R2S Cyber Security

R2S Cyber Security Service focuses on the cyber dimension of Risk Management. Any business services which involve the Internet must identify their cyber risk exposure and take steps to protect it. Web sites are constantly hijacked to spread malware. Smartphones are compromise by trojaned apps to steal personal data.
The best defence is through user education focusing on building secure business practices. When users are trained with a secure mind set in observing their situations, they are better prepared to deal with any potential attacks. This is very similar approach to our training for personnel security.
We work with our clients and their IT service providers to review and identify the cyber threat models specific to their industries and business environments. Our review is based on the International Security Standard ISO 27000.
Risk Assessment

“Protecting what counts”. Risk assessment provides an informed framework for making decisions on the scope and priorities in protection technology investments and process improvements. Process change can often cause user concerns. Our assessment process quantifes the business benefits and potential impacts associated with different technology options. We build communications packages to explain the proposed solution to the organisation and work with their technology providers to phase in the deployment, minimising business disruptions.

Configuration Review

Regular reviews and tuning of security system configuration ensures integrity in policy enforcement and improves system operational efficiency which can delay costly upgrades. These reviews are conducted in partnership with your technology providers based on manufacturer recommendations, industry best practices and our own operational experience. Policy enforcement regimes such as firewall rules, URL filtering rules and data leak detection policy are reviewed in the context of the risk assessment results to ensure these practices reflect current business environments.

SECURITY FOR THE ALWAYS ON CYBER WORLD
Security Training

User awareness is always the best defence against cyber-attacks. Situational Awareness is a foundation in our personnel safety and security awareness training. This philosophy is extended to the cyber world. A key challenge in the cyber world is in the lack of physical representation of threats. Specialist technologies are deployed to detect viruses and ransomware hidden in friendly looking emails or attractive web pages.

However technology is not fool proof. Well-crafted social engineering attacks masquerading as urgent orders from regular customers are likely to fool sales and fulfilment teams into despatching products to fraudsters, bypassing anti-virus software and basic business controls on order validation processes. Our training programs empower users to understand how to properly use security controls embedded into their processes. They also build situational awareness on common attacks against their particular industries through threat intelligence sharing.

Audit

Audit helps organisations understand maturity of their security processes in terms of their regulatory compliance posture and best practice comparison with their industry peers. Our review is based on International standard ISO 27000.

Besides compliance, the audit process brings focus across teams to reflect and dimension their end-to-end operational security weaknesses and work collaboratively to develop and deploy scalable technology solutions and sustainable process change. The focus of our audit is not to “name and shame” but to focus on understanding and collaboration.

For a quote on Cyber Security or for more information on R2S Cyber’s  services and products, please get in touch!