Governance, Risk, and Compliance
To address ongoing and emerging cybersecurity risk Aegis offers a variety of Governance, Risk, and Compliance (GRC) services for our clients. This can include: implementation of security frameworks, gap assessments, security maturity audits, security roadmaps, development of business continuity/disaster recovery/cyber incident response plan document, as well as design and testing of tabletop simulations to meet framework and insurance requirements. The offerings are made available either via a vCSIO (virtual Chief Information Security Officer) retainer arrangement or via a project basis.
Cybersecurity Frameworks:
There are a variety of mechanisms that can be undertaken to improve the security posture of your business. However, to do it safely, effectively, and efficiently it should always be based upon one of the recognised cybersecurity frameworks. A non-exhaustive list of examples includes:
- ISO27001
- SOC 2
- NIST-CSF
- SMB: 1001
These frameworks are the basis upon which to build a security program to protect your businesses investments and efforts. Each framework can be tailored to meet the needs of your businesses goals and objectives so we are never trying to put a square peg into a round hole.
We can also advice on the Australian Signals Directorate Essential 8 (ASD E8 or E8) maturity levels 1, 2, and 3, but please note it is not a framework. The E8 is a foundational set of controls to mitigate the threat presented by some classes of cyber incident. It only makes up a very small component of a robust security program and as such is recommended that it only be a stepping stone onto a more complete framework.
Cybersecurity Roadmaps
Knowing what you want to do is step one; next step is how to get there. Aegis will work with your executive leadership team, tech team and/or managed services provider to plan out how to get you to a point that should you want to bring in the security auditors that you can do so with confidence. We know what is needed from a process, people, documentation, and technology systems to meet the needs of these frameworks, as well as knowing the technology partners best suited to implement those platforms for you. We take an advisory and strategy focused role and made the active choice to not sell the hardware or software needed to get you to the security posture you want to attain – we have done this as we never want there to be a perception of bias in our recommendations and advice – if we tell you that you need to replace or implement a solution it is a statement of fact not a sales pitch.
Business Recovery Planning Documents, and Exercises
Outside of policies, standards, and processes there are three documents that form the basis to ensure your business can carry on after a disaster or incident. They are: business continuity plan (BCP), disaster recovery (DR), and cyber incident response plan (CIRP).
We regularly work with out clients to scope, design, develop, and deploy their business to enable recovery after the unthinkable happens. In order to make sure they meet the needs of the business, cover the necessary risks, and the staff know what to do we run tabletop exercises to role-play a scenario testing their responses against the plan and seeing how they respond to the simulated stress.
Virtual Chief Information Security Officer
Aegis officers a vCISO (virtual Chief Information Security Officer) service to scope, manage, and support all of the above services. They are a senior leader and executive specialising in cybersecurity able to communicate with your leadership team and board, quantifying the risks and recommending remediation and treatment plans.
Aegis’s vCISO’s know the solutions in the market to meet your needs, allowing you to sleep easily at night knowing your business data, client data, and staff records are secure. Their knowledge and skills are is focused on providing the solution of best fit for your business, making sure there is the right amount of security protecting your assets and addressing the risk – there is no point spending $10 to protect $1.
Read how we improved our client’s cybersecurity posture.
CONTACT US
Your most intelligent cybersecurity defence starts with Aegis.
Contact us to find out how we can help you.
