Cybersecurity Audits, Governance and Control Implementations
Various cybersecurity services
Futura International, by means of cybersecurity assessments or cybersecurity governance and control implementations, assists clients in the following way to improve their cybersecurity posture:
- The audit of an organisation’s cybersecurity risk registers, to determine if all applicable and relevant cyber risks have been identified for appropriate risk responses (incl. risk mitigation). Alternatively, we can develop the cyber risk register for a client, and, in addition to that, assist with the identification of appropriate risk mitigation responses (i.e. preventive, detective and corrective cyber controls), designed to mitigate the identified cyber risks.
- Cybersecurity strategy audit or development. A cybersecurity strategy must be aligned with the broader business strategy, and we therefore take the overall business direction into consideration, while auditing or developing the cyber strategy. The cybersecurity strategy must give, at high level, direction to all cyber risk mitigation plans and the cybersecurity governance framework, and serves as the master plan or “constitution” for cyber risk mitigation activities in a business.
- Vulnerability assessments – i.e. automated scans to detect software vulnerabilities and incorrect security configurations at firewall, router, operating system, database, and application levels. Normally the results of a vulnerability assessment (also called “footprinting”) are then used for the next phase (penetration testing).
- Manual penetration testing (hacking simulations) – aka “pen tests”. We offer black box, grey box, and white box testing. The purpose of a pen test is to attempt to exploit identified software vulnerabilities and incorrectly configured security settings – i.e. to penetrate an organisation’s internal network from outside (i.e. the Internet). An internal pen test, on the other hand, is designed to try and exploit vulnerabilities inside an organisation’s internal network – working on the assumption that, once the external perimeter has been breached by an attacker, what else can be done and exploited? We have found that companies’ cyber defense is “hard on the outside, but soft on the inside”. Because it is in these days easy to bypass external perimeter controls (e.g. a firewall), by means of social engineering and ransomware attacks, it is important that internal controls are improved on – which could include multiple types of actions and controls, from server hardening to separate security zones (network segmentation with additional firewalls) and several other controls.
- Cybersecurity user awareness training and education. Human beings are the weak links in any company’s internal control system. We provide cyber awareness training to clients’ employees, with the goal to improve their security awareness (e.g., to be vigilant for social engineering activities).
- Cyber insurance gap assessments. We assist clients to align their cyber risks with the right level of cyber insurance coverage. In addition, we also assist clients to design and implement the required controls, as required by the insurance firm.
- Continuous improvement. Futura International, in association with partners, can assist in the implementation of traditional scanning applications – with the ultimate purpose of continuously detecting security vulnerabilities and threats. However, traditional software is not enough in an era where machine learning (“ML”) and artificial intelligence (“AI”) can be used by criminals to target an organisation. We have therefore partnered with organisations to implement ML and AI software in clients’ internal networks, continuously learning and improving preventive, detective, and corrective controls.
Above services are our core services, and can be offered in a virtual manner.