CYBER RESILIANCETOOLKIT

ADVISORY ANALYTICS CYBER FORENSICS TRAINING

INTRODUCTIONWe are all learning to deal with the new reality that Covid 19 has bought to the world and are living with the uncertainty of not knowing. We trust that our families, businesses associates and employees will do everything possible to keep themselves and everyone around them safe. Many of our clients have come to us to discuss their IT security and Cyber requirements. The need for a Cyber resilience strategy is at the top of their list and with this in mind our cyber specialists have developed a comprehensive strategy to meet their needs. With the introduction of extended work-from-home policies to mitigate the spread of the SARS-COV-2 virus, many employees are working away from the office and managed IT networks for the first time. This introduces multiple opportunities for cyber-criminals, fraudsters and con-men to exploit. We all need to act now!

THE TOOLKITCheckmark cyber forensic and advanced analytics lab have compiled a versatile cyber strategy to help our clients excel in these difficult times. We have based this on the new reality we dealing with and what we are already seeing emerge. There have been multiple sophisticated cyber-attacks as well as tens of thousands of phishing attacks trying to leverage the Corona virus and manipulate unsuspecting people into clicking on links and providing credentials that lead to massive compromises and financial losses. Checkmark has an experienced team equipped with an exceptional understanding of both offensive and defensive cyber security methodology, able to craft bespoke solutions based on risk appetite and threat modelling.With this in mind we developed the following Cyber resilience solution. Our solution consists of three easy interventions that will greatly upgrade your current cyber and IT infrastructure: a) Cyber Risk assessment b) Vulnerability assessment and penetration test. c) Cyber awareness training

1. CYBER RISKASSESSMENT

2. VULNERABILITY &PENETRATION TEST

3. CYBER AWARENESSTRAINING

NCyberPlatform

KnowriskPlatform

Maturity ComplexityOnline andClassroomLearning

CyberPostureanalysis

Understand yourbusiness

Internal/Externalnetwork engagement External Engagement

SCOPING

7

0

2

1

2

3

1

0

0

2

0

0

2

3

2

1

1

0

13

2

4

29

6

6

10

3

0

10

10

0

5

4

0

7

5

1

7

4

1

10

5

6

0

15

6

0

15

17

6

1

1

2

1

15

13

0

1

0

1

0

2

2

0

8

0

4

11

6

1

8

11

5

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

CONTROL APPLIED PARTIALLY APPLIED NOT APPLIED NOT APPLICABLE NOT ASSESSED

AC - Access Control

AT - Awareness & Training

AU - Audit & Accountability

CA - Assessmment,authorisation

CM - ConfigurationManagement

CP - Contingency planning

IA - Identification &authentication

IR - Incident Response

PM - Program Management

PS - Personal Security

RS - Risk Assessment

SA - System & Serviceacquisition

SC - System &communications protection

SI - System & InformationSecurity

MA - Maintenance

MP - Media Protection

PE - Physical &Environmental Protection

PL - Planning

• Checkmark make use of cutting edge technology like nCyRisk and Know risk to provide the directors, executive management, and information security staff with a up-to-date, comprehensive, consolidated view of the cyber-risk exposure. • The risk is determined by a unique convergence of the company’s information assets, the organisation’s threat landscape, and the control deficiencies. • The controls are compared against a mature library of international standards, viz.: - lISO-27002 - NIST 800-53 - NIST CSF - CIS-CSC - CIC

Outcomes: • Our risk team will recommended remediation controls for each deficiency and assist you to find the correct intervention, product or consultant to help. • The company management will be in a position to pursue the design and implementation of an ISMS against their standard of choice. • Checkmark will help you to address the failure to identify, assess, prioritise, and manage the actual cyber-risks that will most certainly and unexpectedly result in a significant loss of value and/or reputation. • Checkmark will ensure that effective cyber risk management that requires systemic and appropriately designed, configured, implemented and monitored is implemented with: - Risk-management tools - Methodologies - International standards - Controls

1) CYBER RISK ASSESSMENT

• Checkmark will scan and interrogate the internal network to simulate a post-breach attack in which an intruder attempts to increase their footprint within your environment. • Our testing will use manual and automated methods to identify network assets, map exposures, and attempt to gain access to further systems.

technical findings will be reviewed with the team and for each finding we will suggest a best practice approach for the mitigation of the risk associated with the finding, and an interim solution. These will form a thorough report detailing both the findings in depth, as well as their respective remediation.

2) VULNERABILITY AND PENETRATION TESTING

• An experienced team equipped with an exceptional understanding of both offensive and defensive cybersecurity methodologies we are able to craft bespoke solutions based on risk appetite and threat modelling. • Our Cyber team have been doing IT security for more than 20 years for companies and organisations around the world.

MEET THE CHECKMARK CYBER TEAM

• A joint workshop identifies the information assets that are exposed to cyber threats. • An assessment of existing controls is performed by subject matter specialists to evaluate the quality of the controls and the maturity of the implementation. • On the first iteration, our technology can be set to only prompt on primary controls (30% of the total assessment). • Threat reports list which vulnerabilities are not sufficiently mitigated. Certain threats are only pertinent to particular assets: the reports indicate the impact and loss after an attack on each asset. • Compliance reports show the gap in implementation against the pre-configured standards. Remediation reports provide recommendations on which controls will provide in the greatest reduction in risk. • The dashboard views and reports update as controls are implemented.

HOW WE ENGAGE IN CYBER RISK ASSESSMENT

EXTERNAL PENETRATION TESTING The penetration team will attempt to simulate unauthorised attackers’ attempts to infiltrate the system. The penetration test typically extends over a 15-day window and demonstrates whether previously identified vulnerabilities are in fact exploitable in the client's environment. While conducting the penetration testing, Checkmark uses both manual testing (hands-on) as well as automated tools. The penetration testing methodology is based on obtaining a real risk assessment of the infrastructure and the application's exposure level. This is done by simulating genuine attack scenarios as employed by hackers worldwide.

Since these findings are not based on theory, every scenario is fully executed and tested on the network. Where applicable activities penetration testing includes: • Infiltrating network devices • Bypassing firewalls and network traversal • Bypassing remote access systems (VPN, RDP)

INTERNAL PENETRATION TESTING During internal penetration testing we attempt to gain access to resources: • Without any access (simulating a wireless or plug-in breach) • With user only access (what can a knowledge attacker, posing as a new staff member access on the infrastructure) • As an administrator (are systems configured optimally)

Internal penetration testing includes social engineering exercises and password cracking. Testing usually includes all supporting infrastructure within an organisation including: • Research, Servers / Databases, Access Control, Wireless access points • Firewalls, UPS and Inverter devices, Routers / Switches • Printers, Client computers, Social Engineering, Denial of service

PENETRATIONTESTING

Adversarysimulation

Overt External

Wireless

Internal

ContinuousPenetration

Testing

Physical

Web & mobileapplication

Socialengineering

Covert

ONCE TESTING IS COMPLETED OUR METHODOLOGY PROVIDES: Short-term tactical fixes for immediate remediation of any outstanding vulnerabilities within the tested environments. Long-‐term strategic measures that will proactively thwart any potential repetition of vulnerabilities discovered during testing. A robust set of conclusions and industry best practice recommendations based on real - world scenarios and tangible evidence of performance. Prompt engagement in program of remediation efforts and continued security assessment to ensure a consistent and ongoing security risk monitoring and security posture reinforcement

Hackers continue to improve and expand their attacks, so real-world experience is invaluable when preparing your company’s defenses. The Cyber Academy educates everyone, from staff with basic technology skills to your expert IT specialist, on how to protect themselves and the business from criminals looking to gain illegal access.

Our trainers have been battle-tested as ethical corporate hackers and remain current and engaged in the cyber-security community. Most importantly: they understand the attacker’s mind-sets.

Online, interactive training from ethical hackers with case studies and practical solutions that minimizes your risk. Available anytime, anywhere, on any device. • Course content has been developed by experts • Workshops/Webinars by experienced facilitators for participants to experience the real-life hacking environment • Analyse your staff and recognise the risk profile of your organisation using the results from our Cyber Posture Analysis • Time, attendance and completion reporting is available for your organisation • Library content and updates are available to support attendees

3) CYBER AWARENESS TRAINING

The cyber posture assessment is based on a self-assessment questionnaire in which employees are requested to respond to questions about their personal and professional behavioural tendencies that might expose them to cyber risk. Respondents are classified as having one of four profiles, which indicate the extent and nature of risk to which they may be exposed. Profiles are described as Eagles, Parrots, Labradors, and Rhinos.

CYBER POSTURE ANALYSIS

E-LEARNING - MICRO COURSES

Meet the Hacker Hackers Mean Business Hackers Revealed Navigation Through a Hack

WEBINARS AND CLASSROOM TRAINING

We cover the basics of keepinginformation safe both within thecompany and in your personallives. The course covers variouscyber security topics and trains

your staff to engage with their ITdepartment in a beneficial way,helping protect your company’s

information systems.

The workshop is aimed atproviding a more in-depthoverview of all the security

fundamentals at the user leveland is targeted at staff who

work with sensitive information.This course contains more

technical details and practicalexamples from the real world as

well as live hackingdemonstrations. It is ideally

suited for people who work withsensitive information such as the

accounts department, callcentre personnel and first line

support staff.

This training course offers acollection of live demonstrations

featuring a variety of hackingand defensive techniques usedby hackers. Because security isan ever-changing battlefield,

our hands-on Penetration Testingexposes you to the latest in

network and applicationvulnerabilities and defences.

Our instructor will illustrate eachtechnology’s default security

posture, installation weaknesses,methods hackers use to

circumvent “secure” settings,and countermeasures for each

vulnerability.

Cyber protection and datasecurity are one of the most

significant risk factors forcompanies and organisations

today. The first step thatpromotes the organisations’

preparation for a cyber-attack,is to increase the knowledgebase and emphasize what

should be done in case of acyber-attack. This should be

shown to all the employees ofthe company – from part-time

employees to the CEO.

CONCLUSIONBy implementing these 3 (or a combination of the 3) recommended interventions you will be takingthe responsible steps to secure your business. Checkmark will also collate all the data gatheredfrom the selected actions and give you a Cyber resilience road-map tailored to your specificrequirements. This will lay the path for a further engagement if you chose to continually developand enhance your IT security and cyber risk strategy.Please note that the Cyber resilience roadmap is free.

CONTACT USDAVID COHENChief Executive OfficerCell: +27 82 883 0536Email: david.cohen@checkmark.co.za