Case Detail

Providing The Full Spectrum of Cyber Security Defenses; Identify, Protect, Detect, Respond and Recover.

Electronic Document & Records

Private memos, letters, diplomatic communications, strategic plans and roadmaps, are some of the many official documents found insecure in various organizations. Cyber Gate Defense security experts designed, developed and managed the rollout of an Electronic Document and Records Management system (EDRM) for a large bank. Our consultant provided advice and support during the development of a customized information handling model that safeguarded information flow between authorized users/systems.

The model also prevented information to flow to unauthorized users/systems. Digital watermark technology was used to help identify key words in the process. A baseline for data security and the requirements for a standard user were identified. In addition, an access control level database was designed to integrate with Active Directory. This solution ensured that information was labelled and classified. Access was only restricted to authorized users.

Information Security Risk Management

Working within an Oil & Gas company, Cyber Gate Defense Consultants developed a cyber security framework aligned with, and prioritized, according to client business needs. A simple risk assessment that looked at the operational environment was conducted in order to determine the likelihood of a cyber-security event and the impact that the event could have on the organization. Detailed risk assessments on individual facilities however follwed once the framework has been developed. This step enabled the project to build the business case for the framework and act as a reference point when prioritizing security controls, implementation, milestones and enable the business to answer ‘why are we doing this, what risk is it mitigating?” when new measures are challenged.

Cyber Gate Defense consultant formed a team to conducted a detailed risk assessment addressing physical and cyber security threats, internal and external threats and consider hardware, software, and information as sources for vulnerabilities. Considering all aspects of the client’s assets, including unintended changes in system configuration brought about by maintenance, temporary supplier connections to the system for support and even subtle changes in supplier design that could introduce new vulnerabilities through spare parts or upgrades, which should be considered and/or tested in the same manner as the original system components. We applied the methodologies documented in IEC 62443 series taking into consideration the client specific framework: Essentially the objective was to provide a repeatable process capable of determining and implementing the appropriate security requirements.