Cyber Security Strategy
Having a strategic plan is crucial in producing the desired outcomes in any endeavour. An effective Cyber Security strategy will reflect the business requirements and technology roadmap aimed at taking your organisation to the next level, securely.
Addressing issues like security priorities, in areas such as Cloud, application, framework alignment, risk appetite, control capability, insourcing, outsourcing, managed services, organisational structure and skill requirement will enable your team to be unified, working towards your desired posture.
Nautica Praesidium have extensive expertise in helping organisations realise their security goals through the development of successful strategy. Leverage our strategic knowledge and lead your organisation to an information secure future.
NIST CSF Gap Analysis
The National Institute of Standards and Technology (NIST) Cyber Security Framework (CSF) is a global security standard that is used across multiple industries and national governments. Aligning your organisation to this standard will provide a best practices framework to maintain cyber security principles at every level of your operations. Nautica Praesidium’s experienced consulting team will perform a gap analysis of your current policies and procedures, identify shortfalls and recommend solutions to improve on each element’s adherence. The NIST CSF Framework is comprised of five pillars; Identify, Protect, Detect, Response and Recover. Each pillar encompasses sections that cover the full spectrum of cyber security from Asset Management to Recovery Planning.
NCSC Cyber Essentials Gap Analysis
The UK National Cyber Security Centre (NCSC) has developed a simplified scheme designed for small and medium businesses called Cyber Essentials. The scheme identifies security controls that have been determined to provide the maximum amount of risk reduction, focusing on the following five essential mitigation strategies:
Boundary Firewalls and Internet Gateways
The Cyber Essentials scheme provides organisations with guidance on mitigation strategies as well as offering a certification path. Nautica Praesidium can assist organisations in understanding their current alignment to Cyber Essentials and implementation the appropriate technical controls required by the mitigations strategies to close the gap on the path to certification.
ASD Essential 8 Assessment and Implementation
The Australian Signals Directorate (ASD) issues the top 8 essential cyber security controls annually based on the Information Security Manual (ISM) which regulates Federal Government cyber security requirements. The ASD essential 8 is a prioritised list of security controls aimed at mitigating cyber attacks and correlated guidance on securing internal systems.
The current Essential 8 mitigation strategies are:
Patch Operating Systems
User Application Hardening
Restrict Administrative Privileges
Multi Factor Authentication
Configure Microsoft Office Marco Settings
Nautica Praesidium consultants have extensive backgrounds in applying the ASD top 8 to federal government institutions including the Department of Defence and military units. Our understanding and practical knowledge of the ISM has been cultivated over years of experience, contact us for a confidential discussion on how your organisation can adopt the ASD Essential 8 principles.
GDPR Compliance Assessment
The General Data Protection Regulation (GDPR) is the principle data privacy regulation within the European Union (EU). Under its purview, any data processed on European citizens, regardless of the processing organisation being within the EU or not, will be subject to penalties if found to be in violation of the regulation. The regulation itself describes the rights of an EU citizens personally identifiable information (PII) data being processed, classified and how organisations can use this data. Nautica Presidium offer a comprehensive GDPR assessment detailing policy, procedure and technical solution recommendation to keep your organisation compliance with the legislation.
Nautica Presidium has developed a brief to help companies understand the GDPR and how it may apply to them. This can be downloaded through (See attached document to be linked – REQUIRES name, company and email details to access)
IMO Cyber Risk Management Review
The International Maritime Organization (IMO) has issued compliance requirements changes across the Maritime Industry relating to cyber security. Coming into effect in 2021, cyber security will become a major part of the maritime Safety Management System and will require effective cyber risk management to be integrated into existing frameworks. Allow Nautica Praesidium to guide your organisation towards achieving compliance and securing your technology against cyber attack.