Cyber Security & Information Resilience

Managing and Securing your Business Information

infor lock Did you know:

In 2013, the cost of cyber-crime in the U.S. was approximately $100 billion (Wall Street Journal)
In 2016, The annual cost of cybercrime globally is approximately $500bn (source: Allianz, 2016)
By 2019, cyber-crime costs projected to reach $2 trillion (Juniper Research, 2016)

The Cost of Cyber-Crime Quadruples Every Four Years

As Cyber-crime costs the global economy hundreds of billions of dollars per annum, BSI is doing something to counteract the threat.

We have invested heavily in information resilience, boosting our global information security expertise footprint and putting our client’s cyber security and threats, at the centre of our propositions.

With already established standards in information security management (e.g. ISO 27001), BSI can now offer adjacencies and ubiquitous cyber resilience to this global accreditation.

BSI acquired Espion (Irish cyber security and information resilience business, dealing primarily in the private sector with global contracts) and Info Assure (UK based information security business dealing primarily in government tenders) this year to bolster their products and services offering. With subject matter expertise in areas such as Payment card industry data security standards (PCI DSS) to penetration testing, vulnerability assessments to data protection, security awareness training to certified training courses and much more, BSI now enables their clients to be fully compliant, information resilient and secure from any cyber threats, in line with the new General Data Protection Regulation (GDPR) which will be in effect from 25th May 2018.

See below for what we can offer from our Cyber Security & Information Resilience domain.

PCI DSS Payment Card Industry

PCI

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security controls developed by an aggregated body of experts from the major card brands.

The standard spans the fundamental aspects of information security and extends through the people, processes and technologies involved in payment card processing systems.

PCI DSS is a complex and granular standard which fundamentally applies to all entities which store, process or transmit payment card data, and more recently extends to organizations that may impact the security of a credit card processing environment.

BSI’s Qualified Security Assessors (QSAs) provide the capability to lead you through the PCI journey from initial review to full compliance in the most efficient and least intrusive manner possible, ensuring your business can continue to operate while maintaining a compliant payment processing environment.

Download our PCI DSS Services factsheet >

Data Protection (GDPR)

Data Protection compliance has never been as important as it is today. New EU regulations (EU GDPR), soon to be implemented will place significant legal responsibilities on organizations that collect, store or process data.

For the first time, monetary sanctions of up to 4% of global annual turnover will apply to breaches of the regulation. It also includes additional measures to protect the personal data of EU citizens.

BSI understands the value of data to your business and the serious implications of a data breach.

We help organizations to:

Apply best practice in achieving and maintaining compliance with EU Data Protection standards across differing regulatory environments
Plan and implement measures in preparation for the proposed new EU regulation

Vulnerability Assessment

A Vulnerability Assessment is an automated assessment designed to identify vulnerabilities in an organization’s IT systems.

Vulnerability assessments are performed using BSI Espion’s industry standard scanning tools and systems. This assessment differs from a penetration test as it is performed by an automated solution which typically, does not include manual testing.

Performing vulnerability scans will help ensure that known vulnerabilities are identified and addressed in a timely manner, thus reducing an organization’s risk exposure to an acceptable level.

Download our Insight Paper "Top Security Controls for Organizations" here for more information on securing your environment > >

Penetration Testing

BSI are seasoned experts at providing Penetration (Pen) tests of the highest quality. Our Information Security experts possess the highest levels of knowledge and skills on the market today.

BSI uses a risk-based approach to penetration testing in order to prioritise the testing of identified vulnerabilities from high risk to low risk.

Our experienced consultants are trained to replicate the mind of an attacker and use an exhaustive set of tools to perform and imitate this mind-set.

BSI Espion is CREST accredited for Penetration Testing. This places Espion as part of an elite group of companies who demonstrate the highest levels of security testing standards.
Our Penetration Testing Services include:

Web Application Penetration Testing
Mobile Application Penetration Testing
Internal Penetration Testing
External Infrastructure Penetration Testing
Web Service Penetration Testing

Download our Penetration Testing Services factsheet > >

End User Security Awareness

Within the last calendar year 77% of companies have experienced a Phishing Attack, while 58% of organizations say this type of attack is increasing.

Furthermore, nearly 80% of all malware attacks come from phishing attempts.

Employees are the weakest link in your security chain and increasingly we see the majority of breaches being traced back to employee behaviour.

BSI partner with Gartner Leader, Wombat Security, to help organizations educate and support their staff with security awareness training. End user

In Gartner’s latest publication (October 2016) of the “Magic Quadrant for Security Awareness Computer-Based Training” Wombat Security Technologies continue to lead the way in Security Awareness Training.

Wombat is not only the leaders but also visionaries in accordance with the quadrant shown here.

Download the 2016 Beyond the Phish Report > >

Information Security Training Courses

We offer a range of specialist training courses around information Security, to help enhance your knowledge and support you to professionally develop.

Certified Information Systems Auditor (CISA®) training course >

Get global recognition as a professional information systems expert with our intensive 4 day Certified Information Systems Auditor (CISA) course. You'll also get the knowledge, skills and best practices to successfully audit, control and secure your information system.

View details for Certified Information Systems Auditor (CISA®) training course >

Classroom training course

Certified Information Security Manager (CISM®) training course >

Enhance your career with our Certified Information Security Manager (CISM) training course. With recent independent studies consistently ranking CISM as one of the highest paying and sought after IT certifications, it's a great course to help with your professional development. Plus it provides executive management with assurance that you have the required experience to provide effective security management and consulting services.

View details for Certified Information Security Manager (CISM®) training course >

Classroom training course

Certified Information Systems Security Professional (CISSP) >

If you're building a career in information security then Certified Information Systems Security Professional (CISSP) is the must-have qualification to help you progress. It is a globally recognized standard (ISO/IEC 17024) that demonstrates your competence as an IT professional. Covering topics including cloud computing, mobile security, application development security, and risk management, you will gain the knowledge to best manage information security issues back in your organization.

View details for Certified Information Systems Security Professional (CISSP) >

Classroom training course

Other specialist Information Security training courses >

Check out our range of other specialist information security courses, from ethical hacking to systems security.

View details for Other specialist Information Security training courses >

Various options available