Security Strategy and Consulting

Plan for a safer, more secure future

The first step in building a safe and secure business is shining a light on the current state of your information security. Our expert security team uses best practice industry frameworks ‘right sized’ for New Zealand business to assess the security risks facing your business. Our strategy and consulting services are divided into three parts: vulnerability, maturity and test and train services.

Our vulnerability services help you to identify, and remediate, security weak spots across your IT infrastructure. Choose from External Infrastructure Penetration Testing, Web Application Penetration Testing, or an Office 365 Security Assessment, or roll out the entire suite for a comprehensive analysis of your security vulnerabilities.

For a bird’s eye view of your business’ security maturity, our maturity services include an Information Security Assessment, which involves a review of your business' approach to information security, or an Information Security Policy Review for a ‘deep dive’ into your organisation’s security policy documents.

Finally, our Phriendly Phishing programme will measure staff awareness levels around phishing techniques, and train your staff to identify and react appropriately to phishing attacks via routine social engineering exercises.

 

Let's get started

Here are the services we offer to give you a better handle on the state of your information security.

Office 365 Security Assessment

Our Office 365 Security Assessment is a highly-focused and inexpensive review of the current state of your security in your Office 365 environment, utilising the Microsoft Secure Score and our own best practice experience.

You’ll receive:

  • An assessment of your business’ Office 365 security configurations
  • A comprehensive review of the enabled and available features in your Office 365 subscription
  • A detailed report with recommendations for remedial actions to reduce risk

Approximate timeframe: 2-3 days

 

Find out more

Phriendly Phishing Programme

Phishing attacks are becoming increasingly sophisticated and personalised, and they’re one of the most popular methods of cyber attacks today. Turn your people into your strongest line of defence by building and measuring staff awareness around email phishing techniques using our Phriendly Phishing programme. Over a 12-month period, we will educate your employees and then routinely test them with a range of phishing techniques to improve their awareness and build cyber resilience in your business.

You’ll receive:

  • An initial wave of well-crafted phishing emails to employees to create a baseline measure of your susceptibility to phishing attacks
  • Delivery of innovative online training materials to educate staff on ways to identify suspicious senders
  • Follow up emails over the next 12 months to test employees against a range of commonly-used cybercrime techniques
  • Monthly reporting on staff response to attacks, enabling you to monitor the effectiveness of training and growth of your security culture

Approximate timeframe: Minimum 12 month subscription

 

Find out more

External Infrastructure Penetration Testing

Our External Infrastructure Penetration Testing service checks the entire exterior of your infrastructure (that is, anything that connects to the internet), using a variety of attack methods. External infrastructure penetration testing should be part of any business’ risk assessment phase prior to changing or launching any new live services.

You'll receive:

  • A comprehensive test of your external infrastructure security status
  • Identification of any weaknesses that could allow an attacker to compromise your external infrastructure
  • An in-depth report with detailed technical findings, including an explanation of the risk associated with each identified vulnerability and details on how to mitigate it

Approximate timeframe: Variable

Find out more

Web Application Penetration Testing

Website Application Penetration Testing allows you to release your website application with confidence, knowing its been extensively scrutinised by industry leaders. We’ve partnered with BlackBerry Cyber Security to bring the world’s most highly-regarded website penetration testing service to our New Zealand clients.

You'll receive:

  • A comprehensive test for vulnerabilities (including those detailed in the OWASP Top Ten) across your entire application
  • Identification of any weaknesses that could allow an attacker to compromise the application, the data it interacts with, its users or the hosting environment
  • An in-depth report with detailed technical findings, including an explanation of the risk associated with each identified vulnerability and details on how to mitigate it

Approximate timeframe: Variable

 

Find out more

Information Security Policy Review

Comprehensive and robust policies are the foundation of good security, providing clear guidance on the specifics of the security implementation and setting clear expectations for how employees should behave. The review process is based on best-practice standards and our experience working with a wide range of clients across multiple industry sectors.

You'll receive:

  • An independent assessment of the quality, completeness and intelligibility of your organisation’s policy documents
  • A comprehensive report containing recommendations to assist your organisation in building a set of policies that will provide the foundation for a robust information security environment, and ultimately help to reduce risk

Approximate timeframe: 1-2 weeks

Find out more

Information Security Assessment

Our Information Security Assessment involves reviewing your business’ approach to information security. We’ll assess your essential technical controls and information security governance, policies and procedures using established international information security procedures such as ASD and PSR and spanning 20 control areas. Our findings set the foundation for short and long-term remedial recommendations to enhance your security posture.

You’ll receive:

Identification of vulnerabilities and weak spots exposing you to risk

  • A list of prioritised recommendations for immediate consideration
  • Detailed analysis of findings and maturity scores across 20 control areas
  • Comprehensive remedial recommendations to strengthen your defences

Approximate timeframe: 3-4 weeks

Find out more
What stage is your business at?

Wherever you are in your security journey, Origin Security has the people, processes and technology to get you to your destination.

FREE Network Security Assessment

It doesn’t matter how up to date with cyber security you think you are, it’s likely that there’s a gap between your current protection level and the level it should be at to safeguard against the latest threats. Register for our quick, simple and free test here.

Read More

Case Study – Milford Asset Management

Milford Asset Management achieved incredible results using our Phriendly Phishing programme. The leading investment firm decreased their click-through-rate on phishing attacks from 29% to just 0% in less than 12 months. Download the case study here.

Learn More

Ready to get a handle on your security?

0800 34 34 34