Cybersecurity Risk Assessments
Cyber security risk assessments for defence-level governance and compliance capabilities.
Readying Your Site
Cogito Group can assess your current and potential cyber security risks as an organisation. We can recommend and develop control frameworks to improve logical and physical security. We can align your organisation with global defence standards. If you are applying for provider membership where compliance standards are non-negotiable, we will aid you in development of controls prior to your compliance assessments.
Defensive Security
Cogito Group can provide assistance, training, software, and hardware solutions to help align your organisation with international security standards required for defence level security. We provide frameworks for physical and logical access, and documentation standards. If you are looking to secure your organisation to the standards required by ISO 27001, NIST 800-171, or DEFSTAN 05-138, Cogito can provide a pre-assessment of your physical and logical security.
Pre-Certification Standardisation
Cogito Group’s pre-certification assessments will aid in developing security controls within organisations. These controls are designed to improve governance and compliance for organisations seeking accreditation.
Maturity of Current Cybersecurity Practices
Cogito have secured information technology services for the Australian Defence Force and operate as members of DISP. Cogito can assess your current security standards against federal maturity levels of cyber security, and emerging threats. Using this Cogito will create a risk assessment treatment plan.
Physical and Logical Access
Cogito Group are expert systems integrators. Our experts have specialist knowledge of the convergence of physical and logical access systems. This experience can be used to design both logical and physical systems to improve governance and compliance.
Services
Training
Our consultants have the skills and experience to train your staff to recognise both physical and logical risks. We’ll show you how to mitigate accordingly through tools, technology, or behavioural changes.
Consultancy
Cogito offers consultancy services for the development of policy and trusted frameworks within both physical and logical access systems.
Expertise
Cogito offers consultancy services for the development of policy and trusted frameworks within both physical and logical access systems.
Secure Technology
Cogito works with best-of-breed hardware providers to ensure yout technological chain of trust is first in risk mitigation technology.
Security
The Cyber Security Risk Landscape
As the cyber security threat landscape evolves, physical and logical security posture must be kept consistent throughout the technological ecosystem. Cogito Group are experts in cyber security and system integration.
With Cogito’s assistance your organisation can ensure it meets cyber security requirements, throughout your entire supply chain, including resource and staff management.
Risk Management Decision Making
Cogito Group can show you how to understand the risks your organisation faces and make informed decisions in mitigating these. We will design a framework for risk mitigation that integrates logical and physical access, documentation standards, organisational culture, and technology.
Physical Access Control
Physical access technologies are no longer restricted to one building, state, or nation. As our organisations communicate and integrate we require cross-organisational, interbuilding, physical access solutions. In the wake of internal threats we require a convergence of physical and logical security to assess behavioural data and fortify access control. Cogito Group consultants have a breadth of experience in producing highly secure physical access security across organisations.
Logical Access Control
Cogito are experts in the convergence of PACs and LACs. Our software products combine with physical access authentication to allow protection against logical access and ensure user identities have been fully established. This provides organisations with additional layers of security. We are experts in every aspect of PKI, encryption and IdM. We are able to offer specialised advice regarding security concerns and integrations.
International Standards Required by Defence Providers
ISO 27001
ISO 27001 is the international standard for Information Security Management Systems. ISO 27001 is assessed against the criteria of confidentiality, integrity, and availability.
NIST 800-171
NIST 800-171 is the United States national standard for protecting controlled unclassified information in non-federal systems and organisations.
UK DEFENCE STANDARD 05-138
The UK Defence Standard 05-138 is the national standard for defence providers. The standard refers to five risk profiles based on a cyber security risk assessment developed by the Ministry of Defence.
ASD Essential 8
Cogito’s offering includes strategies to help your organisation meet and implement the Australian Signals Directorate Essential 8. For organisations interested in defence-like strategy, the top four priorities are:
Application Whitelisting
Application Whitelisting should be implemented to ensure all software, devices and services only allow approved application access.
Patching Applications
When vendors identify and notify customers of security vulnerabilities, subsequent applications must be patched or updated within one month of the vulnerability being identified.
Patching Operating Vulnerabilities
In the case of Operating Systems with security vulnerabilities these must be patched, updated, or replaced with supported versions.
Restricting Admin Privileges
Cogito can offer expertise and consultancy in best practices for limiting policy security controls and obtaining further visibility over staff and administrative accounts.
Cybersecurity Resources
Cogito offers the following cyber security resources for improved governance and compliance capabilities.
Multi-Factor Authentication
OTP and Certificate-Based Authentication
Backup Reporting
Embedded Linux Support
Protect Against Bots and Ransomware
Physical and Logical Access
Endpoint Protection Reporting
Firewall Reporting and Monitoring
Switching Monitoring Through Network Discovery
Configuration Management Database Capability
Consultancy and Training
GP Reporting for Baseline
