Security Review and Testing

Are your Organisation's Assets properly protected? How sure are you?

Calamity Information Security - Computer Criminal at Laptop

Many organisations only find out their security isn't up to scratch after they have suffered loss. This is too late. Calamity can work with you to test and assess your security. We can help you proactively determine if your systems and policies work and you are appropriately protected.

Calamity can conduct an end-to-end review of your systems and their surrounding policies and procedures. Beyond the perimeter, and more than just rattling locks and scanning servers, we follow specific methodologies and tailor our approach to your business environment and its unique risk profile.

Given our extensive background across all areas of security, we can also add significant value by reviewing and advising on physical security as well, something nearly all other IT Consultancies are not qualified or licenced to do.

Vulnerability assessment and penetration testing

Our consultants will probe and test your computer systems, looking for any vulnerabilities or design flaws which a criminal might try and exploit. Using a suite of commercial and open source tools, as well as custom applications and manual techniques, we will check every visible element of a system for a thorough assessment

We can focus on technical specifics, from firewalls, servers and networks, right down to custom web applications and software code analysis. Or we can take a non-technical overall approach encompassing your staff and operations, policies and procedures. Knowing that ‘the security of any system is only as strong as its weakest link’, we prefer to explore both areas with you and will help to develop an ideal scope of work and 'rules of engagement' for the testing. Recognised standard, open-source and proprietary test methodologies are used for technical reviews and these are fully detailed prior to commencement. Sample reports are available on request, to approved customers.

External and Internal Testing

Testing can be conducted from outside your organisation perimeter (e.g., via the Internet or dial-in lines) to simulate external threats. We can also conduct testing inside the enterprise, to simulate a rogue employee (or accidental error) - an often overlooked source which could also cause significant loss to your organisation.

We don't just find problems, we find solutions

Where problems are identified during our review, we clearly explain these to you and (wherever possible) identify a practical solution to fix the problem. This service provides a high level of assurance to stakeholders that information assets are suitably protected. That’s real peace of mind.

Methodological Reviews

We can base our assessment against very well-known International and Australian security standards such as

  • ISO 27001 and AS/NZS 7799 - Information Security Management
  • AS/NZS 4360 - Risk Management
  • The Attorney General's Protective Security Manual
  • ACSI 33 – the Defence Signals Directorate’s IT Security Manual and others.

If you prefer, we can use your internal benchmarks and corporate standards. This can include a gap-analysis, where we measure your organisation against a specific benchmark and detail any non-conformance or partial conformance and detail how to close various gaps to achieve full compliance and a higher level of protection.

Physical Security EvaluationThief Stealing Company Laptop

Calamity consultants are experienced in physical security testing. Using a variety of techniques, we can determine the likelihood of criminals gaining physical access to your premises where they might:

  • Steal proprietary and corporate information
  • Steal valuables including mobile phones, staff wallets, laptops and the data contained on them
  • access data networks and install wireless access points
  • install malicious software onto your systems
  • install keystroke recording hardware and capture passwords to sensitive systems
  • install listening devices inside your premises
  • obtain access passes and gain entry to secure areas
  • Casually bypass or defeat alarm systems to permit subsequent undetected burglary.

Broken Glass and Busted Doors

Our physical security consultants can review physical security hardware, locks, windows, doors, access controls, alarms, cameras etc. to ensure you are getting a return on your investment in these assets. Where Calamity provides services in a related field to those being assessed, for example CCTV or Alarms, we can segregate our consulting staff to ensure an arms-length approach.

Red Teams

Document Theft - Man Stealing and Copying Documents from Office Filing Cabinet

Our experts can attempt to gain unauthorised entry to your facility. We can attempt:

  • Tailgating unaware staff
  • lock-picking
  • defeating locking mechanisms
  • bypassing electric and electronic access controls
  • theft of access cards
  • entry through walls, roof cavities and sub-floor areas
  • smuggling of items into your facility or past screening points

If you have a security officer presence, contract or in-house, we can assess their performance on your behalf.

Social Engineering and Con Techniques

We can also emulate a variety of techniques in person, by email and over the phone, to attempt to gain sensitive information from your employees. This can include:

  • Passwords and network access credentials
  • corporate secrets
  • proprietary information

Learning to Win

At the conclusion of any exercise, in addition to formal reporting, we can conduct informative and highly entertaining training for your staff detailing 'what happened' and how it can be avoided.

We frequently use hidden cameras in our assessments so staff being debriefed can see first-hand "how the bad guys got in". By exposing staff to the types of acts which may take place at similar organisations as well as actual 'attacks' which took place at theirs in the preceding days, we have had tremendous success in changing security culture within organisations, literally overnight. Ask us for more details about our success stories in similar environments to yours.

Changing Security Culture

We believe that the security of an organisation is everyone's responsibility, not just the security officer, security department, concierge etc. If a company suffers loss, that affects everyone. Our awareness training helps encourage all staff to protect the company, not to rely on someone else, and in so doing, protect their own livelihood and safety.

Chosen for our Expertise

Our experts have been engaged and trusted to perform penetration testing, vulnerability assessment and physical security reviews of numerous State and Federal Government agencies as well as law-enforcement agencies, private corporations, investment banks, power stations, wholesalers and data warehouses, educational institutions and more. Our list of past clients reads like a who's-who of people who are deadly serious about their security. Organisations who take security seriously turn to Calamity.