{Securing your business is our business}|
{Securing your business is our business}|
Inorganic growth had led to lot of employees and privileged users having higher access levels within applications and AD. The Group policies were not designed properly and as a result were not yielding the desired results and the AD was not configured securely.
Crysp conducted a security assessment of AD to identify security gaps. Crysp re-architected the group policy objects and hardened the server and AD. Crysp defined an Enterprise Application Access Model to ensure principles of Least Privileged Access were implemented. To ensure continued compliance, Crysp also defined access management process for employees and privileged users.
Lack of security controls in the IT environment and security culture within the organisation was resulting in voucher related fraud on the payment system. Foundational controls were either lacking or were not adequate.
Crysp conducted vulnerability assessment and penetration testing on the critical applications. As a result of this assessment, multiple critical gaps were identified. We provided a list of tactical and strategical initiatives that needs to be implemented to improve security maturity and managed the tactical remediation.The cases of fraud and breaches reduced over the period of time and the client had not had another payment-related fraud since the last 2 months’.
The acquisition of another company had resulted in inconsistencies in security policies and in the application of these policies. During the transition period, many security breaches were noticed resulting in unusual high-security risks.
Crysp conducted a risk assessment to identify policy gaps and inconsistencies within these policies. Crysp developed roadmaps to bring the new organisation in compliance with the security policies and standards. We managed this transition, defined and formalised consistent set of policies and also managed the remediation of risks. Crysp also conducted security awareness training and focuseddeep-dive sessions for the entire IT team.
Clients BC and DR plan was outdated and this was a high risk audit item. Client suspected that their existing BC and DR plan (draft) had not taken into account the new business and application landscape and would be of little help if in event of a disaster.
Crysp conducted workshops to determine RTO, RPO and MTD for critical applications. Crysp also conducted Business Impact Assessment workshops and assessed the recovery strategies of critical applications against risks. In line with this assessment, Crysp provided recommendations to enhance the recovery strategies and meet the business requirements. Crysp developed the DRP, defined roles and responsibilities and conducted DR simulations
The board of directors were worried about the security posture of their critical applications and network. Due to the sensitive nature of data they handle on a daily basis, the board wanted to understand their current security posture.
Crysp conducted an external web application testing and vulnerability assessment of their network devices, followed by a configuration review of their IDS and Firewall.Crysp also performed an Internal Network and Infrastructure penetration testing along with Social Engineering. Crysp provided a realistic view of their current security posture and provided remediation recommendations based on their risk appetite.
© 2024 Crysp Pty Ltd.
contact@cryspconsulting.com
Level 6 HWT Tower, 40 City Road,
Southbank, VIC 3006