In today’s connected world, the threat landscape is becoming increasingly complex with attacks that are more specific, agile and sophisticated in nature. Cyber security threats continue to challenge the operation of your business, employee safety and the protection of your digital assets and intellectual property.
| MANAGEMENT CONTROLS | OPERATIONAL CONTROLS | TECHNICAL CONTROLS |
| Establish ongoing governance | Governance systems | Asset inventory |
| Manage the business risk | Management frameworks | System architectures |
| Manage the lifecycle | Risk Management | Malware protection |
| Improve awareness and skills | Awareness training | System hardening |
| Implement security controls | Change management | Network configuration |
| Manage vulnerabilities | Vulnerability management | Access management |
| Manage third party risks | System monitoring | Remote access |
| Establish response capabilities | Threat intelligence | Removable media |
| Third party engagement | Security testing | |
| Personnel security | Physical security |
Cyber Advisory Services
Security program developmentThe first step in ensuring the security of your organization is to have a security program. It is rare to find an organization without some sort of cyber security program today, but unfortunately, but many programs are incomplete and weak. Depending on your needs, our consultants can either develop programs from the ground up or update and improve existing programs to reflect the current environment. |
IT risk assessmentIn an age of Internet and business-to-business connectivity, there are a multitude of threats that must be dealt with including:
What threat do these pose to your organization? Our IT Risk Assessment experts work with you to assess your information environment, risks and recommend the most appropriate security controls for your organization. |
Controls reviewYour security program identifies the security controls appropriate to your organization. However, do they continue to provide adequate protection? The objective of an IT Controls Review is to evaluate and assess the various management, operational, and technical controls in place within the organization’s key assets with respect to how information and IT assets are secured and to make recommendations for improvement. |
Compliance readiness review, audit & alignmentAre you in compliance with today’s laws and regulations? Compliance should be a by-product of an effective security program. Our readiness review will help you understand how you can best achieve compliance within your existing security program. With expertise across various compliance frameworks such as FFIEC, PCI DSS, GLBA, FISMA, ISO, HIPAA and others, we can provide most of your audit requirements with regards to the current environment in Canada and USA. We will work with your management and internal auditors to ensure a smooth path to compliance. |
Chief Information Security Officer advisory serviceA Chief Information Security Officer (CISO) advisory service is a cost effective solution to augment your business with overall security and risk management leadership. The CISO Advisor becomes an integral part of your team, on a monthly basis or as needed, working through your current management structure to deliver the information security systems your company needs. |
Information security policy development & alignmentA carefully designed and implemented information security policy is essential to properly and effectively managing risk in your enterprise. We can help seamlessly design and integrate these policies into your organization’s operational and business processes with the flexibility and scalability to allow for changes as your organization evolves. The end result will be security policy document that is complete, accurate, appropriately reflects the current environment, is in line with best practices, and complies with any specific legal mandate or regulation that the organization is subject to. |
Security architecture reviewYour security architecture must be flexible, yet finely tuned enough to allow for your organization to grow and still keep your information secure. We follow a proven methodology for developing business-driven, risk and opportunity focused security architectures at both enterprise and solutions level that support business objectives. The result will be a design that works with your current and future business plans. |
Physical security reviewThe best security infrastructure to prevent external threat actors is worthless if someone can walk in off the street and plug into the network or walk out with your server. Our physical security review will evaluate and assess the various management, operational, and technical controls in place within the organization’s key assets with respect to how information and IT assets are secured physically. We will highlight areas and make recommendations for improvement. |
Security program developmentThe first step in ensuring the security of your organization is to have a security program. It is rare to find an organization without some sort of cyber security program today, but unfortunately, but many programs are incomplete and weak. Depending on your needs, our consultants can either develop programs from the ground up or update and improve existing programs to reflect the current environment. |
IT risk assessmentIn an age of Internet and business-to-business connectivity, there are a multitude of threats that must be dealt with including:
What threat do these pose to your organization? Our IT Risk Assessment experts work with you to assess your information environment, risks and recommend the most appropriate security controls for your organization. |
Controls reviewYour security program identifies the security controls appropriate to your organization. However, do they continue to provide adequate protection? The objective of an IT Controls Review is to evaluate and assess the various management, operational, and technical controls in place within the organization’s key assets with respect to how information and IT assets are secured and to make recommendations for improvement. |
Compliance readiness review, audit & alignmentAre you in compliance with today’s laws and regulations? Compliance should be a by-product of an effective security program. Our readiness review will help you understand how you can best achieve compliance within your existing security program. With expertise across various compliance frameworks such as FFIEC, PCI DSS, GLBA, FISMA, ISO, HIPAA and others, we can provide most of your audit requirements with regards to the current environment in Canada and USA. We will work with your management and internal auditors to ensure a smooth path to compliance. |
Chief Information Security Officer advisory serviceA Chief Information Security Officer (CISO) advisory service is a cost effective solution to augment your business with overall security and risk management leadership. The CISO Advisor becomes an integral part of your team, on a monthly basis or as needed, working through your current management structure to deliver the information security systems your company needs. |
Information security policy development & alignmentA carefully designed and implemented information security policy is essential to properly and effectively managing risk in your enterprise. We can help seamlessly design and integrate these policies into your organization’s operational and business processes with the flexibility and scalability to allow for changes as your organization evolves. The end result will be security policy document that is complete, accurate, appropriately reflects the current environment, is in line with best practices, and complies with any specific legal mandate or regulation that the organization is subject to. |
Security architecture reviewYour security architecture must be flexible, yet finely tuned enough to allow for your organization to grow and still keep your information secure. We follow a proven methodology for developing business-driven, risk and opportunity focused security architectures at both enterprise and solutions level that support business objectives. The result will be a design that works with your current and future business plans. |
Physical security reviewThe best security infrastructure to prevent external threat actors is worthless if someone can walk in off the street and plug into the network or walk out with your server. Our physical security review will evaluate and assess the various management, operational, and technical controls in place within the organization’s key assets with respect to how information and IT assets are secured physically. We will highlight areas and make recommendations for improvement. |
Cyber Technical Services
Cyber exposure profilingCyber risks are growing and many organizations lack understanding of where they’re most vulnerable. Our cyber exposure profiling service documents your digital footprint and outward facing exposure, using social media analytics as well as our own tools for identifying vulnerabilities, so you can mitigate and demonstrate that you have implemented improved security measures. |
Vulnerability testingAre all of your systems and applications up-to-date with the latest patches applied? Can you be completely sure that your perimeter devices have been correctly configured? Our vulnerability testing services provide that verification, and our reports highlight and prioritize issues so that the most severe problems can be addressed first. |
Infrastructure penetration testingVulnerabilities may exist from improper configuration, flaws in the system, application code, hardware flaws or weaknesses in operational/technical processes. But what does that mean for you? Are these vulnerabilities posing a severe risk to your organization? How did they arise? What happens if someone exploits these vulnerabilities? What can be done to help ensure that such vulnerabilities do not arise in the future? Our penetration testing services can answer these questions. |
Web application penetration testingA web application is your doorway to the Internet thus allowing your customers, suppliers and shareholders access to your products, services and information. It is also a window to your organization for cyber criminals. How secure is your application? Applications should never be deployed to the Internet before being thoroughly tested for security issues. Our proprietary Internet intrusion analysis and testing methodology will give you the confidence that your applications are secure today from the latest cyber intrusion methodologies. |
Mobile attack resistance assessmentMobile devices have become a normal business accessory today, however, this introduces new risks and vulnerabilities. Our mobile attack resistance assessment identifies possible ways to simulate all of the common mobile attack scenarios in a manner that could be employed by a real attacker to access and exfiltrate sensitive information from your network, without being detected. |
Social engineering testingThe weakest link in the security of your organization will always be your people. But how vulnerable are your people to social engineering attacks? Our social engineering test emulates all of the common techniques and methods used by modern day hackers. Our consultants are well versed and experienced in the ‘art’ of social engineering and the tricks of the trade that are used to gain the trust of end users. The results of a social engineering test will help you design a more effective education campaign for your staff and identify potential attack points in the organization. |
Network and wireless security assessmentYour IT environment rests on your wired and wireless networks. How vulnerable are they to intrusion? A security assessment performed by BAE Systems Applied Intelligence consists of analyzing, assessing, and testing the overall design and integrity of the network and critical information technology assets, such as servers and devices, to uncover and identify potential security weaknesses and flaws. Our analysis of these areas is compared against security industry best practices and recommendations are made on the basis of those comparisons. |
Firewall and infrastructure configuration reviewsFirewalls are the front line of your perimeter defence. A simple misconfiguration can open you to attacks that put your entire infrastructure at risk. A review of your firewalls and infrastructure by BAE Systems Applied Intelligence would include configurations in accordance to vendor guidelines, industry regulatory requirements and best practices. |
Cyber exposure profilingCyber risks are growing and many organizations lack understanding of where they’re most vulnerable. Our cyber exposure profiling service documents your digital footprint and outward facing exposure, using social media analytics as well as our own tools for identifying vulnerabilities, so you can mitigate and demonstrate that you have implemented improved security measures. |
Vulnerability testingAre all of your systems and applications up-to-date with the latest patches applied? Can you be completely sure that your perimeter devices have been correctly configured? Our vulnerability testing services provide that verification, and our reports highlight and prioritize issues so that the most severe problems can be addressed first. |
Infrastructure penetration testingVulnerabilities may exist from improper configuration, flaws in the system, application code, hardware flaws or weaknesses in operational/technical processes. But what does that mean for you? Are these vulnerabilities posing a severe risk to your organization? How did they arise? What happens if someone exploits these vulnerabilities? What can be done to help ensure that such vulnerabilities do not arise in the future? Our penetration testing services can answer these questions. |
Web application penetration testingA web application is your doorway to the Internet thus allowing your customers, suppliers and shareholders access to your products, services and information. It is also a window to your organization for cyber criminals. How secure is your application? Applications should never be deployed to the Internet before being thoroughly tested for security issues. Our proprietary Internet intrusion analysis and testing methodology will give you the confidence that your applications are secure today from the latest cyber intrusion methodologies. |
Mobile attack resistance assessmentMobile devices have become a normal business accessory today, however, this introduces new risks and vulnerabilities. Our mobile attack resistance assessment identifies possible ways to simulate all of the common mobile attack scenarios in a manner that could be employed by a real attacker to access and exfiltrate sensitive information from your network, without being detected. |
Social engineering testingThe weakest link in the security of your organization will always be your people. But how vulnerable are your people to social engineering attacks? Our social engineering test emulates all of the common techniques and methods used by modern day hackers. Our consultants are well versed and experienced in the ‘art’ of social engineering and the tricks of the trade that are used to gain the trust of end users. The results of a social engineering test will help you design a more effective education campaign for your staff and identify potential attack points in the organization. |
Network and wireless security assessmentYour IT environment rests on your wired and wireless networks. How vulnerable are they to intrusion? A security assessment performed by BAE Systems Applied Intelligence consists of analyzing, assessing, and testing the overall design and integrity of the network and critical information technology assets, such as servers and devices, to uncover and identify potential security weaknesses and flaws. Our analysis of these areas is compared against security industry best practices and recommendations are made on the basis of those comparisons. |
Firewall and infrastructure configuration reviewsFirewalls are the front line of your perimeter defence. A simple misconfiguration can open you to attacks that put your entire infrastructure at risk. A review of your firewalls and infrastructure by BAE Systems Applied Intelligence would include configurations in accordance to vendor guidelines, industry regulatory requirements and best practices. |
Incident Response Services
Planning for an incidentBeing well prepared for a cyber incident is essential to ensure your incident response team can successfully navigate the tasks required to recover successfully. An effective cyber incident response relies on an agile and up-to-date incident response plan that is tailored to the organization’s environment, as well as access to experienced resources to supplement your in-house capabilities. Our incident planning service provides a detailed evaluation of the current state of your organization’s threat detection and incident response program against Applied Intelligence’s best practices, national and international standards and understanding of current attacker methodology. The resulting information provides the foundation for creating an updated incident response plan that includes guidance on preparation, anomalous behavior detection, incident management, technical response and communication plans. |
Preparing for an incidentPractice makes perfect is especially true when it comes to being prepared to successfully execute an incident response plan. Understanding the plan and team member roles and responsibilities is critical. Your team must routinely execute the plan against a variety of scenarios to develop the “muscle memory” required to perform well in a potential crisis situation. Whether a tabletop exercise or a mock attack, our experts lead the exercise that brings together all the required resources involved in the incident response plan, including senior management. Our incident exercises are tailored to your organization, business sector and specific internal teams and skill sets. We provide a way for all relevant team to experience the reality of cyber attack and prepare themselves to ensure they can respond successfully when it matters. |
Responding to an incidentWhen facing a major cyber incident, your organization must be prepared and staffed to respond effectively. Appropriate resources must be pre-arranged and readily available to ensure a swift and successful response without unnecessary delay and potential chaos. We can help with resources and procedures to ensure successful containment, remediation and recovery of a data breach. Our incident management process addresses requirements for investigation, communications, briefings and stakeholder engagement activities. |
Planning for an incidentBeing well prepared for a cyber incident is essential to ensure your incident response team can successfully navigate the tasks required to recover successfully. An effective cyber incident response relies on an agile and up-to-date incident response plan that is tailored to the organization’s environment, as well as access to experienced resources to supplement your in-house capabilities. Our incident planning service provides a detailed evaluation of the current state of your organization’s threat detection and incident response program against Applied Intelligence’s best practices, national and international standards and understanding of current attacker methodology. The resulting information provides the foundation for creating an updated incident response plan that includes guidance on preparation, anomalous behavior detection, incident management, technical response and communication plans. |
Preparing for an incidentPractice makes perfect is especially true when it comes to being prepared to successfully execute an incident response plan. Understanding the plan and team member roles and responsibilities is critical. Your team must routinely execute the plan against a variety of scenarios to develop the “muscle memory” required to perform well in a potential crisis situation. Whether a tabletop exercise or a mock attack, our experts lead the exercise that brings together all the required resources involved in the incident response plan, including senior management. Our incident exercises are tailored to your organization, business sector and specific internal teams and skill sets. We provide a way for all relevant team to experience the reality of cyber attack and prepare themselves to ensure they can respond successfully when it matters. |
Responding to an incidentWhen facing a major cyber incident, your organization must be prepared and staffed to respond effectively. Appropriate resources must be pre-arranged and readily available to ensure a swift and successful response without unnecessary delay and potential chaos. We can help with resources and procedures to ensure successful containment, remediation and recovery of a data breach. Our incident management process addresses requirements for investigation, communications, briefings and stakeholder engagement activities. |
| RETAINED | PREPARED | EMERGENCY |
| Retained service contract with priority response | Framework contact in place with experts on standby | Rapid response with no previous contract in place |
Managed incident readiness serviceRoutine reviews and updates are essential to keep pace with the cyber threat landscape and organizational dynamics. The Management Incident Readiness Services (MIRS) combines incident planning and preparing components into an annual service that ensures your organization is reviewed and improved annually. Additional benefits include a prearranged incident response framework and the comfort of knowing that our talented and experience incident responders are available for the organization at a discounted rate. |
403.984.2000
403.259.2243
303.740.7555 303.738.9777
