IT SECURITY TESTING & ADVISORY SERVICES
General Security Consulting

OVERVIEW

Lateral Security's general security consulting is designed to provide clients with an onsite consultant or consultants to help with projects or any general IT security service requirement. This could include design work, technical testing, advisory or management of a team or project delivery.

Lateral Security provides support services to corporate security organisations, including general assessments of current security programs and the development of security policies, procedures, design guidelines, and standards specific to the industry and location.

Lateral Security helps organisations understand the risk of cyber threats to their business. By helping organisations understand their critical strengths and weakness, Lateral Security then advises on the right methodologies and controls needed to reduce that risk. When developing a program, careful consideration is given to industry standards, operating resources, statutory and regulatory requirements, and corporate culture. Many clients turn to Lateral Security on an annual basis for an objective review of their current security programs.

Lateral Security can help organisations to understand your assets, weaknesses, and the threats towards your business in order to calculate true risk and in the reduction or mitigations of that risk to an acceptable level. This may include policies, procedures, configuration guidelines, security awareness programs and technical controls. General Security consulting covers all of the above and can help organisations become more secure over time to meet internal and external business goals.

MORE INFORMATION

Get in touch for more information about how we can help.

 

^ BACK TO TOP
SECURITY GOVERNANCE AND RISK MANAGEMENT

OVERVIEW

Security policy development and compliance with relevant standards is challenging for any organisation.

Lateral Security has developed security policies for many large Government and Corporate organisations in New Zealand and Australia and has the experience to offer real world advice.

Lateral Security can also offer help with presentations to management, implementation and ongoing measurement of these security policies to ensure success within your organisation.

SERVICES

  • Security policy design and development
  • Implementation of a baseline security policy
  • Produce customer facing documents to satisfy third parties
  • Security policy improvement (such as move ITIL maturity score)
  • Standards include ISO/IEC 27001 and 27002, PCI DSS, NZISM, PSR
  • Initial security audit
  • Security policy alignment (such as ISO/IEC 27002, NZISM)
  • Organisational documentation creation

MORE INFORMATION

Get in touch for more information about how we can help.

^ BACK TO TOP
Certification & Accreditation

OVERVIEW

Certification and Accreditation (C&A) provides assurance that a system or application meets defined organisational security objectives and requirements and operates within the organisations risk appetite.

SERVICES

Lateral Security can assist by providing the following services:

  • C&A activities in accordance with NZISM requirements
  • Risk assessment (what it the level of risk?)
  • Control audits (are the controls in place and working effectively to mitigate risk)
  • Certification reports (business context, presentation of actual risk vs. residual risk, planned remediation tasks)
  • Penetration testing (technical testing to ensure that controls are working as intended)
  • Design reviews (is the architecture and security controls adequate to meet security goals)

MORE INFORMATION

Get in touch for more information about how we can help.

^ BACK TO TOP
PCI DSS Assistance

OVERVIEW

PCI DSS are security standards for payment cards. Under PCI DSS version 2, companies are required to regularly test their security systems and processes.

Lateral Security offers auditing and certification services and uses the latest Qualys PCI certified scanning and testing tools.

SERVICES

Lateral Security can help you to meet the following PCI DSS requirements:

  • PCI DSS requirement 11.1 - wireless access point presence and detection of unauthorised wireless access points (quarterly)
  • PCI DSS requirement 11.2 - internal and external vulnerability scanning (quarterly)
  • PCI DSS requirement 11.3 - external and internal penetration testing (annually and after any significant infrastructure or application upgrade or modification)

Lateral Security can also assist with:

  • Security policy development to fully comply with PCI DSS
  • Auditing against PCI DSS
  • ISO 27001 and 17799 (27002)
  • NZISM and PSR (for government)

MORE INFORMATION

Get in touch for more information about how we can help.

^ BACK TO TOP
THREAT MODELLING AND RISK ASSESSMENT

OVERVIEW

Performing threat modelling and conducting risk assessment provides an organisation with the information they need to understand the risks they are exposed to. These are interactive processes which sees engagement with key stake holders across the organisation.

At the conclusion of the enagement an organisation will have a clear understanding of the threats and risks facing it. An informed organisation can then decide on their risk appetite for security-related events and prioritise security budgets into the areas that truly matter.

Lateral Security uses the following methodology:

  • Asset classification
  • Threat identification
  • Countermeasure identification
  • Likelihood determination
  • Impact determination
  • Risk determination
  • Additional: countermeasure recommendation

MORE INFORMATION

Get in touch for more information about how we can help.

^ BACK TO TOP
Temporary Staff Replacement

OVERVIEW

Whether it is due to a new project, RFP selection or staff absences, all organisations have times when they don’t have sufficient internal resources. Lateral Security can provide one of our skilled team to meet your business needs, saving you the expense of recruiting in-house staff.

Services we offer:

  • Independent impartial vendor product selection
  • RFP measurement and selection assistance
  • Internal security resource (business management or technical level)
  • Data gathering and collation
  • Moves, adds, and changes management
  • Staff overflow or temporary cover

MORE INFORMATION

Get in touch for more information about how we can help.

^ BACK TO TOP