Assessment and Assurance Services
Vulnerability Assessment Service
This is a unique service that allows an organisation to perform periodic independent assessment of their systems (both internal and external) at a fraction of a cost. This service provides an assurance to the organisation that the host operating system and application vulnerabilities are identified early and resolved in time to give the organisation the best ongoing protection against existing risks as well as new and emerging threats.
Across Verticals provides security risk assessment and assurance services in following areas:
  • Network Security Architecture
  • Application Security Architecture
  • Host Security Assessment
  • Source Code Review
  • Wireless Security
  • VOIP Security
  • SCADA Security
  • Internet of things (IoT) Security
  • ERP Security
  • Data Security and Privacy
  • Data Security and Data Loss Prevention
  • Software Development Life Cycle
  • System Hardening Management and Framework
  • Patch and Vulnerability Management and Framework
  • Security Threat Modelling
  • Cyber Threat Risk Management and Framework
  • Security Monitoring Management and Framework
Compliance and Regulation
Across Verticals professionals have extensive experience in performing risk assessments based on regulatory and compliance requirements for major financial institutions, telcos and Critical National Infrastructure in the Australasian region. The assessment includes organisational policies, processes, procedures and technical implementations against industry best practices and benchmarks. We have developed common enterprise framework and dashboard with minimum control baselines to support organisations especially if the organisation is impacted by several regulatory and compliance requirements due to operations in several countries.

Our services include assisting organisations to meet obligations due to regulation and compliance.
  • APRA Australia
  • Bank Negara Malaysia
  • Monetary Authority of Singapore
  • Bank of Thailand
  • Bank of Indonesia and others
  • PCI DSS Compliance
  • ISO 27001/2
  • Enterprise Security Policies and Standards
  • Security Risk Management
  • Disaster Recovery Plan
Cyber Security Testing
Network Penetration Test
This testing is based on mature industry standard like the Open Source Security Testing Methodology Manual (OSSTMM). This criterion based testing includes:
  • Network Surveying
  • Application Testing (Review client scripts, SSL, broken links etc)
  • Port Scanning
  • Trusted Systems Testing
  • Services Identification
  • Firewall, router, switch testing
  • System Identification
  • Denial of Service (DOS) Testing (Based on client request)
  • Vulnerability Research Verification

Web Application Penetration Test
This testing is based on mature industry standard like Open Web Application Security Project (OWASP) and Web Application Security Consortium (WASC) standards. This criterion based testing includes:
  • Authentication
  • Session Management
  • Authorisation
  • Data Security
  • Data Validation
  • Exception Handling
  • Communications Security
  • Systems Security

Mobile Application Penetration Test
This testing is based on mature industry standard like OWASP Mobile Security Project and OWASP Mobile Application Security Verification Standard (MASVS). This criterion based testing includes:
  • Architecture, design and threat modelling
  • Data Storage and Privacy
  • Cryptography
  • Authentication and Session Management
  • Network Communication
  • Platform Interaction
  • Code Quality and Build Settings

Intelligence Led Penetration Test
The Intelligence-Led Penetration Testing (ILP) Services that Across Verticals provide combine two main cyber security services into one: Threat Intelligence and Penetration Test services.

Across Verticals perform testing by adopting the mind-set of specific, relevant recent cyber threats and more closely mimic the approaches that real, current threat actors can adopt in attacking the network; identifying relevant security weaknesses, vulnerabilities and possible attack vectors in the process. The testing is conducted to try attacking emulating the approach a real hackers would take for our customer to have a clearer picture regarding their ICT assets' security posture.

Other security testing services provided are;
  • Commercial off the shelf (COTS) product security testing
  • Mobile application Testing
  • ICS/SCADA applications, devices and product security testing and assurance (Based on Industry benchmark the Achilles Level 1 and Level 2 Certification)
Information Systems Security Academy

Knowledge Excellence Professionalism

Information Systems Security Academy™ (“ISSA”) is a specialised security training academy that provides professionals holistic, framework based and end to end security training services. The training programs are uniquely developed to enhance skills of the professionals as the skill can be applied to the job immediately after the completion of the course.

Our trainers have technical hands on experience in both end user and consulting environment and therefore bring a unique perspective to the training – something that works.

Our trainers understand that one size does not fit all, therefore our training is interactive, immersive with ample hands on examples to allow participants to relate learning to their work environment.

Information Systems Security Academy (“ISSA”) has already provided training to several organisations and businesses in following areas:
  1. Cyber Security (APT) assessments and control assurance
  2. Cloud Security assessments and controls assurance
  3. Cyber security and fraud and controls assurance
  4. Technical application and infrastructure testing

Some of our training courses include:
  • Security Risk Management
  • Security Framework, polices , compliance
  • Secure Software Development Life Cycle
  • Application Security Framework, governance and assurance
  • Application and Infrastructure security testing
  • Security Hardening Framework, standards and implementation
  • Security Patch and vulnerability Management Life Cycle
  • Specific technology related skill courses
  • Secure code review
  • Infrastructure and application penetration testing
  • Secure application architecture design, implementation and assurance
  • Information Security continuous monitoring, governance and assurance
  • Enterprise Security logging and monitoring framework, governance, assurance
  • Log Management Planning, architecture, retention
  • Physical security monitoring
  • ICS/SCADA Security

Enterprise Security Awareness Program:
While enterprises spend millions in maintaining and building IT security technologies, more often than not a critical piece in the security value chain “the people”. The people are the operators of technology together with the operational processes that interact with technology. Secure behaviours practiced by the employees can ensure sustainable returns on information security by preventing human error, phishing and increasing the responsiveness to security incidents.

Across Verticals provides a comprehensive enterprise security awareness program that is targeted, flexible and measurable. This allows regular updates and modification to the program based on the assessment metrics to ensure relevance and thereby providing higher returns on security investments.

Across Verticals believes that true behaviour change of the people requires an interactive security awareness program with multiple touch-points throughout the year. Across Verticals provides Security awareness program that is proven and effective, incorporating online general awareness courses with role-based options, topical posters, videos, newsletter, and email campaigns to ensure security best practices are reinforced.

The content is delivered by videos that are SCORM compliant. The videos will cover following topics.
  • Definition of key cyber security awareness terms
  • Practical examples of security threats and vulnerabilities
  • Importance of individual responsibility
  • Social Engineering
  • Email Safety
  • Internet safety
  • Access control & Passwords
  • Data Protection and Destruction
  • Mobile Security
  • Phishing
  • Identity theft
  • Threats and virus protection
  • Physical Security

The length of the overall training is approximately one hour. We can break the training duration into half hour, fifteen minutes depending on the need of the organisation.