can use if they have been compromised.

Cyber Risk and Compliance

NIST Cyber Security Assessment, ISO27001 Gap Assessment, Maturity Assessment against ASD Essential8 and ASD Top35 mitigating Strategies, PCI-DSS Compliance Assessment, and CyberSecurity Risk Management Framework uplift.

Security Integration

Implementing Microsoft Defender into your environment. Completing Microsoft Defender for Cloud and Defender for Identity. Implementing a user awareness program into your system and implementing Defender for IOT.

Most popular

cybersecurity offerings are:

Cloud Security Assessment

This service offers a comprehensive review of network and cloud security, focusing on aligning with Microsoft best practices and our experts’ seasoned insights. Key activities include:

  • Assessing data monitoring and automation in Sentinel, reviewing Microsoft Defender for Cloud Apps and Defender for Endpoint, examining Azure Site Recovery and Blob Storage’s Data Lifecycle Management, scrutinizing Intune policies, and evaluating patching processes.
  • It also involves a review of Azure conditional access, Express Route settings, Microsoft Information Protection policies, and Azure Arc implementation.
  • The service aims to identify and address any security misconfigurations and risks across Microsoft 365, Active Directory (on-premises), and Azure cloud infrastructures.
  • Deliverables comprise a detailed report with findings, risk ratings, recommendations, and a prioritized roadmap, complemented by walkthrough sessions to discuss these outcomes and suggest actionable steps for security enhancement.

 

Incident Response

A comprehensive service to develop and enhance Customer’s Cyber Security Incident Response Plan, aligned with NIST guidelines (NIST800-61). The service includes:

  • Creating and refining the Incident Response Plan and Playbooks, detailing roles, responsibilities, escalation paths, critical applications, and work instructions.
  • Additionally, the service offers Incident Response Simulation Testing to test response plans against potential scenarios, review and analyse incident detection capabilities across various environments (cloud, on-prem, network), and suggestions for technical solutions and Security Operation Centre options.
  • Post-incident reviews are conducted to identify improvements and lessons learned.

The engagement model includes fixed pricing for building and testing the response process, with time-and-material-based pricing for ad-hoc services. We also provide regulatory guidance in the event of a data breach while maintaining strict confidentiality throughout the process. Customisation of the Incident Response documents to suit specific customer needs is also part of the service.

NIST Cyber Security Assessment

The NIST Cybersecurity Assessment is focused on evaluating an organisation’s cybersecurity stance against the NIST Cybersecurity Framework, aiming to boost their security posture. The assessment includes:

  • A detailed examination and scoring of the organisation’s current security strategies across the five key functions of the NIST Framework: Identify, Protect, Detect, Respond, and Recover.
  • Each function covers various subcategories like Asset Management, Risk Management, Access Control, Anomaly Detection, and Recovery Planning.
  • The process involves compiling a list of findings with risk ratings, assessing the current security posture according to NIST best practices and CMMI maturity ratings, and providing a prioritised list of recommendations.
  • A comprehensive reporting structure will be used, including a high-level risk rating of each finding, a scoring summary report with CMMI maturity ratings for each NIST control, and an overall security capability score.
  • Deliverables include a single-page summary of assessment results and maturity rating, along with a detailed full report outlining asset details, high-level risk assessment, threat assessment, control review maturity, target maturity rating, and specific recommendations in each NIST area. The objective is to annually measure, improve, and drive the organisation’s security rating using the NIST framework.

Penetration Testing

A comprehensive Penetration Testing service to enhance the security of IT networks and infrastructure. This service includes both External and Internal Penetration Testing, following industry best practices.

  • The External Testing involves notifying stakeholders, performing active and passive reconnaissance of on-premises and cloud-based systems, external exploitation using various techniques like active scanning and password spraying, and attempting to exfiltrate data to simulate an actual breach.
  • Internal Testing provides physical access to networks, where similar steps are repeated for various network types, including guest Wi-Fi, staff networks, and IoT systems.
  • The process involves initial reconnaissance, privilege escalation, lateral movements within the network, and data exfiltration.
  • Findings from the tests are reviewed and validated using the MITRE ATT&CK framework, prioritised, and presented in a final report containing both executive summaries and detailed technical analyses of vulnerabilities, impacted systems, risks, and remediation recommendations. This is complemented by a presentation and walkthrough session for stakeholders, explaining the vulnerabilities, proofs of concept, and professional risk assessments.

Organisations

witnessing the positive outcomes:

Melton City Council

  • Penetration Testing of the eCouncil services
  • Virtual Chief Information Security Officer (CISO)
  • Penetration Testing (internal and external, including Library Services)
  • VPDSS (Victorian Data Security Standard Audit)
  • PCI-DSS Assessment (high level)
  • Website Stress Testing

*Project by Spartans Security

Glen Eira City Council

  • Virtual Chief Information Security Officer (CISO)
  • Cloud Security Strategy

*Project by Spartans Security

Knox City Council

  • Virtual Chief Information Security Officer (CISO)
  • NIST Cyber Security Review

*Project by Spartans Security

Housing Choices Australia

  • 3rdParty Vendor Risk Assessment
  • Vulnerability Management
  • Penetration Testing

*Project by Spartans Security