Information Security, Cyber Resilience & Risk Management Consulting

CREDENTIALS

Security is our core business, and our success can largely be attributed to our thorough knowledge and understanding of the technical, commercial and legal aspects of Information Security.

Our consultants are security specialists, combining technical expertise with a business focus to create comprehensive security solutions to mitigate risks and maximise results.

We’re a QSA company, CREST approved, and an ISO27001 accredited business.

Engaging Sense of Security ensures you’re protected and your information is safe from threats both within and outside the organisation. You’ll also meet regulatory requirements so your employees, partners and suppliers can conduct business in complete confidence.

SOS’s test facilities in Sydney and Melbourne support our investment in vulnerability research and the development of proprietary technologies and assessment methods. Our well-defined quality assurance practices combined with industry recognised expertise provide our valued clients with a unique and sustainable value proposition.

Our Services• Technical Assurance

• Cyber Security Advisory (Governance, Risk & Compliance - GRC)

• Security Strategy & Architecture

Sense of Security services are trusted by major names in the Banking and Finance, Insurance, Healthcare and Retail sectors as well as Resources, Utilities and Telecommunications.

In the public arena we conduct business with Local, State, and Federal governments.

We have been selected on numerous government panels which not only enable us to undertake extensive work for government but also demonstrate our capacity and credibility to the broader market place.

Highly regulated industries are a natural fit for Sense of Security.

Sense of Security Credentials

Technical Assessment & Assurance

• Penetration Testing

• Operating System Security

• Application & Database Security

• Mobile & Wireless Security

• Human Factor Tests

• Red Team Exercises

• Secure Application Development Practices & Training

• SAP, ERP and IoT Security Review

Cyber Security Advisory (Governance, Risk & Compliance)

• Information Security Management System – ISO 27001/2 Development

• Risk Management – ISO 31000 & 27005

• Payment Card Industry Data Security Standard

• Australia Government – Information Security Standards (ISM, PSPF, NESAF) VIC Government – VPDSS

• Cloud Computing Security Governance

• Personal Information – Security Assessment

• Mobility Security Governance

• Secure Development Lifecycle

Security Strategy & Architecture

• Information Security Architecture

• Information Security Strategy & Roadmap

• Information Security Policy, Standards & Procedure Development

• Cyber Threat & Risk Assessment

• Vulnerability Management

• Data Classification & Risk Treatment

• SCADA Secure Design & Review

• Cloud Service Provider – Security Risk Management Framework

How we do itWe take our clients through a top-down process, implementing a management framework to assist them with information security and risk.

It’s an approach that is industry-aligned and practical for any organisation, emphasising greater protection on key assets and a business need-to-know policy.

This structured approach delivers confidence that the organisation has the right framework in place whilst also enhancing a company’s reputation to clients.

Building security controls into a business starts with a risk assessment to understand where key information assets are and drive management practices to ensure that those critical assets are secured.

Results of the risk assessment may indicate that elements of a company’s architecture need to be assessed or redesigned. Furthermore, additional security controls may be needed, or detailed security testing of certain assets might be required to ensure their security and compliance with best-practice standards.

Most organisations now recognise the need to move from ad hoc security and risk management controls to a best-practice Information Security Management

System (ISMS). The most widely recognised ISMS is the International Organisation for Standardisation (ISO) 27000-series standards.

Adopting ISO 27001 reduces business risks by requiring an organisation to be formally audited and certified as compliant with the standard, then continuing to undergo regular assessments to make certain that information security controls and thus, acceptable levels of risk, are maintained.

Sense of Security provides an extensive Governance, Risk and Compliance consulting capability, ensuring that our clients can meet all appropriate standards. Our ISO 27001 lead auditors advise, assess, implement and qualify our clients’ standards and governance regulatory requirements.

Similarly, for the Payment Card Industry, we are a Qualified Security Assessor (QSA) company endorsed by the PCI Security Standards Council.

Organisations that process, transmit and store credit card data are obliged to comply with the Payment Card Industry Data Security Standard (PCI DSS).

We assist organisations who need to comply with this global standard to meet their compliance objectives.

Our Core Product Suite

Compliance with recognised Professional StandardsSense of Security’s approach to consulting engagements is based on globally recognised standards, such as ISO 27001 (Security Management) and ISO31000 (Risk Management), in combination with the extensive experience gained by our consultants performing prior assignments.

All security assessments are performed with reference to industry leading methodologies, such as the Penetration Testing Execution Standard (PTES) and those covered in the Open Source

Security Testing Methodology (OSSTM), in combination with SOS’s own in-house developed processes and methodologies.

In addition, web application security reviews are performed with reference to the Open Web Application Security Project (OWASP) guides.

Our consultants are located at our Sydney and Melbourne offices. A sample of their industry certifications is listed below.

To discuss how our security solutions can help protect your most vital assets, please call us today.

Governance, Risk & Compliance

• ISO 27001 Lead Auditor

• Defence Signals Directorate’s Information Security Registered Assessor Program (IRAP)

• Payment Card Industry Qualified Security Assessor (PCI QSA)

• Certified in Risk and Information Systems Control (CRISC)

• Certified Information Systems Auditor (CISA)

• Certified Information Security Manager (CISM)

• ISO 9000:2000 Certification of Internal Auditing

• Certified Information Systems Security Professional (ISC2)

• Certified Secure Software Lifecycle Professional (CSSLP)

Technical Assessment & Assurance

• CREST Certified Web Application Tester

• CREST Certified Tester

• Certified Information Systems Security Professional (CISSP)

• Certified Information Systems Security Professional (ISC2)

• GIAC Certified Intrusion Analyst (SANS)

• Offensive Security Certified Professional

• Offensive Security Wireless Professional

• Certified Penetration Testing Professional

• SANS Reverse Engineering Malware