A cyber security health check contains a wide spectrum of myriad activities like a complete Top Down assessment of the ICT infrastructure, vulnerability scanning, pen testing, documentations, guidelines creation, reviewing all these based on results of carefully conducted customer interviews.
Identify your top priorities in cyber security
To obtain maximum Return on Security Investment (ROSI) it is vital to know the critical assets of the organization and their individual weak spots and threats. The Health Check is the perfect tool to raise management awareness and identify your top priorities in cyber security in order to transform them into quick wins.
The Health Check tailored to your organization
The RUAG Cyber Security Health Check approach follows a in practice recognized standard framework. Conducting a current state analysis of the security controls and maturity level of the processes provides a baseline. The following gap analysis against the best practices of the customer’s industry sector produces a customer-focused Cyber Security Health Report. This serves as the foundation of a customer-specific security roadmap to improve Cyber Security and to allocate the financial budget to address further security needs.
Regulatory requirements like Data Protection Acts and standards, such as ISO/IEC 27001, SOX or BSI 100-1, demand security awareness. The multitude of risks and ways to attack an organization has increased tremendously in the recent years. Developing awareness is a key capability to establish and maintain successful company security.
Build a culture of compliance and awareness
Employees often do not have the knowledge, ability or incentive to act according to compliance and security guidelines. Teaching and training them on how to act securely makes your work force a strong part in your organization’s line of defence to protect your values and know-how.
How to secure your staff
We start with a policy compliance analysis by screening policies and guidelines followed by a survey on staff adherence to the rules. As appropriate, follow-up analysis like security capacity maturity model rating, gap analysis, awareness heat map and other methods apply. Closing the gaps encompasses active enablement with tailored measures, training and coaching for different target groups incl. management.
Boost your compliance
Staff of higher level of security awereness can notice irregularities fasterand react accordingly, mitigating the risk of successful attacks. A holistic compliance approach combining technical measures and awareness results in successful incident avoidance and can serve as a unique selling point towards customers.
Examine your current security organization, methods and technology with an audit. The resulting action plan shows you the necessary steps to adequately increase your safety level before attackers and criminals are able to exploit weak spots.
Are your cyber security controls effective?
Unknown and therefore unaddressed vulnerabilities can be exploited by attackers or criminals to gain access to critical systems and sensitive information. Audits help your organization to comply to internal and external standards and regulatory rules. They examine the effectivity of your controls and help you identify weaknesses that need to be addressed.
Obtain deep insights about your cyber security maturity
RUAG offers special Compliance Audits (ISO/IEC 2700x, COBIT, SOGP, etc.) and Technical Audits (Vulnerability Scans, Penetration Tests and Attack Simulations) to establish a deep insight into the customer’s protection and determine their Cyber Security Maturity.
Reinforce your security posture
Cyber Security Compliance Assessments verify compliance with standards and best practices and provide insight into the cyber security maturity level as a basis for future improvement. A RUAG technical audit identifies obvious and hidden vulnerabilities in your information systems. Our security experts assist you in the development of remediation options to address identified vulnerabilities.
Get to know your enterprise’s Application, Data and Technology Architecture. We identify improvement and innovation opportunities and provide a valuable information basis to potential initiatives or projects.
Robust, secure & flexible architecture
Our approach enables you to keep the overview of the architecture of your company’s IT and how it is implemented. This helps you to identify the right places to manage risks and improve your cyber security in a very effective way. Deficiencies or redundancies can be identified and pursued actively in order to boost efficiency. Providing the necessary information to key stakeholders within your company is a critical precondition for flexibility when it comes to innovation, economic pressure or new regulations.
RUAG Enterprise Architecture solutions
RUAG captures, documents and designs your Enterprise Architecture using high security expertise, concepts and methods that have been developed and successfully utilized over the years. Our model based approach of Enterprise Architecture helps you to improve the robustness, security and flexibility over time. Enterprise Architecture is about insight and knowledge that leads to well-considered decisions. Our goal is to enable you that you maintain your Enterprise Architecture to meet your own needs.
We address your need to understand how your business works and which threats and opportunities you face within secure or highly secure environments. Knowing your business processes is a key to gain this understanding.
Business Process Analysis and Modelling
By analyzing your business processes we identify spots to be improved.Together with your stakeholders we design target processes and point out the necessary transformation. Next we link the business processes to core components of your target architecture. This helps you to keep track of dependencies and react to future change without risking to disrupt your core business.
Integrated model based Requirements Engineering
We help you define your goals and formulate structured requirements to achieve them. Our model-based approach for requirements engineering promises active and committed stakeholder involvement. The model-based tree used to structure requirements creates a comprehensible representation and permits an automated generation of structured and standardized documents within minutes. And ensures the re-use of the requirements in other current or future projects. Our goal is to consult, train and coach you on how to use the provided methods and tools in order to excel at engineering and managing requirements.
ICS / SCADA SECURITY
While getting more and more connected using IP technology, Industrial Control Systems usually do not have the same level of security as IT systems. Without proper security architecture adapted for industrial operations, ICS are at high risk.
Understanding ICS is key to provide security
Standard IT Security approaches are often ineffective in industrial environments, because of different security objectives and organizational differences. RUAG tailors your individual security solution, using a holistic customer-centric approach, based on the RUAG Cyber Circle. RUAG has multi-disciplinary security experts with a deep understanding of ICS security. They assist you in managing cyber security risks, and provide assurance that operations remain resilient to cyber risks.
Achieve process assurance, safety, and security
We provide a powerful set of cyber security consulting services to operators of industrial control systems. We aim to achieve ICS process assurance, safety, and security. Your operational processes will improve through better visibility and accountability of cyber assets and so will ICS cyber security. RUAG also offers effective incident detection and response in ICS environments in order to support you in all situations.
The core objective of eForensics is to obtain objective evidence and root cause information on security incidents like compromised data or infrastructure intrusion. Moreover, forensic examination is the method of choice to detect and evaluate fraudulent activities in the context of endpoints and users.
Check for evidence
Using highly sophisticated software and dedicated hardware, our certified experts conduct their investigations directly at your site and system. Using best practice methods, we analyze what happened, identify entry and exit points and pathways of the attack and secure evidence for trial in court. Our experts are supported by special RUAG-developed tools for visualization and network traffic monitoring.
Preserve proofs – get back to business
Threats are identified and root causes found. RUAG conducts continued examination of components and data to clear your system from any threat residue to support and enable resumption of normal business. Furthermore, we help you to set up monitoring tools to eliminate blind spots and give you advise in hardening your systems. We offer you flexible and international support with adequate communication on any hierarchy level. Using scientific methods, judicial regarded as valid, we seize evidence, interpret and analyze it and assemble a utilizable chain of evidence.