MANAGEMENT

The need for organisations to include information security as standard practice is vital for their continued success and operational stability. Failure to implement a framework based on the core principles of information security is something businesses today can ill afford to do. Protection of critical data and ICT assets is paramount to ensuring businesses can operate and grow in today’s connected world.

Asterisk offers the following security management solutions

  • Development of an information security strategy to assist businesses in achieving their long-term goals through the implementation of key information security components
  • Implementation of risk and information security management processes to address issues in a structured manner
  • Deployment and management of controls, both technical and administrative, to protect company assets and direct staff behaviours
  • Provision of security intelligence or awareness of current information security threats and trends

Asterisk will work with key stakeholders to develop an approach that suits the needs of the business. This can be achieved either through the assignment of resources to provide ongoing management services or in the delivery of specific components applied through tailored engagements.

For more information please contact us

Download our Case Study here
Download our Incident Response brochure here

ASSESSMENT

An organisation's Internet-facing systems are subject to a near-continuous barrage of digital assaults from Internet-based threats including malicious hackers, organised criminals and issue-motivated groups. Similarly, internal systems may be subject to attack from compromised laptops and workstations, business partners or insiders acting beyond their authority.

These threat agents may have a variety of motivations for attacking systems which may include gaining unauthorised access to sensitive data, website and/or brand defacement, distribution of malware, denial of service or perpetration of fraud. A successful compromise could result in business impacts that may include reputational damage, negative publicity, loss of customer confidence or financial impacts including lost operating revenue, costs to ‘make good’ or fraud write-offs.

To reduce the likelihood of a system compromise, systems should be regularly subjected to technical security assessment to ensure that any vulnerabilities within the systems are identified proactively and remediated before they can be exploited by an attacker.

Asterisk offers the following assessment and testing solutions:

  • Conduct vulnerability assessments of network, host, web based services and applications
  • Examination of security controls by conducting penetration testing activities
  • Presentation of findings in a clear and easy to understand format, allowing for quick and effective mitigation of potential risks

Asterisk aims to provide pragmatic recommendations, taking into account the severity of identified issues, operational context of the target system, placement of the system in an organisation’s business processes and the context of these issues in relation to the broader risk management framework, in addition to an organisation’s risk appetite.

Asterisk is also a member of CREST Australia (the Council of Registered Ethical Security Testers). CREST aims to provide client organisations with assurance that security testing providers behave ethically and perform security testing repeatably and to a high standard.

For more information please contact us

Download our Security Testing brochure here
Download our CREST Approved brochure here
Download our Case Study here

ARCHITECTURE

Organisations rely on an increasing number of software applications to help deliver services effectively to their customers. These applications may range from internal, off the shelf HR systems to fully customised, Internet-facing eCommerce solutions. Often the security qualities of these applications are not well understood and may lead to compromise, potentially impacting the reputation of an organisation as well as its finances and operations.

Unfortunately there are no clear standards for assuring the security of these applications, regardless of whether they are internally built, commodity off the shelf or bespoke built by a trusted vendor. What is commonly understood is that the expense of mitigating security vulnerabilities costs more later in the development cycle.

To reduce the likelihood of application flaws leading to compromise, Asterisk offers the following auditing and compliance solutions:

  • Perform compliance testing against applicable industry regulations
  • Current state assessment of hardware and software controls to determine suitability
  • Review of network topology, highlighting issues that could result in unwanted exposure to external or internal threats
  • Configuration review of key security assets to determine alignment with vendor best practice

Each of these activities builds upon different ‘best of breed’ methodologies and can be delivered in a number of different ways depending on the unique requirements of an organisation or business unit.

For more information please contact us

INFRASTRUCTURE

Asterisk has built a solid security infrastructure business to complement its security consultancy business. Asterisk consultants have a long track record of successfully deploying security projects. As a result, customers and vendors have a high level of confidence and trust in our delivery capability.

Asterisk has proven its capability as a supplier of IT security technology to large mining and resources customers, commercial customers and government.

Due to our experience and understanding of the rapidly changing nature of security technology it is Asterisk’s preference to work with our customers in a consultative manner to ensure that customers are able to select the appropriate technology for their requirements.

Asterisk is able to provide advice on product capability and optimal deployment configuration of product components to ensure that when customers are ready to procure they understand what they are ordering, how it fits in their environment and what functionality they will receive.

Asterisk consultants are experienced with implementing technical solutions across a broad range of security solutions including:

  • Data Loss Prevention
  • Current state assessment of hardware and software controls to determine suitability
  • Review of network topology, highlighting issues that could result in unwanted exposure to external or internal threats
  • Configuration review of key security assets to determine alignment with vendor best practice

Each of these activities build upon different ‘best of breed’ methodologies and can be delivered in a number of ways depending on the unique requirements of an organisation or business unit.

For more information please contact us

Download our Maturity Assessment brochure here
Download our Security Incident and Event Management brochure here
Download our Vulnerability Management brochure here
Download our Case Study here

EDUCATION

Education and awareness campaigns, along with workshop sessions and presentations, can provide great platforms for engaging your stakeholders on security related topics. These services also include additional organisation-wide benefits such as generating publicity for company policy requirements and secure usage of technology.

Asterisk consultants are experienced in public speaking and have delivered presentations and workshops on a variety of security topics including secure software development, web security and exploitation at numerous local security and non-security events

For more information please contact us