Information Security

We help transform information security from a source of fear, risk, and complexity to a source of strength, value, and competitive advantage.

Cybersecurity (Self-Learning AI Threat Intelligence)

Darktrace, a global leader in cybersecurity AI, delivers world-class technology that protects over 5,000 customers worldwide from advanced threats, including ransomware and cloud and SaaS attacks. The company’s fundamentally different approach applies Self-Learning AI to enable machines to understand the business in order to autonomously defend it. Headquartered in Cambridge, UK, the company has 1,500 employees and over 30 offices worldwide. Darktrace was named one of TIME Magazine’s ‘Most Influential Companies’ for 2021.
brain

"Darktrace is a game-changer. It allows us to remain resilient in a rapidly changing threat landscape.”

Key benefits:

Learns continuously ‘on the job’ and adapts in light of new evidence
Detects and responds to novel attacks and insiders before they do damage
Complete visibility across hybrid, multi-cloud, and IoT infrastructure
Installs in under an hour, requiring no manual tuning or configuration

Dark Web Intelligence Monitoring

Searchlight Cyber’s market-leading dark web investigation and monitoring tools are trusted by the world’s most forward-thinking law enforcement agencies, enterprises and MSSPs. The Cerberus and DarkIQ products equip governments, law enforcement agencies, as well as energy and financial service industries with an unmatched toolset of dark web intelligence and monitoring tools in their fight against criminal activity on the dark web.

data privacy _sample image_1@0.5x

Cerberus: The dark web investigation platform. Gather intelligence on marketplaces, forums, sites, individuals, and groups from the most comprehensive datasource on deep and dark web activity.

DarkIQ: The dark web monitoring platform, which continuously searches the deep and dark web for indicators of an attack against your organisation.

Security Awareness Training

According to Cybint, 95% of cybersecurity breaches are caused by human error, proving that cybercrimes consistently rely on the human factor to succeed. In 2018, 21% of breaches were due to employee negligence. We help ensure that your employees are empowered with a sense of awareness and understanding, necessary to handle information that must pass through security protocols, making them less prone to costly security incidents.
Why invest in Security Awareness Training?

Loss due to cybersecurity breaches and reputational damage cost companies millions every year while employee training cost is significantly less.

As cyberattacks increase, regulators such as the Payment Card Industry Data Security Standard (PCI DSS) are calling on specific industries to implement security awareness training.

As organisations adapt to new Work-From-Home arrangements, employees are no longer restricted to the confines of the corporate office. However, security awareness should also be maintained even from home. 

Awareness training in Social Engineering (such as scamming) is especially important if your organisation employs seasonal staff.

Training not only benefits the organization but also customers, suppliers and other entities they are linked to. In the world of cybersecurity, once one network is infected, the rest are just seconds away from facing the same fate. A trained workforce can make a difference.

pexels-tima-miroshnichenko-5380664@0.5x
Our Security Awareness Training programs include:
Step 1

Analyze

Step 2

Train

Step 3

Phish (Test)

Step 4

Review Results

Step 5

Targeted Training

Step 6

Execute

Risk Management Services

As your business evolves and grows, new risks inevitably emerge. For example, new technology applications can increase vulnerability, and moving platforms off-premise to the cloud can create new opportunities for hackers. Taking steps to modernise the business and introducing new technologies is necessary to drive growth, but you also must keep technology risk and security management in mind to identify and address potential threats and intrusions that come along with change.
  • Enterprise Risk Culture & Maturity Analysis
  • Risk Appetite Definitions & Key Risk Indicators (KRIs)
  • Risk Appetite Assessment & Statement Review
  • Board Level Reporting Review
  • Enterprise Risk Management Committee (ERMC)
  • Risk Acceptance Committee (RAC)
  • Regulatory Compliance Analysis & Response Assistance
  • Expertise in GRC Software Tools

 

  • Review of Risk & Control Self-Assessment (RCSA) Procedures & Use of Effective Challenges
  • Review of Risk & Control Language & Risk Register
  • Review of Inherent Risk (IRR) & Residual Risk (RRR) Ratings Scoring Methodology
  • Review of Control Effectiveness Procedures & Quality of Evidence
  • Assistance in Audit Preparedness
  • Policy Review and Gap Analysis of Internal Policies
  • Policy Mapping Against Industry Authoritative Sources such as NIST, CIS, ISO 27001/2, HIPPA, GDPR, & FISMA
  • Reviews include Validation of Internal Procedures w/Process Walk-Thru & Deep Dives
  • Review of Issues Management Procedures
  • Review of Issues Validation Procedures, Issues Descriptions & Remediation Plans
  • Improve Enterprise Risk Management (ERM) Function (2nd Line in 3 LOD Model)
  • Leverage Risk Management (RMF) & Cyber Security (CSF) Framework Implementations
  • Implement Strategies to Achieve and Maintain a High RMF Maturity Level
  • Identify Key Stakeholders and Achieve Buy-In for RMF Value Proposition
  • Achieve Greater Risk Management Awareness throughout the Enterprise
  • Reduce Risk Scores & Increase Overall Market Attractiveness
  • Policy Development
  • Policy Review and Recommendations

Continuous network monitoring and response activities, including the 24x7 NSOC monitoring and alerts, escalation management, security dashboard, SIEM, security SLA/SLO reporting and digital forensics.

pexels-anna-nekrashevich-6801869@0.5x

OneTrust is the #1 fastest-growing company on Inc. 500 and the category-defining enterprise platform to operationalize trust. More than 10,000 customers, including half of the Fortune Global 500, use OneTrust to make trust a competitive differentiator, implementing central agile workflows across privacy, security, data governance, GRC, third-party risk, ethics and compliance, and ESG programs.

The OneTrust platform is backed by 150 patents and powered by the OneTrust Athena™ AI. Our offerings include OneTrust Privacy, OneTrust DataDiscovery™, OneTrust DataGovernance™, OneTrust Vendorpedia™, OneTrust GRC, OneTrust Ethics, OneTrust PreferenceChoice™, OneTrust ESG, and OneTrust DataGuidance™.

OneTrust GRC enables risk, compliance and audit professionals to identify, measure, and remediate risk across their business to comply with internal rules and external regulations. OneTrust GRC is a part of OneTrust, the #1 most widely used privacy, security, and governance platform trusted by more than 7,500 customers and powered by 130 awarded patents.

OneTrust GRC is powered by the OneTrust Athena™ AI and robotic automation engine, and integrates seamlessly with the full OneTrust platform, including OneTrust Privacy, OneTrust Vendorpedia™, OneTrust PreferenceChoice™, OneTrust Ethics, OneTrust DataGuidance™, OneTrust DataDiscovery™, and OneTrust DataGovernance™.

OneTrust PreferenceChoice™ enables marketers and publishers to drive transparent user experiences, build trust, and comply with 100s of global data privacy regulations, including the CCPA, TCPA, CASL, and GDPR. OneTrust PreferenceChoice is the #1 CMP (according to AdZerk) and is an IAB-registered Transparency and Consent Framework (TCF) 2.0 vendor.

OneTrust PreferenceChoice is a part of OneTrust, the #1 most widely used privacy, security and governance platform used by more than 7,500 customers and powered by 130 awarded patents.

OneTrust Vendorpedia™ is the leading third-party risk exchange - a community of shared vendor risk assessments with 70,000 participating vendors and aggregated data from authoritative security, privacy, and compliance sources. OneTrust Vendorpedia is a part of OneTrust, the #1 most widely used privacy, security and data governance platform backed by 130 awarded patents.

OneTrust Data Privacy is designed to help you visualize the vast amount of data coming into your organization so you can proactively manage your data sprawl while ensuring compliance and honouring customer rights, choice, and transparency.

Go beyond compliance.

Deliver business value and build trust through transparency, choice, and control.

Trust Intelligence (including Data Protection Compliance)

Calibra’s partnerships with OneTrust and Data Privacy & Security Advisors (DPSA) LLC, provide consulting services and software solutions to:

  • Bring visibility, action, and automation to customer’s commitments across all Trust domains.
  • Help organisations build and maintain programs that feature universal privacy and security best practices and navigate the complex landscape of evolving global regulatory compliance.

From global privacy to industry-specific regulations, DPSA LLC provides businesses with compliance evaluation and technology-driven assessments to identify gaps, uncover risks, and target remediation efforts for the greatest impacts.

  • Benefit from data privacy and security expertise in the strategy, operation, and execution of global data protection programs.
  • Solve complex compliance problems.
  • Develop targeted Notices and Policies for your organisations based on applicable data protection regulations.
  • Conduct Gap Analyses, Impact Assessments or Risk Assessments.
  • Adapt quickly to the changing regulatory landscape.
  • Complete OneTrust Migration and Implementation.

Readiness Assessment (Deep Dive)

A holistic view of your organisation’s cybersecurity policies, procedures and overall security posture is needed to be able to effectively manage security risks associated with your business
Step 1

Security Policy

Step 2

Vulnerability

Step 3

HR Process

Step 4

Vendor Selection Process

Step 5

SETA Programme

Step 6

Threat Hunting

Our Deep Dive approach helps:

Determine whether your organisation is prepared to defend against cyber threats
Identify security gaps in order to minimise associated risks
Understand your organisation's strengths and weaknesses against varying security topics relevant to your organisation
Effectively communicate the security posture to the Senior Executive team and relevant Stakeholders
Week 1 - 2

Planning

Week 3 - 7

Implementation & Assessment

Week 8 - 10

Reporting & Documentation

Penetration Testing

Conventional penetration testing focuses on identifying and exploiting vulnerabilities in IT Systems by simulating attacks on a network or computer system to evaluate its security—with the permission of that system’s owners.

We partner with top international providers to help:

Reduce your risk of a cyberattacks
Prepare your applications for public launch
Evaluate your response to a breach
Reduce your risk for ransomware attacks
Determine if there has been compromise
Develop strategic plans to improve your security
Our Penetration Testing is derived from the SANS Pentest Methodology, the MITRE ATT&CK framework for enterprises and NIST SP800-115 to ensure compliance with most regulatory requirements. We employ a comprehensive approach (both automated and extensive manual testing), which includes Application Security Testing (web and mobile applications) and Objective-Based Penetration Testing.
Step 1

Recon & Mapping

Step 2

Discovery

Step 3

Vulnerability Assessment

Step 4

Exploitation

Step 5

Post Exploitation

Step 6

Reporting

Incident Response Handling

Services that identify, investigate and respond to potential security incidents in a way that minimises impact and supports rapid recovery. Services options include the following:

Information Security Architecture

If a hacker breaches one security measure, Mission Critical Assets (databases, devices, processes and applications that are essential to the day-to-day operations) are still protected by all subsequent layers. This concept is known as Layered Security or Defense in Depth.  The combination of multiple security controls slows and eventually thwarts a security attack.

Failure can result in an entire operation grinding to a halt with huge losses in revenue and reputational damage.  Are your Mission Critical assets protected?

CM2

The first line of defense at the outermost layer of the network and is the boundary between the company’s private network and the public network such as the internet. Data flowing in and out of the network is carefully monitored to prevent any potentially dangerous or unknown traffic that may constitute a threat based on a set of rules about the type of traffic and permitted source/destination addresses on the network.

At the network layer of the framework, protecting resources from unauthorized access and intrusion relies on encryption, intrusion detection and prevention systems, threat intelligence and malware analysis.

Focuses on endpoints or entry points of end-user devices such as desktops, laptops, mobile devices etc. It protects endpoint devices on the network from being exploited by malicious actors or in a cloud environment from cybersecurity threats.

Protects the network by controlling access to applications through authentication, authorisation, encryption, logging and application security testing.

The protection of data at different states such as DAR (data-at-rest), DIU (data-in-use), DIM (data-in-motion).  It also includes data classification, drive encryption and Public Key Infrastructure (PKI).

  • Policy Development
  • Policy Review and Recommendations

Continuous network monitoring and response activities, including the 24x7 NSOC monitoring and alerts, escalation management, security dashboard, SIEM, security SLA/SLO reporting and digital forensics.