Cyber Security Strategic Consultancy

Cyber Security Strategic  Consultancy

For C-Level Executives

Plan and develop long term cybersecurity strategies and middle term tactical plans

These consulting services are based on maturity level determination and the principle of necessity and proportionality.

  • Realistic view about the existing cybersecurity exposure of the organization
  • Sparing unnecessary expenditure
  • Preparing for the worst possible scenario
  • Creating sustainable cybersecurity systems

Industries

Government

Energy

Law enforcement & Military

Waterworks

Sport events

Smart City

Cloud strategies

Transportation

Fields

Security Operation Centers

Securing industry 4.0 projects

Mitigate ICS/OT cyber exposure

Moving to the cloud

Incident response

Develop frameworks for international events

Planning a Smart City concept

Secure by design

„The assessment result that is systems procedures is under the baseline. Now our bank has a 3 years plan on how to figure it out. That was a pleasure to work  with Black Cell.”

Richard, Finance sector

KEY STEPS

Analyse internal environment

Analyse external environment

Determining issues / Identifying gaps

Formulate objectives / Set up goalds based on assessment

Strategy Plan

Internal Assessment

PEOPLE

PROCESS

TECHNOLOGY

BUSINESS

DATA PROCESSING

Internal process descriptions
Training materials
Internal and external audit reports
Internal and external cybersecurity risk assessment

VALIDATION

Validating the collected data via interviews and international standards

OSINT
Vulnerability assessment
Penetration testing
Red teaming
Social engineering

MEASURING CAPABILITY MATURITY

VALIDATION

War game

CROWN JEWEL ANALYSIS

MISSION OBJECTIVES

Mission objectives and priorities come from the senior leader inputs

OPERATIONAL TASKS

Tasks and mission dependencies come from manager inputs

INFORMATION ASSETS/SYSTEM FUNCTION

Information and task dependencies come from operator inputs

CYBER ASSETS

Cyber and information dependencies come from tech inputs

External Assessment

Cyber Threat Intelligence

Monitoring
Malwarelab
Real time threat feeds
Lightning fast search

Experience

Defensive services
Consultancy
Offensive services
Managed security services

International Information Sharing And Analysis Centers (ISAC)

Sector/industry specific feed from companies
Subject matter experts
Scientific institutions

Determining the actual maturity level of the organisation and identifying the “gaps” between current and future/desired maturity levels in order to set up the goals to be achieved.

Defining goals based on the results of assessments carried out by Black Cell

Short term

Long term

Process goals

Outcome goals

Strategy Plan

Enterprise Level

Assessing the existing strategy from a cybersecurity point of view [based on the results of assessment procedure]

Enriching the strategy with cybersecurity elements [high-level]

Breaking down high-level vision/strategy into actionable activities for division

Division Level

Assessing the existing strategy from a cybersecurity point of view [based on the results of assessment procedure]

Enriching the strategy with cybersecurity elements [high-level]

Translating activities into specific tasks

KPI

RACI Matrix

Budget Plan

Monitoring

Incentives

Cyber Security Strategic  Consultancy

For Technical Operators

Assessment

Before we start planning we should have a clear view of the organizations current status and the visions.  There could be happening based on the existing audits, policies, documented processes, interviews or Black Cell Cyber Security Strategic Consulting team own methodology. Latter includes mostly quantitative analyses like the Crown Jewels Analysis or another objective assaying.

Our target to estimate the maturity level of:

  • Competencies
  • Technical capabilities
  • Policies
  • Processes

Set Up Realistic Goals

After we have proper data about the cyber ecosystem we could set a goal, goals, and create necessary frameworks, like SOC codex, inhouse knowledge base, wiki, CMDB, etc.

These goals have to be reachable and objective.  To achieve objectivity we need to lean on numbers and pure math. Our team maturity frameworks born for these tasks.

We plan strategically for 3 years in general.

Tactical planning

When we see clearly the long term vision we may set up a roadmap with strict KPI’s and we could start working on these cross-department projects.

First year

  • Have a proper map and knowledge about the cyber ecosystems
  • Develop detection capabilities via proper use case. | This is generally done by matrixes and depends on the cardinality of the use cases.
  • Develop an incident response plan
  • Set up the roadmap for the employee skill development | Develops in-house e-learning or outsource it

Second year

  • Implement a SIEM system | The previously defined use case should be implemented for and have to be synchronized
  • Start using the SOAR system | To cut the budget on employ Level 2-3 analyst on work a Level 1
  • Test the stack via synchronized RED team TTX (Tabletop Exercise) called War Game
  • Start using industry-specific cyber threat intel and join communities (ISACs)

Thrid year

  • Set up your Threat Hunting team and the roadmap to develop its maturity
  • Set up local malware lab
  • Start using ML-based anomaly detection | Develop in-house training model, for example, HTTP anomalies
  • Set up deception-based detections

Operative planning

Even we have tactical goals like moving to the cloud or set up a local DFIR ( Digital Forensics and Incident Response) team the operative plan should be as granular as possible because, for example, set up SLA with ticket-based penalties is a serious commitment and could cost money. Logical and administrative tasks should be synchronized. These also require the most accurate planning with mathematical modeling.

Exemplary excerpt about our technical mindset:

Network Intrusion and anomaly detection: three-level IDPS system development

  • First-quarter:
    • Proper network segmentation
    • NAC designing
  •  Second-quarter:
    • IPS deployment
      • vendor testing matrix
        • cost: 70 point features and function 30 points (based on the clients wish)
        • test with malicious pcap’s, Ddos, usability, etc
        • support
  •  Third-quarter:
    • IDS with each network segment
    • TAP or SPAN Port, Packet Broker
    • Suricata based IDPS engine
    • Custom and CTI based YARA rules
    • Support threat hunting team
  • Fourth-quarter:
    • Anomaly detections
      • Detect DGAs | Ngrams, and entropy-based DNS entry checker runs on an Apache Spark
      • HTTP/HTTPS anomalies | Harvest user agent strings via Zeek IDS and run a Bayesian or CRM114 ML against with a locally developed training model

Review

Our service includes the support and maintenance regarding the strategical yearly review, the tools what we hand over and 24-hour email response 3 hours call back and 5 working days onsite – based on an agreement level.

Top