Governance, Risk, Compliance, and Audit

Services: GRC, Auditing, & Essential Eight

Our Cyber Security GRC and Auditing services are essential in providing the strategy, assurance, and accreditation sought by your internal and external stakeholders.


Governance

Security Program (ISMS) Development and Review

An Information Security Management System (ISMS) is a library of documents that contain the policies, standards, plans, and procedures that make up your information security program.

An ISMS consists of several artefacts including:

  • Disaster Recovery Plan
  • Incident Response Plan
  • Business Continuity Plan
  • Information Security Policy
  • Data Classification Policy
  • Staff Onboarding Procedure
  • Encryption Standards
  • and more

Endure Secure can assist you by developing an effective ISMS for your organisation or by reviewing and uplifting your existing ISMS.

Virtual Chief Information Security Officer

A Virtual Chief Information Security Officer (vCISO) is a cost-effective, flexible solution to gaining a senior resource to implement your information security program and influence the cyber security culture within your organisation.

Here are some of the ways a vCISO can assist your organisation:

  • Develop, implement, and oversee the information security program.
  • Provide security representation to the board, senior management, and other internal or external stakeholders.
  • Consult your team on security projects.
  • Keep you abreast of the relevant regulatory and industry regulations.
  • Review and negotiate contracts with security partners and vendors.

Endure Secure provides flexible vCISO services for organisations of all industries and sizes.


Risk Management

Risk Assessment and Management

Identifying and measuring the risks faced by your organisation is crucial in decision making.

We can help your organisation by:

  • Building a Risk Management Program to track and remediate risks.
  • Operating your Risk Management Program.
  • Carrying out Risk Assessments against your company, or before a technology or company acquisition.

Endure Secure are experts in identifying and recommending treatment options for the risks faced by your organisation.

Threat Modelling

Cyber Threat Modelling is an exercise targeted at a particular software product or platform that aims to identify and remediate threats at a granular level.

Threat Modelling is typically performed on software and systems that are developed in house.

Endure Secure is experienced in performing Cyber Threat Modelling exercises against complex applications and technology stacks.

Cyber Insurance Advisory and Readiness Assessment

A rise in cyber security attacks such as ransomware and data loss has seen more and more Australian organisations turning to cyber insurance policies. However, often insurers wish to measure the security posture of an organisation before issuing a policy.

If you’re an organisation seeking a policy, we can assist you by uplifting your security posture to meet your insurer’s requirements.

If you’re an insurer, we can assist you by performing a risk assessment and gap analysis against your prospective customers’ security posture and help them meet your requirements.


Compliance and Audit

ACSC Essential Eight

The ACSC Essential Eight is a set of eight security controls recommended by the Australian Cyber Security Centre. for businesses who use Microsoft Windows computers connected to the internet (most businesses).

Essential Eight provides guidance for the implementation of each control, as well as a maturity model to assess the effectiveness of each control from 0 to 3.

Endure Secure can both implement and manage your Essential Eight program, as well as assess your business’s maturity level and provide a comprehensive report detailing your adherence to the Essential Eight.

ACSC Top 37

The ACSC provides a list of 37 mitigation strategies to protect against cyber incidents. Of the 37, eight have been deemed essential, aptly named the Essential Eight. After achieving Maturity Level Two or Three of the Essential Eight, you may then wish to extend your security program to tackle the remaining strategies.

Endure Secure can both implement and manage your Top 37 program, as well as assess your businesses adherence to the 37.

IRAP Assessment

The Infosec Registered Assessors Program (IRAP) endorses qualified cyber security professionals (known as IRAP assessors) to provide security assessment services.

IRAP assessors can provide security assessments for systems and environments classified SECRET and below for:

Endure Secure’s qualified IRAP assessors can assist you with preparing for an IRAP assessment or carrying out an independent IRAP assessment of your systems.

ISO 27001

ISO 27001 is an industry leading, intentional standard that provides guidance on establishing and maintaining an Information Systems Management System (ISMS). Due to its popularity, many organisations seek to conform to the standard, and some also seek to become ISO 27001 certified by various third parties.

Endure Secure can assist you by developing your ISMS to meet ISO 27001 standards. If you wish to become certified, we will ensure you are ready for assessment by a certifying party.

We can also carry out an audit of your current ISMS, measuring you against the ISO 27001 standard.

ISO 27002

ISO 27002 is an industry leading, international standard that provides guidance on the implementation of security controls suited to your organisation.

Endure Secure can assist you by leading your ISO 27002 project and, if required, preparing you for certification.

We can also carry out an audit of your organisation, measuring you against the ISO 27002 standard.

ISO 31000

ISO 31000 is an industry leading, international standard that provides guidance for implementing a risk management program.

Endure Secure can assist you by leading and implementing your Risk Management program in alignment with the ISO 31000 standard.

NIST CSF

The National Institute of Standards and Technology’s Cybersecurity Framework (NIST CSF) is a framework which assists organisations focusing on security investment to prevent, detect, respond, and recover from cyber security incidents.

Endure Secure can assist you by implementing and managing your NIST CSF compliance program, or by measuring your organisation against the NIST CSF.

PCI DSS

The Payment Card Industry Data Security Standard (PCI DSS) specifies twelve security requirements for the handling, processing, or storing of payment card transactions or information.

If your organisation handles payment cards (credit cards or debit cards) in any capacity, including online (eCommerce), by phone, or using an EFTPOS terminal, you may be required to comply with PCI DSS.

Endure Secure is not currently a QSA, however, we are able to assist you in preparing for your PCI DSS assessment.

GDPR

The General Data Protection Regulation (GDPR) is a set of data protection and privacy requirements for businesses that operate in the European Union (EU), or collect information about individuals who are citizens of the EU.

If your organisation meets this description, compliance with GDPR is mandatory, and heavy fines apply for non-compliance.

Endure Secure can assist you by implementing and managing your GDPR compliance program.


Review

Active Directory Configuration Review

If your organisation uses Active Directory, it’s likely the single most critical asset in your entire network. Active Directory typically manages all assets within your network such as users, endpoints, servers, and critical network services including DNS, DHCP, Group Policy, NTP, and Exchange. All of these may have security issues, vulnerabilities, or misconfigurations impacting performance.

Endure Secure can assist you by conducting a comprehensive review of your Active Directory and delivering a report with detailed findings and recommendations. We can also assist with remediation efforts.

Cloud Security Review

While consuming Cloud services may alleviate the burden of managing and maintaining some layers of the technology stack, typically the customer is responsible for cyber security. Misconfigurations, vulnerabilities, and lack of visibility often lead to data breaches, security incidents, or failures to meet compliance obligations. Endure Secure can review the security and configuration of all types of Cloud deployments:

  • Infrastructure-as-a-Service (IaaS),
  • Platform-as-a-Service (PaaS),
  • Software-as-a-Service (SaaS),
  • Hybrid Cloud,
  • Private Cloud.

Code Security Review

Insecure code and coding practices often lead to security vulnerabilities in your software applications, web applications, and deployment scripts. Endure Secure provides Secure Code Reviews for all coding, programming, and scripting languages. We can also review or implement your Software Development Lifecycle (SLDC) program.

Database Configuration Review

As databases typically house sensitive data such as personally identifiable information (PII), patient health information (PHI), and customer financial information, it is essential that databases are adequately secured and configured. A Database Configuration Review will assess the entire platform, including:

  • Software versions and patches,
  • User permissions,
  • Encryption and hashing standards and practices,
  • Auditing and logging policies,
  • Stored procedure security.

Endure Secure offers reviews of all database vendors, including MySQL, Microsoft SQL, and Oracle.

Firewall Configuration Review

Misconfigured firewall rules and policies can leave your organisation unnecessarily vulnerable to attack. Likewise, policies which are too strict may prevent legitimate traffic from flowing through your network.

Endure Secure can assist you by reviewing your Firewall configuration, and provide recommendations for balancing your operational and security requirements. We can also assist with the implementation of our recommendations.

SOE Review

An appropriately maintained and adopted Standard Operating Environment (SOE) is an effective cyber security control when managing a large fleet of computer systems. An SOE image can speed up deployment and rebuilding of systems, as well as ensure a consistent baseline of security and operational configurations.

Endure Secure can assist you by conducting a comprehensive review of your SOE, including against CIS Benchmarks, and delivering a report with detailed findings and recommendations. We can also assist with remediation efforts.


Contact Endure Secure!

Endure Secure is available to answer your Governance, Risk, Compliance, and Audit enquiry within 8 business hours. Please include as much information as possible for your request.

Please contact us using the form below, email us at [email protected], or call us on 0420 231 893.