Embed Size (px)
Citation preview
Intelligent Security Technologies
Overview
Cyber Accreditations
Cyber Security Audit Services
Cyber Security Training
Cyber Security Training for Financial Services
Cyber Due Diligence for Private Equity
CISOs on Demand
GDPR Explained
GDPR Explained
Secure Identity Cards
Brand Protection & Anti-Counterfeiting
Secure Mobile Communication
Anti-Money Laundering & Know Your Client
Insider Threat Detection
iStorage - Secure Data Storage
Super Yacht Cyber Security
Contents
_02
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
The Security Circle brings together the world’s most advanced and specialised security products and takes them to market through our global security contacts. Our advisory panel includes some of the industry’s most respected and influential security experts; together, we deliver robust, cyber-resilient solutions for public and private sector organisations worldwide. The Security Circle works closely with a number of key partners, including The City of London Police and Napier University’s Cyber Academy, helping to reduce economic and corporate cyber crime throughout the UK and Europe delivering specialist courses in cyber security for businesses and financial institutions.
This product and services brochure highlights our best-of-breed technologies and training courses, all of which have been carefully selected and rigorously tested in the relevant industries to ensure they exceed expectations.
The threat landscape for organisations is changing rapidly, we are here to help.
_03
_04
Cyber Essentials is aligned with the primary objective of the UK Government’s National Cyber Security Strategy, which is to make the UK a safer place to conduct business online by building a resilient and secure cyberspace.
It was launched on 5 June 2014 with the aim of helping organisations of all sizes measure their defences against common forms of cyber-attacks. Cyber Essentials was developed in conjunction GCHQ and offers a sound foundation of basic hygiene measures, identifying some fundamental sound technical security controls that an organisation needs to have in place and can potentially build on to help defend against cyber threats.
Seric recommend organisations adhere to the guidance given in the Cyber Essentials Scheme, which is suitable for organisations of all sizes. Accreditation should also be an ongoing requirement of the supply chain, forming a reasonable part of any organisational security process.
Businesses, public and private sector organisations and other institutions hold personal data, provide services and operate systems in the digital domain. The connectivity of this information has revolutionised every aspect of the way organisations operate. But with this technological transformation comes the responsibility to safeguard the assets which organisations hold, maintain the services they provide and incorporate the appropriate level of security into the products they sell. Consumers and society at large expect businesses and institutions to take all reasonable steps to protect their personal data and build resilience - the ability to withstand and recover - into the systems and structures on which they depend. Businesses and organisations must also understand that, if they are the victim of a cyber attack, they are liable for the consequences. These liabilities are due to increase considerably when the new GDPR (The General Data Protection Regulation of the EU) comes in effect in 2018.
Cyber Accreditations
The level at which the Government views the importance of cyber security is clear; since October 2014, the UK government has required all suppliers bidding for certain sensitive and personal information handling contracts to be certified against the Cyber Essentials scheme.
The Scottish Government has a similar arrangement for certain contracts but has also widened out Cyber Essentials as a soft requirement on many more tenders: although not mandatory, firms can gain a higher score by being accredited. As of January 2016, The Scottish Investment Bank announced that firms without Cyber Essentials Accreditation would no longer be able to borrow funds.
The certification is available in two stages, Cyber Essentials (Stage 1) and Cyber Essentials Plus (Stage 2). Both levels of award are assessed against the Cyber Essentials requirements; however Cyber Essentials Plus gives a higher level of assurance as a number of onsite tests are carried out. The scheme covers five key areas:
• Secure configuration
• Boundary firewalls & internet gateways
• Access control & administrative privilege management
• Patch management
• Malware protection
The vast majority of cyber attacks use relatively simple methods to exploit basic vulnerabilities in software and computer systems. There are tools and techniques openly available on the internet which allow even low-skill actors to exploit these vulnerabilities. Properly implementing the Cyber Essentials scheme will protect against the vast majority of common internet threats.
Seric is an Accredited Cyber Essentials Certification Body and all its engineers are Approved Cyber Essentials Practitioners.
Seric can also take clients through to ISO 27001 accreditation.
“Last year, the average cost of breaches to large businesses that had them was £36,500. For small firms the average cost of breaches was £3,100. 65% of large organisations reported they had suffered an information security breach in the past year, and 25% of these experienced a breach at least once a month. Nearly seven out of ten attacks involved viruses, spyware or malware that might have been prevented using the Government’s Cyber Essentials scheme.”
2016 Government Cyber Health Check and Cyber Security Breaches Survey
_05
Cyber Security Audit
Businesses are open to a wide and ever increasing range of cyber attacks.
Often unaware of the full scope of these risks or where best to start mitigating them, the result is that company boards rarely afford oversight to IT and Cyber as they would in normal financial management.
Seric recognises that organisations need support to scope and properly contextualise their cyber risk and have developed a range of Cyber Audit and Cyber Assessment Services in response.
AuditThe first premise of our approach is that Security is a big topic, it is far more than just IT. Security is physical, it is people; it is not just data and applications. Crucially, security is not an issue just for the IT department.Seric will make a broad analysis of the current organisational risk and work with that organisation to help align the risk posture, establishing the gaps that need to be addressed by an appropriate combination of training, process change and technology. We believe that benchmarking oneself is the first logical step for any organisation seeking to shore up their security risks.
A Holistic ApproachOur approach is in two parts, firstly to make an assessment of the cyber security risk against an open security standard. Secondly, we make a multiple perspective measure of data leakage by examining the levels of leakage internally, externally and at where the endpoint meets shadow IT.
Seric’s approach to Governance, Risk & Compliance (GRC) is to report on the current risk position of the organisation as compared against a leading open standard measure in Security. This is coupled with a multi-layered DLP (Data Loss Prevention) assessment through our Listening Services.
Listening Services
• Listening In - Assessing Servers and Network traffic
• Listening Out - Assessing Information in the Public Domain and Dark Web
• Listening Around - Assessing Demonstrable Compliance and Insider Threat
Prevention is ideal, but detection is a must. Organisations should prepare for when a breach occurs, since in all likelihood a breach will, or indeed may, have already occurred. The risks presented by a leak need to be understood. Having a proactive view of such risks will certainly have its advantages when the forthcoming GDPR (General Data Protection Regulation) arrives in May 2018. A breach missed internally can still be detected externally, thereby giving organisations a head start on remediation; tactically as well as financially. Any such financial risk in this area is presented both in reputational brand damage and the more direct financial impact of fines currently levied by organisations like the Information Commissioner’s Office in the UK.
Service ApproachOur services are delivered using Seric Implementation Methodology (SIM), which is aligned to Prince2 best practice. We protect enterprises by increasing their risk understanding. This means building a stronger understanding of the overall operational risks - service risks, resource risks and technology risks - into business and IT processes, including the technology infrastructure.There is an exponential growth of data center transformation, virtualisation, mobility, social business and attack sophistication. To address risk mitigation in this context, organisations need to be able to make fast decisions surrounding their overall risk management health and this can only be achieved in the context of a well-documented and clearly understood technology landscape.
SERICSYSTEMSTechnology success: delivered
_06
The world renowned Cyber Academy at Napier University has been awarded GCHQ accreditation for its MSc Advanced Security & Digital Forensics. The programme delivers in-depth knowledge and practical skills in security, investigation and incident response and forms the basis for many of the Academy’s short courses.
Capitalising on this expertise, The Security Circle - in alliance - with the Cyber Academy, has developed a comprehensive programme of Cyber Security Training Courses. The courses cover all of the relevant threat and knowledge that companies and organisations need to know to keep themselves as safe as they can be.
Accessible for single delegates to attend on a half-day basis in Glasgow, Edinburgh, Aberdeen and London, our courses can be tailored to specific business requirements.
Cyber Security Training
Our team spend time listening to how a particular business works, evaluate their workplace and then deliver a training solution that is designed to benefit their specific business needs and requirements.
Our programme currently consists of:
• Digital Threats and Due Diligence for Business
• The Insider Threat - Employees and Contractors
• Data Loss Prevention (DLP) and Data Loss Detection (DLD) Masterclass
• Incident Response & Disaster Recovery Masterclass
• Employee Training - Keep your Business and Data Safe
• Online Reputation for Businesses
• OSINT - Learn How to Truly Search the Internet
• CPD for Solicitors
_07
Digital Investigation:
The underpinning knowledge of network infrastructures and potential threats to enable proactive and effective threat management and incident investigation.
Advanced Digital Investigator:
Consolidating underpinning knowledge with simulated and real life scenarios for deep understanding of digital evidence and use in investigative situations.
Digital Forensics:
The skills, methods and tools for investigating and securing evidence on criminal behaviour or intruder attacks. We are an EnCase Centre of Excellence.
EnCase:
Introductory, intermediate and advanced training for law enforcement and security professionals in applying the industry standard tool to real digital forensic scenarios.
Penetration Testing & Cyber Attack Simulation:
Testing resilience and responsiveness through live training exercises based on real-life threat scenarios.
Encryption:
Tools and techniques for secure data management and information sharing in the context of data leakage and information threats.
Cyber Security Courses for Financial Services
The Security Circle - in alliance with the world renowned Cyber Academy at Napier University - offer a
range of specialist courses in cyber security for businesses and financial institutions. Through practical
training on real-life scenarios, we give cyber professionals the skills, tools and confidence to design and
deliver effective security management and incident response protocols, with a deep understanding of
different network environments.
We deliver bespoke training in areas including:
Data Loss Prevention:
Understanding the main risks and threats to customer and business data and giving the skills and knowledge needed to prevent data loss.
Network Architecture:
Giving an in-depth knowledge of public and private web infrastructures and their interaction with business and consumer systems.
Investigating DDoS:
Capture, Storage and Analysis of DDoS attacks using a range of logs from web servers and networked devices, and tools including Wireshark, Snort and Splunk.
Big Data in Cyber Security
Analysis of data logs to identify patterns and anomalies for threat detection, and how to use feature selection and machine learning to speed up response times and effectiveness.
Software Programming & Engineering:
Design, development, implementation and integration across platforms for secure systems architecture and software applications.
Executive Master Class:
Giving senior managers the key insights and analysis to make informed decisions about investment in digital security from a business perspective.
Digital Risk:
Helping technical or non-technical managers to identify and mitigate their main risks, and create a prioritised action plan for addressing them.
Secure Online Trading:
Standards for secure eCommerce and customer data management, giving consumer confidence in digital encryption and secure online transactions.
Cybercrime Legal Landscape:
Current considerations in terms of business obligations, how the law supports businesses online, and any pitfalls to avoid.
Digital Evidence for Solicitors:
This course will focus on introducing digital evidence to solicitors, advocates, paralegals and other professionals working in related functions.
Cell Site Analysis Workshop:
Providing details of how mobile networks work and hands-on experience of activities undertaken to progress a digital forensics investigation.
The Cyber Academy’s Virtual Security Operations Centre allows real-life training in a sandbox environment, using real-life threats and simulated attack/response scenarios to test security procedures and protocols, and to develop skills
_08
As a specialist advisor, Seric supports organisations in assessing cyber risk as part of the Due Diligence process.
Cyber Due Diligence is playing an increasing role in the deal making process, assuring investors that they are executing a deal with their eyes wide open; fully cognisant of the risks and safe in the knowledge that proper controls and management is in place or at least that gaps are fully understood. Deal makers and investors are now waking up to the significant and disproportionate risk presented by IT and cyber in particular and appreciate that in any time constrained situation with high stakes, clear guidance is required.
Clear GuidanceDue Diligence should afford an investor the best possible appreciation of their risks, should the deal go ahead. Seric provide clear recommendations to clients as we assess what is - and what is not in place - from a people, process and technology perspective. This information aids collective understanding and provides points of negotiation for presentation to the seller and a plan of action for post-completion.
No SurprisesOur approach is to ensure all possibilities have been covered in terms of key Cyber Security measurements. Seric uses its own series of standard assessments centred around Critical Controls but which vary based on the time available, the size and sector of the organisation and are weighted toward the trading behaviour; be it B2B, B2C or both.
Private Equity Cyber Due Dilligence
Once the deal is complete the post deal investment begins, dealing with the RAG reports and Gaps to shore up that risk. This is why Seric make a broad analysis of the existing organisational risks and establish the gaps that need to be addressed by an appropriate combination of training, process change and technology.
Expedient ApproachThe more time is invested on Due Diligence, the more accurate the assessment will be. However, there can be many time constraints in play during the deal making process and time on-site is often limited. Seric’s methodology maximises what can be extracted to deliver the most accurate assessment in the time available. We employ pre-visit questionnaires, a clear interview strategy and a tight reporting process around how we deliver our Cyber Due Diligence, allowing our dedicated team of experts to fully support the deal making process.
_09
If your organisation doesn’t have one already, a CISO (Chief Information Security Officer) is the senior-level executive in a business who is responsible for ensuring that company data and technologies are protected.
CISOs are in growing demand but are generally the preserve of larger organisations. SMEs usually do not have the resources for CISOs but the need for their combination of commercial acumen and technical knowledge is just as great.
CISOs typically manage all matters in the business relating to cyber security, disaster recovery, business continuity, compliance, identity and access management. They respond to incidents, establish appropriate standards and controls, manage security technologies and direct the establishment and implementation of policies and procedures.
The Security Circle recognises that SMEs need CISO expertise but may not have the resources for a full time, permanent role. That’s where CISOS on Demand comes in, providing CISO expertise on a project or part time basis to fulfil all the tasks usually undertaken by a full time Chief Information Security Officer. The Security Circle’s team of CISOs have all worked at executive level in a variety of national and international organisations and bring the expertise needed by SMEs to help create an accountable, security conscious business culture alongside a technically robust and secure security infrastructure.
CISOs on Demand
The key value provided by a CISO is in the role of business leadership. CISOs bring far more to the table than just a specialty in technology, CISOs have a broad and deep perspective on risk and how to enable the business while minimising that risk. As such, CISOs must drive the information technology and security education of the workforce, ensuring collective understanding and action with respect to information security. A good CISO is a great business enabler.
_10
Information is the new global currency and with data breaches and cyber crime on the rise, the new GDPR (The General Data Protection Regulation of the EU) places the protection of user information at the heart of any organisation.
GDPR is a new regulation designed to enhance data protection for EU citizens by helping regulate data protection measures within the EU, as well as data accessed by EU citizens within non-EU organisations. It is the long awaited EU response to the outdated Data Protection Directive (DPD) and comes into force on May 25 2018. Despite Brexit, the UK government has confirmed that it will adhere to the EU GDPR so it is important that businesses understand the new legal framework and are ready to adhere to it from day one.
In order to enhance data protection for EU citizens, the GDPR implements the following high level controls:
• Expanded territorial scope
• Single set of rules for EU member states
• Organisational responsibility and accountability
• Explicit consent requirements
• Subject access requests
• Right to erasure for user data
• Data breach notification requirements
• Appointment of a Data Protection Officer
GDPR General Data Protection Regulation of the EU
Expanded territorial scopeThe GDPR will apply to both organisations (data controller/processor) and data subjects (users) based in the EU, as well as non-EU organisations that process or control EU citizens’ personal data. Personal data is defined with a rather large scope, including a user’s name, social media posts, banking information and IP address. The GDPR does not, however, cover personal data processed for investigations by law enforcement or national security agencies.
Single set of rules Each EU member state will be appointing a Supervisory Authority (SA); the regulator of all things GDPR. The SA will attend to complaints and investigations based on the GDPR and sanction any offences.
Organisational responsibility and accountabilityOrganisations will be required to ensure that they are adhering to the GDPR. It is each organisation’s responsibility to audit their practice to ensure that they are incorporating privacy by design and data protection by default. Organisations must also keep true to the original purpose(s) for which they have collected user data. On top of these responsibilities, organisations exporting data to third countries must also ensure that the country in question can ensure adequate privacy and protection measures.
_11
Explicit consent requirementsIn order to process personal data, organisations will be required to gain consent from data subjects. This consent must be renewed every six months. Proof of consent will be required, as well as proof that the user was well informed and gave their consent of their own free will.
Subject access requestsUsers of an organisation’s information services will be able to create subject access requests (SARs) to find out just how much of their personal data is being stored and used by an organisation. Data controllers will need to respond to SARs within one month of receipt, without undue delay.
Right to be forgotten (or erasure)Data subjects have the right to be forgotten and have their data erased from the data controller’s infrastructure if they withdraw their consent, if they object to the data being stored - based on legitimate grounds, of course, if their data is no longer necessary to the purpose for which it was collected, or if the organisation’s data processing methods do not comply with the GDPR.
Data breach notification requirementsData controllers must notify their Supervisory Authority of a personal data breach within 72 hours after detection, where feasible. Data subjects must also be informed of any breaches of their personal data.
Appointment of a Data Protection OfficerIf an organisation’s core business focuses on the gathering and regular, systematic monitoring of personal data, they will need to appoint a Data Protection Officer (DPO). The DPO will also have oversight of data protection impact assessments. DPIAs are a necessity if there are inherent risks to the rights and freedoms of data subjects.
The implementation of the GDPR provides a great new opportunity for an organisation to enhance its information security practice from technical, governance, and legal perspectives. It’s time to get proactive and review all of your organisation’s activities where they involve the collection, processing and storage of user data.
The Security Circle’s products and services can take your business through every stage of the process to becoming GDPR compliant. There is no doubt that with increasing concerns about data breaches and cyber crime, the new rules and standards for businesses holding data is essential to restoring consumer trust and will set a new benchmark in data handling.
The penalties for failing to comply with GDPR are severe - up to 4% of annual global turnover or 20 million Euros, whichever is higher.
_12
Designed in conjunction with a US based team of experts, Bowater’s approach to identity provides both government and corporate organisations with secure identity credentials that are extremely easy to use, but exceptionally secure on all levels.
A good example of how we can apply our full technology stack to provide a complete solution to a specific problem is the work we have done for a US based organisation. This customer needed a secure ID card that included both physical and digital multi factor authentication:
• Enhanced Visual Security – using the BowaterHologram™ - the world’s most secure hologram in its enumerated form, provided as a complete overlay to prevent tampering with the information on the card.
• Public data authentication – to enable the public to verify the identity of the bearer easily and without special technology using any smartphone barcode scanner in additional to the hologram.
• Private data authentication – to enable officials to access confidential information on the card without risk to security or unauthorised access of the confidential data.
The BowaterHolotronic®
Security Card
• Emergency medical information – accessible by emergency medical technicians in the event of the bearer being involved in an accident.
• Inter agency operability and authentication – enabling agencies to trust the identity cards of members from other agencies or organisations using the BowaterHolotronic™ Security card. This is considered to be a key function by our customer.
• Data and record management – to ensure that the information on the card is accurate and up to date.
• Card management and replacement – to streamline the process and ensure that it is robust, as well ensuring that the cards are replaced regularly to ensure their security.
Having looked at the, market, the customer chose Bowater as the only provider that could deliver on all of its requirements. As well as benefitting from Bowater’s full technology stack, the customer also asked us to develop some additional and advanced ID Security functions which must be kept confidential.
_13
Having launched its range of solutions in 2015, Bowater has proven its technologies to be amongst the most advanced and robust available.
The company’s core technology, the BowaterHologram™, is the most advanced form of hologram available on the market for several reasons:
1. It is at the point of publishing this document the only commercially available real colour, 3D, volume hologram available on the market.
2. When serialised, it is the only hologram commercially available in industrial quantities that has unique serial number embedded in the hologram at the point of manufacture.
3. The equipment and know-how used to manufacture the BowaterHologram™ was developed in secret and remains a secret. We will not ever share, license to third parties or make this knowledge commercially available.
When fully integrated with digital, mobile and other technologies, the level of security which Bowater customers enjoy is unparalleled.
As well as the Identity security market, where Bowater has established itself with a number of high profile customers, the combination of technologies deployable by Bowater is attracting customers in areas such as:
Bowater Authenticated
1. Qualification certificates – to counter the growing problem of qualification, fraud that costs both money - and in the case of medical qualification fraud - has cost lives.
2. Education competence credentials – that combining the security of the ID solution with the ability to track and manage qualifications in industries where this is increasingly important, such as aviation.
3. Tax stamps – to enable tax authorities to have greater control over their tax stamp programmes with both enhanced audit trails and our investigation apps.
4. Consumer Goods – to protect both brands and their customers from the global drain on legitimate business of counterfeiting and parallel trade.
5. Foods and Pharmaceuticals – to help brands comply with new legislation and protect patients from the massive problem of counterfeit drugs.
6. Ticketing – to add additional security to event ticketing and reduce the risk of ticket touting, providing a safe secondary ticket market.
In addition to the security element of the solutions, Bowater’s solutions also provide additional value with functions that include consumer engagement, track and trace, inventory management, data capture and a growing number of others.
_14
End-to-End Encrypted Speech, Messaging & File Sharing
The only App that protects from IMSI Catchers & Man-in-the Middle Attacks Smartphones are becoming increasingly subjected to silent attacks. Users are unaware that their device has been infected and no antivirus can detect these threats.
The Number 1 weakest security link for businesses are mobile devices.(CyberEdge Group)
Most organisations are unaware that the single biggest threat to their network security now comes from smartphones. SMS attacks, SMS fraud, identity theft and the use of IMSI catchers are on the increase, providing cyber criminals with ready access to personal and business data.
With the growth in BYOD - employees using their own mobile devices for work - and a lack of protection on corporate supplied devices, businesses are highly vulnerable to a data breach. Smartphone hacking software is readily available online, allowing fraudsters and hackers to unlock smartphone passwords, access sensitive data and breach an organisation’s IT security.
VERJI SMC Encrypts mobile communication and protects against hacking attacks
The benefits of Verji are:
• Secure voice calls using SRTP end to end encryption
• Secure messaging using 256 AES end to end encryption
• Protection against SMS based attacks, including silent SMS attacks
• Protection against attacks using Fake Cell Towers
• Buy as a hosted solution or have a dedicated in house server
• Easy to install and no training needed to use
• Can be branded with company logo
• Available for Android, IOS & Android compatible Blackberry
Winner at the European Cyber Security & Privacy Innovation Awards for Best ICT Security Innovation 2014
Rosberg are proud to be a MobileIron Approved Partner and the Verji SMC App can be deployed through the MobileIron Platform.
_15
WhatPassFort is the first company to develop Client Lifecycle Management (CLM) software in the cloud that regulated businesses of all sizes can use to automate, measure & improve customer onboarding and risk assessment processes. We empower compliance teams by enabling them to spend less time information handling and more time decision-making.
WhyCompliance analysts spend only 10% of their time on Decision-Making and Analysis today. 75% of their time is spent on Data Collection and 15% is spent on Data Processing & Management.
That means a compliance officer is spending over 90% of their working time on tasks that could be automated. It also means that close to 90% of your people expenditure generates little to no ROI. Time and money is being wasted on a monumental scale. Businesses are left wholly unprotected.
HowPassFort CLM combines two custom-built and proprietary technologies to offer a solution to this problem.
PassFort Client Lifecycle Management Software in the Cloud
PassFort Engine allows businesses to automate the Data Collection, Processing & Management of customer onboarding. These pre-integrated building blocks are supported by our unique stage-driven design and consist of customisable verification, risk management and decision-making stages.
PassFort Identity enables consistent and auditable decision-making processes so that compliance teams can handle exceptions, alerts and notifications generated by the PassFort Engine. We’ve developed tooling to enable compliance teams to effectively collaborate on customer data and evidence why particular decisions have been made.
SummaryPassFort CLM is designed to help businesses adopt an “always on” compliance mindset. By automating information handling and providing tooling to empower compliance decision-makers, we enable businesses to deliver better customer experiences and grow.
_16
ZoneFox is a next generation software product that allows customers to monitor all user interaction with critical data stored on computer systems within their network.
Streamlining Your Security Processes
Enterprise-wide protection. 360° visibility. All via one pane of glass.
ZoneFox takes a refreshingly di fferent approach to protecting your business-critical data. We follow it. Zonefox tracks data movements within the organisation, recording the actions performed against it, from someone attaching it to an email, to copying to a USB stick. Zonefox analyses these actions, monitors compliance to the organisation’s security policy and related rules, and alerts when policy breech occurs.
Comprehensive Insider Threat Detection & Behaviour Analytics
ZoneFox combines an astonishingly lightweight agent on your endpoints along with powerful analysis capabilities - and then swiftly delivers robust security, total visibility and the flexibility that your business needs, minus the usual headaches.
ZoneFox Monitor. Detect. Protect.The next generation Insider Threat Detection Platform
ZoneFox helps prevent the insider threat by giving you all the benefits you’d expect from a smart security solution:
• Helps protect your IP – priceless.
• Helps protect your customer data.
• Stay on the right side of the law as far as compliance goes.
• You get out-of-the-box visibility – in other words, it’s quick to set up and start monitoring.
• You can see what’s happening at a glance, from a single pane of glass, 360°.
360° Visibility Around Key Information
• ZoneFox delivers detailed reporting capabilities so you can see what’s going on with your business - critical data.
• It automatically detects when there’s risky behaviour going on.
• Alerting you straight away via sms, email, or direct via the interface - however you like it.
• You can see in real-time where your data is going, and where it’s leaving from, so you can take decisions around whether or not you need to take action.
• And if you want, you can see everything that’s happening on an endpoint in the order it’s happening.
• Because Zonefox doesn’t capture content, you don’t run the risk of violating privacy.
_17
Looking for the highest level of security for your data while utilising the fastest USB 3.0 speeds? The iStorage diskAshur® military grade secure portable hard drive with real-time XTS-AES 256-bit hardware encryption is the ultimate secure data storage device with capacities of up to 2TB.
The diskAshur is FIPS PUB 197 validated and seamlessly encrypts all data on the drive in real-time using 100% hardware encryption, keeping your data safe even if the hard drive is removed from its enclosure.
Secure USB 3.0 Portable Hard Drive
With real-time XTS-AES 256-bit hardware encryption, software free design and a super speed USB 3.0 connection, the perfect blend of security, durability & speed.
No other secure flash drive can offer you super-fast USB 3.0 speed, 100% data protection, ease of use whenever, wherever, on any USB device like the ultra-secure datAshur Pro can!
With no software or drivers required, the datAshur Pro’s advanced security features include read-only access, auto-lock, timeout lock and brute force protection, delivering complete data security and guaranteeing 100% protection of your data at all times.
Super-Fast, Ultra Secure USB 3.0 Flash Drive
PIN activated iStorage datAshur Pro flash drive with built-in military grade XTS-AES 256-bit hardware encryption.
Looking for the highest level of security for your data while utilising the fastest USB 3.0 speeds? The iStorage diskAshur DT® military grade secure desktop hard drive with real-time XTS-AES 256-bit hardware encryption is the ultimate secure data storage system with capacities of up to 8TB.
The diskAshur DT is FIPS PUB 197 validated and seamlessly encrypts all data on the drive in real-time using 100% hardware encryption, keeping your data safe even if the hard drive is removed from its enclosure.
Secure USB 3.0 Desktop Hard Drive
The world’s first PIN operated desktop hard drive with built-in hardware encryption and capacities of up to 8TB.
READYNLNCSA Level 2
Pending CertIFcations
Certified Product
3.0
_18
Introduction:The growing complexity of superyachts in this age of the Internet of Things (IoT) means the industry is relying more and more on Information Communication and Technology (ICT) to optimise yacht performance and operations. Vessels are being connected with services provided from shore-side networks via the internet to enable and improve essential maritime operations such as navigation, propulsion, security and communications. These systems are all vulnerable to cyber attack, threatening the safety of the vessel and crew and the security of the data belonging to the superyacht and its owner.
Many owners and vessels are therefore vulnerable to attack and will not have applied suitable rigour to protect the confidentiality, integrity and availability of their on-board systems and data. The Threat is Real:In 2013, the 65m yacht, White Rose of Drachs, wassteered off course, without the crew being aware,whilst sailing from Monaco to Rhodes.
Superyacht Cyber Security
Superyacht Cyber Vulnerabilities:
• Control systems attacked, disabling the yacht
• Navigation interference: ECDIS, GNSS, AIS
• Ransom demand after data encrypted
• Covert surveillance of communications
• Exposure of private photos or video
• All communications blocked
• Theft of personal data
• Attack from drone platform
Cyberprism Maritime provides a holistic range of bespokecyber services to protect maritime platforms from cyberattack and ensure the confidentiality, integrity andavailability of critical information, data and systems. We leverage an unparalleled expertise in maritimesecurity and cyber technologies to audit on-board systemsand identify threats, offer a remediating action plan toremove vulnerabilities, and then deliver a uniquemaritime cyber protection package (Yachtguard™ andMarinaguard™) to protect and assure 24/7. Our team is a unique blend of military maritime securityprofessionals and nationally renowned cyber and digitalforensic experts. We blend government level securityexpertise with the nationally acclaimed technical outputof Warwick and Plymouth’s maritime cyber researchunits.
_19
LONDON43 Berkeley Square, Mayfair, London W1J 5AP, UKT: +44 207 887 2618
GLASGOW272 Bath Street, Glasgow, G2 4JR Scotland, UKT: +44 141 278 6422
DUBLIN3 Park West Road, Park West, Dublin D12DH93, IrelandT: +353 1 453 3108
ZURICHChurerstrasse 98, CH-8808 Pfäffikon/Schwyz, SwitzerlandT: +41 (0)55 511 5100
www.thesecuritycircle.com November 2016
