Skip to content
PwnDefend
  • Base
  • Comms Room
    • Customer Feedback
    • Company Information
    • Security Management
  • Services
    • Consulting Services
      • Enterprise Security Posture Assessment
      • Cyber Security Assurance & Security Testing Services
      • IT Security Healthchecks
      • Active Directory Assessment Services
      • Managed Remediation Services
    • Emergency Cyber Incident Response Support
    • Our Success Stories
    • Partner Services
  • Blog
  • Privacy

Security Management

We pride oursleves in practising what we preach. To this end we wanted to at least give an indication as to how we operate. The nature of consulting services means we provide advice and guidance, we often will have access to customer sensitive data and during project activities we may have network and system access. This is a very high level view but we wanted to show that even with consulting services we have to govern and manage security.

Data in transit protection

We protect sensitive data with TLS 1.2 or greater protocols and leverage strong cipher suites.

Asset protection and resilience

We leverage hardened systems to conduct our business. Due to the nature of consulting work we separate our “lab” environment and our “production” environment.

Separation between users

Access controls are in place between users. We permission access to data and systems on a granular per project basis.

Governance framework

We conduct regular reviews of our security systems; we routinely wipe down environments to ensure they are “clean”.

Operational security

We practise good operational security (OPSEC) relevant to the line of business and nature of the project. We are security consultants, that doesn’t make us invincible, but we try to operate in a secure manner.

Personnel security

Staff and subcontractors are checked for references and where appropriate additional checks are conducted e.g., CB, SC clearance validation etc.

Secure development

We develop proof of concept and test applications in an isolated environment.

Supply chain security

We conduct due diligence on our service providers in line with the level of service. E.g., CSPs we ensure they are SOC2, ISO27001 etc.

Identity and authentication

Where available we leverage multi-factor authentication on systems. We use a least privilege model and have dedicated functional accounts (e.g., multi-account model)

External interface protection

We use firewalls and supplementary controls e.g., IDS/IPS systems to protect our networks.

Audit information for users

We leverage audit and logging capabilities to track information access.

Recent Posts

  • Making cyber security relatable to people
  • Cyber Leadership – Real Life Incidents over the years!
  • Hunting for common Active Directory Domain Services Exploitations
  • OMG The Cyber SKY is falling down!
  • The business ‘value’ of Cyber Investments

Recent Comments

  1. The Week in Ransomware – May 26th 2023 – Cities Under Attack - Shackle Media on The Manual Version 2.0
  2. The Week in Ransomware – May 26th 2023 – Cities Under Attack – Source: www.bleepingcomputer.com - CISO2CISO.COM & CYBER SECURITY GROUP on The Manual Version 2.0
  3. The Week in Ransomware - Might twenty sixth 2023 - Computer Depot | Best & Reliable Computer Repair - O'Fallon on The Manual Version 2.0
  4. The Week in Ransomware - Could twenty sixth 2023 - Anedejo on The Manual Version 2.0
  5. The Week in Ransomware - May 26th 2023 - Tech World4uu on The Manual Version 2.0

Archives

  • November 2024
  • October 2024
  • September 2024
  • April 2024
  • February 2024
  • December 2023
  • November 2023
  • October 2023
  • August 2023
  • May 2023
  • April 2023
  • March 2023
  • February 2023
  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • March 2020
  • February 2020
  • January 2020
  • October 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • October 2018
  • September 2018
  • August 2018
  • July 2018

Categories

  • Architecture
  • Breach
  • Company News
  • CTF
  • Defence
  • Defense
  • Education
  • Fiction
  • Getting into Cyber
  • Guides
  • Hacking
  • IOT
  • Leadership
  • News
  • OSINT
  • Reviews
  • Strategy
  • Threat Intel
  • Uncategorized
  • Vulnerabilities
Copyright (c) Xservus Limited