Security Strategy and Consulting

Plan for a safer, more secure future

The first step in building a safe and secure business is shining a light on the current state of your information security. Our expert security team uses best practice industry frameworks ‘right sized’ for New Zealand business to assess the security risks facing your business. Our strategy and consulting services are divided into three parts: vulnerability, maturity and test and train services.

Our vulnerability services identify and review the security weak spots across your business network. Try our one-month Threat Assessment for a holistic review of the state of your security, or choose a more targeted service like our external infrastructure and web application penetration tests, Office 365 security assessment and firewall review service.

For a bird’s eye view of your security maturity, our Information Security Assessment will help you to assess your business’ essential technical security controls, while our Information Security Policy Review service offers a ‘deep dive’ review or your organisation's security policy documents.

Finally, our Phriendly Phishing programme will measure staff awareness levels around phishing techniques, and train your staff to identify and react appropriately to phishing attacks via routine social engineering exercises.

 

 

Let's get started

Here are the services we offer to give you a better handle on the state of your information security.

Threat Assessment

Our Threat Assessment gives you broad visibility over the state of your security with a holistic review of your entire business network. Over the course of one month, we’ll monitor, scan and assess your network infrastructure and activity, with the goal of identifying the security weaknesses that are exposing your business to risk.

You’ll receive:

  • a comprehensive report detailing the security threats and events that affected your business during the one-month assessment period

  • a prioritised list of your security weak spots accompanied by pragmatic recommendations to reduce your risk

Approximate timeframe: One month

 

Find out more

Office 365 Security Assessment

Our Office 365 (O365) Security Assessment is a highly-focused and inexpensive review of your O365 security features and configuration settings. We’ll determine whether your O365 inbuilt security features are adequately protecting your business, and ensure you’re getting the most of your O365 licence.

You’ll receive:

  • a report detailing the enabled and available features in your O365 subscription and an assessment of your O365 security configurations

  • recommended remedial actions to reduce risk and reconfigure your O365 security setup

  • an indication of the ease of implementation and user impact of each recommendation

Approximate timeframe: 2-3 days

 

 

Find out more

Phriendly Phishing Programme

Phishing attacks are becoming increasingly sophisticated and personalised, and they’re one of the most popular methods of cyber attacks today. Turn your people into your strongest line of defence by building and measuring staff awareness around email phishing techniques using our Phriendly Phishing programme. Over a 12-month period, we will educate your employees and then routinely test them with a range of phishing techniques to improve their awareness and build cyber resilience in your business.

You’ll receive:

  • An initial wave of well-crafted phishing emails to employees to create a baseline measure of your susceptibility to phishing attacks
  • Delivery of innovative online training materials to educate staff on ways to identify suspicious senders
  • Follow up emails over the next 12 months to test employees against a range of commonly-used cybercrime techniques
  • Monthly reporting on staff response to attacks, enabling you to monitor the effectiveness of training and growth of your security culture

Approximate timeframe: Minimum 12 month subscription

 

Find out more

External Infrastructure Penetration Testing

An external infrastructure penetration test is a simulated attack on your network perimeter (that is, anything that connects to the internet). Using a variety of attack methods and techniques, we’ll attempt to penetrate your network perimeter and identify existing vulnerabilities in your infrastructure. External infrastructure penetration testing should be part of any business’ risk assessment phase prior to changing or launching any new live services.

You’ll receive:

  • a report containing a management summary and technical overview of the current state of your external infrastructure

  • a comprehensive list of identified risks and vulnerabilities across your external infrastructure

  • full details on how to fix any identified vulnerabilities and an estimate of working hours

  • immediate notification of any critical vulnerabilities


Approximate timeframe: Approximately 3 - 4 weeks

Find out more

Web Application Penetration Testing

A web application penetration test is a simulated attack on your web applications, helping you identify your risk of attack by malicious third-parties. Using a variety of attack methods and techniques, we’ll attempt to penetrate your business’ web applications, and identify the areas putting you and your customers at risk. Web Application Penetration Testing allows you to release your website application with confidence, knowing its been extensively scrutinised by industry leaders.

You’ll receive:

  • a report containing a summary and technical overview of the current state of your web applications

  • a comprehensive list of identified risks and vulnerabilities across your web applications

  • full details on how to fix any identified vulnerabilities and an estimate of working hours

  • immediate notification of any critical vulnerabilities

Approximate timeframe: Approximately 3 - 4 weeks

 

 

Find out more

Information Security Policy Review

Our Information Security Policy Review provides an independent assessment of the quality, completeness and intelligibility of your organisation’s policy documents. The assessment is based on best-practice standards and our own expertise.

You’ll receive:

  • a comprehensive report detailing areas for improvement across your business's security policies

  • a list of recommendations to help your organisation build a comprehensive set of security policies that ultimately reduce risk

Approximate timeframe: 1-2 weeks

Find out more

Information Security Assessment

Our Information Security Assessment is a comprehensive review of your business’ essential technical security controls and information security governance, policies and procedures. We’ll measure your business across twenty control areas using the Australian Signals Directorate (ASD) Essential 8 Controls and the NZ Government Protective Security Requirements (PSR) framework. The outcome is a security rating that determines your business’ overall security maturity.

You’ll receive:

  • a comprehensive report with a list of identified vulnerabilities exposing your business to risk together with maturity scores across 20 control areas

  • a prioritised list of recommendations to improve your organisation’s overall security

  • a customised program of work to help you remediate your security weak spots and strengthen your defences


Approximate timeframe: 3-4 weeks

Find out more
What stage is your business at?

Wherever you are in your security journey, Origin Security has the people, processes and technology to get you to your destination.

One-month Threat Assessment

So you’ve implemented preventative security measures to protect your business, but how do you know your investment is actually paying off? Get eyes across your business network with a one-month threat assessment, and find out if your current security setup is working for your business.

Read More

Case Study – Milford Asset Management

Milford Asset Management achieved incredible results using our Phriendly Phishing programme. The leading investment firm decreased their click-through-rate on phishing attacks from 29% to just 0% in less than 12 months. Download the case study here.

Learn More

Ready to get a handle on your security?

0800 34 34 34