Click on a tab for more information.

Do you believe you may be a victim of a security breach? How do you identify if you have? If you are one of the many businesses that have had a security breach, you may have experienced one or more of the following symptoms:

 
  • Inexplicably locked out of your account
  • Mysteriously additional accounts appeared on your systems
  • Unexplained data usage or spikes
  • Unauthorised changes have occurred
  • Email or website been blacklisted
  • Malware or viruses proliferated from your environment
  • Unusual ingress or egress data streams

Does your business need compliance with GDPR, ISO or PCI-DSS standards?
Maybe you align with COBIT or ISM, or just need a clear path on how to better your security.

If your business or department needs to be compliant, certified or align with ISO 27001/ 27002, PCI-DSS Security, Government standards (i.e. ISM, IS18) and other common security and risk management standards, then Intact Security can help. Intact Security consultants have extensive experience in helping businesses work with and understand regulatory standards.

Are you concerned about not knowing whether you have unknown holes within your business that could be causing you harm, jeopardizing your brand, or dulling your competitive edge?

Stop worrying about security and get Intact

Click on an icon below for more information.

Incident Management

A security incident affecting your business, albeit minor or major, can be catastrophic. It can cause losses such as:

  • loss of income
  • loss of brand confidence
  • loss of competitive edge
  • loss of availability

Intact Security recognizes the seriousness of experiencing a security incident, and can assist your business on how to best manage a security incident so that it is closed off quickly and prevented in the future.

Why does my business need to manage security incidents?

Your business may be likened to hundreds of other businesses in the market that are not even aware that they have been subject to a security incident which could impact them as outlined above. Intact Security can help your business to identify if they have suffered an attack or have experienced a security incident. We can tailor a security incident management system to benefit your business.

Intact Security will engage with the business on how to best perform containment of an incident, determining whether there are wider implications to your business.

Following the containment process, Intact Security will assist in eliminating the cause of the incident and perform analysis of the incident to ensure a swift and hasty recovery.

Reduce the anguish and worry of security incidents, leverage Intact Security to manage incidents from end to end.

Threat & Risk Assessment

With the increased state, federal and commercial requirements outlined in PCI standards, ISO frameworks and Commonwealth guidelines, the need to conduct threat and risk assessments are becoming almost mandatory for modern organisations.
Businesses must now be information security conscious, developing and implementing proper security controls based on the observations and results of their threat and risk assessments.

Why would I need a threat or risk assessment?

By conducting a threat and risk assessment an organisation can uncover weaknesses and vulnerabilities, which can be as simple as buildings being located in a flood zone, to a webserver which a hacker would find desirable to deface.
An Intact Security risk assessment can identify and prioritise the impact of these vulnerabilities based on how the businesses views the value and importance of these items.

How will a risk assessment help me?

The results of a risk assessment enable the business to make informed decisions of where to focus resources, the criticality/importance of certain assets and how and where to allocate budgets.

Intact Security can help your organisation uncover your weaknesses and vulnerabilities before they become problems. Call us today to find out how Intact Security can assist

Architecture Review

Having a firewall deployed within your business is critical to controlling the flow of network traffic inbound, inside and outbound of your organisation.
However, poor configuration of even the most effective firewalls can be rendered useless when not properly integrated and the rules they enforce are not well planned and implemented.

Why should I have a configuration review or architecture review?

Poor system configuration or architecture may cause systems to communicate in a less efficient or effective way and leave it vulnerable to unnecessary services. If these were to be exploited, they could provide a foothold for attackers and/or malware to propagate within your environment, reducing the security of your business.
It is important to first understand your specific business requirements, processes and functions; to then be able to translate these into an effective design and rule policy which can be enforced within the context of the current environment.

Intact Security offers a range of configuration, architecture and configuration reviews designed specifically to your business to ensure the protection of your network and systems.

Policy & Technical Strategy

Information security begins with sound security and business policies. A security policy establishes who is authorised to access different types of information, and points to standards and guidelines regarding how much and what kinds of security measures are necessary for your business.

What are the benefits of business policies and procedures?

Procedures provide the method for implementing those standards and guidelines in order to carry out the defined policy. Without defined policies and procedures, an organisation runs the risk of being misunderstood or misinterpreted by its employees. This may result in executing disciplinary measures if a violation or breach occurs.

Intact Security develops policies and procedures based on real-world experience that comply with the International Standard ISO 27001, Australian Information Security Manual (formerly ACSI-33), and satisfy audit standards such as CoBIT. In addition to the development of new documents, Intact Security also performs gap analysis and revitalises existing documentation to become achievable and appropriate.

Let the power of policy work for your business. Let Intact Security give you that power.

Treatment & Remediation

General Data Protection Regulation (GDPR)

Are you worried about privacy?

Whether you’re worried about the privacy of your or that of your customers, Privacy is a huge concern for everyone. With recent breaches of privacy and the blatant misuse of trust regarding private information (i.e. Cambridge Analytica) many individuals and businesses are scrambling to understand what information they have and whether it is exposed.

Further to this Europe have decreed that any organisation, whether it is within the EU or those that do business with with EU companies will now have stricter regulatory laws regarding privacy – enter the GDPR (General Data Protection Regulation).

GDPR – General Data Protection Regulation

The General Data Protection Regulation (GDPR) was promulgated by the European Union (EU) to  amalgamate data protection for all individuals within the EU, Great Britain, and other specific European based countries. GDPR replaces the Data Protection Directive 95/46/EC. The goal of the GDPR is to protect the personal information of all EU citizens/residents by setting standards for the collection, storage, sharing, transferring, processing, and management of various categories of personal information. It also addresses the export of personal information outside the EU. It is designed to standardise data privacy laws across the EU in order to “protect and empower all EU citizens’ data privacy and to reshape the way organizations across the region approach data privacy.” With the ever-growing threat of cybercriminals focusing their efforts on stealing personally identifiable information (PII), the GDPR is easily the most important and impactful regulatory scheme adopted by the EU in recent times.

Personal Information is the Focus

GDPR is 100% focused on protecting PII. That is, essentially, any information related to a Natural Person, referred to as a ‘Data Subject,’ that can be used to directly or indirectly  identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.

What this and other privacy concerns an individual or company may have had in the past has not had the spotlight shone on it, and furthermore there are real penalties if a business if found to have been negligent.

Its not all doom and gloom though. If your business deals with private information – personally identifiable information (PII) (of individuals), or corporate information which is deemed sensitive (in a similar context of PII), then you should consider conducting a Privacy Impact Assessment (PIA). This exercise identifies what is private information and where is resides, giving the business a laser beam focus on what it needs to protect. It can focus on structured data – data which is known and understood, but it can also focus on unstructured data – the data that may be duplicated, reside on a legacy storage device, etc. This way the business can make informed decisions as to how to protect such data.

If your organisation is concerned about privacy, is required to comply with GDPR, then contact Intact Security today to get more information on what is involved in a Privacy Impact Assessment (PIA).

Digital Service Providers:
Operational Framework

Do you know your obligations under the Digital Software Provider Operational Framework?

We help software developers to understand the ins and outs relating to their obligations under the DSP Operational Framework and moreover how to comply with the security requirements for digital providers set by the ATO.

The Digital Service Provider (DSP) Operational Framework is part of ATO’s response to business risks and security implications as they relate to handling digital information assets provided by the ATO (i.e. stemming from online or digital record-keeping). The Digital Service Operational Framework establishes how ‘SBR-enabled’ software developers will provide access to and monitor the digital transfer of data through software.

Scope of the Digital Service Provider operational Framework


If a Digital Service Provider provides a software product or service that reads, modifies or routes any tax, superannuation or payroll related information, then that DSP is in scope of the Framework and will need to meet the requirements. This includes DSPs that use an intermediary (such as a gateway or sending service provider (SSP)) to interact with the ATO.

The requirements include but are not limited to:

  • Authentication
  • Encryption
  • Supply chain visibility
  • Certification (ISO 27001, IRAP, SOC2 or OWASP ASVS3.0)
  • Data hosting
  • Personnel security
  • Encryption key management
  • Security monitoring practices
 

How Can Intact Security help

The framework utilises a risk based approach in determining the requirements needed for utilising the ATO’s APIs. It looks at factors such as the API risk rating, volume of accessible individual taxpayer or superannuation records and your operating model such as hosting and software delivery.

Identifying the requirements that are relevant to your business and meeting compliance obligations can be a daunting process to even the most seasoned of Security professionals. At Intact Security, we have expert security consultants available to guide you through all the necessary steps including:

  • Identifying the certification standard that best aligns with your business goals and budget (Simple, Accessible, Affordable)
  • Determining the requirements that are relevant to your business
  • Conducting a gap analysis and providing a roadmap for compliance
  • Remediation services including technology recommendation and implementation, policy development and setting up necessary controls
  • Assisting in self assessment activities (we have self-pace tool which makes it simple) and in evidence of compliance submissions to the ATO
 

Get an Intact Security consultant to contact you, answer your questions, and understand your specific requirements.

ISO 27001

Does your business want a foundation built on best of breed security practices?

If so, you may wish to align or certify with ISO 27001. ISO 27001 is the International Organisation for Standardisation (ISO) Information Security Management System (ISMS).

ISO 27001 formally specifies a management system that is intended to bring information security under explicit executive management control. Being a recognized formal specification, it mandates specific requirements which can be formally audited and certified as compliant.

Intact Security is an authorized and certified ISO 27001 auditor. We can assist your business in obtaining and/or maintaining certification. Or we can get you on the right track with business alignment to ISO27001 practices.

We can provide preparation services to make sure that when you do certify, you pass with flying colours. ISO/IEC 27001:2013 is the newest version, which supersedes ISO/IEC 27001:2006 the transition roadmap is will allow the organisations to be evaluated against ISO/IEC 27001:2006 for the near future (end of life is expected by Q1 2015).

Contact Intact Security today to see how we can best benefit your requirements.

The ISO standard can be purchased through SAI Global.

IRAP Assessment

InfoSec Registered Assessors Program (IRAP)

InfoSec Registered Assessors Program (IRAP) is managed and run by ASD. The program endorses individual ICT security assessors from the private and public sector as qualified to accredit up to PROTECTED level information security systems for government, and may provide assessments (pending security clearances) of:

  • gateways,
  • information systems,
  • Gatekeeper, and
  • Fedlink.

Endorsed IRAP assessors can provide an independent assessment of security, suggest mitigation strategies and highlight associated residual risks for an organisation. It is the aim of IRAP and endorsed assessors to assist government to safeguard Australian Government information.The program enables the engagement of an IRAP Assessor by any commercial or government entity requesting ICT security services.

IRAP assessments are conducted using the ISM and PSPF as guidance for establishing an organisations mandatory documents:

  • Scope of Applicability (SoA),
  • System Security Plan,
  • Risk Management Plan (Risk Assessment and Risk Treatment)

Compliance and Non-Compliance

There are two categories of compliance associated with ISM controls: ‘must’ and ‘should’. These compliance requirements are determined according to the degree of security risk an agency would be accepting by not implementing the associated control.

The Australian Signals Directorate’s (ASD) assessment of whether a control is a ‘must’ or a ‘should’ is based on ASD’s experience in providing cyber and information security advice and assistance to the Australian Government and reflects what ASD assesses the risk level to be.

Non-compliance with ‘must’ and ‘must not’ controls are likely to represent a high security risk to information and systems.

Non-compliance with ‘should’ and ‘should not’ controls are likely to represent a medium-to-low security risk to information and systems.

The Accreditation Authority is able to consider the justification for non-compliance and accept any associated residual security risk. Non-compliance with controls where the authority is marked ‘ASD’ must be granted by the Director ASD.

It is best to be compliant, however, identifying non-compliance allows you to identify, understand, know, mitigate and accept the associated risk.

IRAP Membership

IRAP Assessors must demonstrate a strong understanding of Australian Government information security policy and guidance, ICT systems and auditing practices. This is achieved through a combination of professionally recognised ICT and audit qualifications, relevant professional experience, tailored IRAP training by ASD endorsed IRAP training providers and the successful completion of an IRAP entrance examination. This results in IRAP Applicants will be recognised as IRAP Assessors on successful completion of the IRAP application process, training and examination. ASD will confirm successful IRAP membership with the IRAP Applicant (the list of IRAP assessors can be found here).

IRAP Assessment Process – How and Where do I Start?

Organisations seeking an assessment must demonstrate their intention to meet ISM and PSPF requirements is complete and sound. This is performed as a Stage 1 Audit. On successful completion of the Stage 1 audit, the assessor recommends proceeding to the Stage 2. The Stage 2 audit verifies that the intentions from Stage 1 are successfully implemented and effective. Should this meet compliance, the assessor submits a recommendation for certification.

How – Most organisations have no idea where to start when it comes to an IRAP security assessment. However there are a few simple steps you should adhere to.

  1. A pre-assessment should be conducted (commonly known as a Gap Analysis) – this process assists in determining what is; in-scope and out-of-scope, for the assessment. It also review the current “lay of the land” in terms of what the organisation currently does in relation to securing their organisation.
  2. Once the pre-assessment (Gap Analysis) has been completed the organisation will have an idea of what currently meets the requirements and areas which need to be addressed – either through documented responses, or implementation. This is the period where an organisation takes time to build out the requirements to meet the audit / assessment objectives.
  3. Stage 1  Audit – the Stage 1 audit, is where the IRAP assessor reviews all documentation in support of the system being assessed – essentially determining whether the system has considered the ISM and PSPF controls, is built on sound security principles and delivers the intent of the organisation to meet security objectives.
  4. Remediation may be required between the Stage 1 and Stage 2.
  5. Stage 2 Audit – the Stage 2 audit, is where the IRAP assessor reviews any outstanding documentation requirements and performs a technical assessment of the controls as detailed in the Stage 1 – verifying the delivery of these.
  6. At the completion of the Stage 2 Audit, the IRAP assessor drafts a Security Assessment Report, detailing all findings and analysing the outcomes from a risk based perspective in the context of the government information the provider intends to utilise – this report is owned by the provider but is supplied to the government organisation the provider is seeking accreditation/certification from.

If you have any questions regarding the process, how to engage an IRAP assessor or how an IRAP assessor can assist you in a positive outcome, Contact us today.

IRAP and Intact Security

Martin Quinn (Intact Security Principal Consultant) has undertaken and achieved status as a IRAP assessor. Intact Security now has the capability to perform assessments on behalf of government agencies, or conduct preparation activities for commercial and non-commercial organisations seeking to undergo an IRAP assessment.

Should your organisation need an IRAP assessment or require assistance to prepare for an assessment, Intact Security can assist. Contact us today.

IRAP Certified Cloud Services List (CCSL)

ASD has awarded ASD Certification to the listed cloud service providers for specified cloud services.

ASD has issued the providers with both a:

  • Certification Letter outlining the details of the certification and describing the conditions of holding certification and when re-certification may be triggered.
  • Certification Report which provides customers with an overview of the security aspects which should be considered prior to accreditation.

IRAP Security Assessments and ASD Certification are based on the Australian Government Information Security Manual. Australian Government agencies should review the ASD Cloud Computing Security documents, which describe security risk mitigation associated with cloud computing. In addition, Australian Government agencies must perform due diligence reviews of the legal, financial and privacy risks associated with procuring cloud services (which this certification does not include). The current list of Certified Cloud Services can be found here.

More information regarding specific vendors can be found via the following links:

PCI Security Standards

Does your business deal with credit card transactions?

If so, you may need to be PCI-DSS compliant. The Payment Card Industry – Data Security Standard is the standard created by Visa, MasterCard, Discover and American Express to combat credit card fraud.

Intact Security can help you obtain and maintain compliance or alignment with the PCI-DSS standard.

Call Intact Security today to see how we can assist you.

PCI-DSS 11.3 Penetration Test

Section 11.3 of the Payment Card Industry Data Security Standard (PCI-DSS) requires that to obtain certification and ongoing compliance, organisations must:

11.3 Perform penetration testing at least once a year and after any significant infrastructure or
application upgrade or modification (such as an operating system upgrade, a sub-network added
to the environment, or a web server added to the environment). These penetration tests must
include the following:
11.3.1 Network-layer penetration tests
11.3.2 Application-layer penetration tests

This may seem vague but is intended to give organisations the flexibility to  better perform tests which are relevant to their environments. These penetrations tests, do not need to use a certified PCI QSA or PCI ASV. The key is that the organisation must use experienced penetration testers (who  have performed penetration tests professionally).

Intact Security hold industry recognised certifications in Penetration Testing by the SANs Institute (GPEN) and is a member of OWASP (Open source Web Application Security Project).

Intact Security have the expertise and experience to undertake and perform your next PCI-DSS penetration test and at a competitive and cost effective price.

APRA PPG 234

Is your oganisation required to comply with APRA PPG 234?

The Prudential Practice Guide (PPG) has been drafted by APRA and aims to assist institutions in the management of security risk in information and information technology (IT). It was designed to provide guidance to executive management, risk management and IT security specialists.

The PPG targets areas where APRA continues to identify weaknesses as part of its ongoing supervisory activities. If yours is one of those regulated businesses subject to meeting APRA’s prudential requirements you may have difficulty in identifying the complex aspects outlined in the PPG, while still achieving and delivering your business goals.

Intact Security can assist your business in achieving compliance and find clarity with the PPG requirements relevant to your business.

Call or email Intact Security today.

Australian Privacy Principles (APP)

Does your business need to comply with the Australian Privacy Principles?

The new Australian Privacy Principles have amended the old to regulate the handling of personal information for both Australian government agencies and private businesses alike.

They replace the 10 National Privacy Principles with 13 Australian Privacy Principles, and have expanded to provide guidance on direct marketing, and cross-border (outside Australia) disclosure of information.

The amended principles have also granted enhanced powers to the Australian Information Commissioner to enforce adverse findings, seek civil penalties for serious or repeated breaches of privacy and given the Office of Information Commissioner the ability to conduct assessments of privacy performance.

These changes will come into force from the 12 March 2014 and apply to businesses which generate more than $3 Million in revenue and deal with personal information.

Intact Security can help your business implement and comply with the Australian Privacy Principles in a relatively short period of time. Whether you need to overhaul your current policies and processes or whether you’re starting from scratch, Intact Security can take the worry out of it.

Call Intact Security today for an obligation free quote on (02) 8060 1113 or email.

COBIT

Control Objectives for Information and Related Technology (COBIT)

COBIT is a framework which focuses on management bridging the gap between requirements, technical issues and relates them in context to business risks.

Successful organizations understand the benefits of information technology (IT) but most struggle with how IT relates to business processes; how this feeds the demands of regulatory compliance and the benefits of managing risk.

COBIT is an IT governance framework and supporting toolset that allows managers to bridge these gaps. COBIT enables clear policy development and good practice for IT control throughout and organisation.

COBIT emphasizes regulatory compliance and helps organizations to increase the value attained from IT through the COBIT framework.

Intact Security can assist your business in demystifying the COBIT framework, the jargon used and how it will benefit your business best.

Information Security Manual (ISM)

External link

NSW Digital Information Security Policy

External link

VIC WoVG Information Security Management Framework (VAGO)

External link

Queensland Government Information Security Policy – IS18:2018

External link

ITIL – Information Technology Service Management

External link

OWAP Top 10

External link

SANs Top 25 Security Errors

External link

Penetration Testing

Penetration Test aka. Ethical Hacking

Penetration Testing (pen test), is an essential testing technique to combat the ever increasing threat of hackers (both internal and external) and the challenges modern businesses face today. A penetration test simulates what an attacker performs so that when a real threat occurs, the rate of success is foiled or drastically reduced. It also evaluates the level of security within your organisation by identifying known and unknown security vulnerabilities across your networks, servers and applications.

During a penetration test, Intact Security combines both manual and automated techniques (including firewall penetration testing) using penetration testing software to help ensure your sensitive data is properly protected and that compliance requirements are being met.

Are there different types of tests?

Penetration tests vary in the approach taken. A pen test can follow either a black box or a white box testing technique.
Black box testing refers to a method of testing in which there is no knowledge of the systems or infrastructure to be tested. The black box technique most closely resembles an external hacker who has little to no understanding of the systems in place.
In contrast, white box testing refers to a method of testing where the tester has a working knowledge of the underlying infrastructure – network, servers and applications. This information is provided by you prior to commencing the testing. White box testing allows for a more targeted approach and allows for the testing to be completed in a shorter timeframe.
Our methodology is in accordance with best practice standards and incorporates guidelines from OSSTMM, NIST, OWASP (Open Web Application Security Project) and include all classes of WASC attacks in our penetration tests.

Ok, I have had a test but what is all this techno jargon?

After conducting a penetration test we provide a comprehensive report telling you exactly where your vulnerabilities are and how to secure your business against real attacks. The reports are easy to understand and have the right balance of non-technical information so that senior managers will understand the recommendations, and the detailed technical feedback which your IT and security team can immediately action. Saving your business time and money.
Close off your security gaps today by learning what the bad guys see before they see it.

Call Intact Security today to understand how we can help you.

Privacy Impact Assessment

Are you worried about privacy?

Whether you’re worried about the privacy of your or that of your customers, Privacy is a huge concern for everyone. With recent breaches of privacy and the blatant misuse of trust regarding private information (i.e. Cambridge Analytica) many individuals and businesses are scrambling to understand what information they have and whether it is exposed.

Further to this Europe have decreed that any organisation, whether it is within the EU or those that do business with with EU companies will now have stricter regulatory laws regarding privacy – enter the GDPR (General Data Protection Regulation).

GDPR – General Data Protection Regulation

The General Data Protection Regulation (GDPR) was promulgated by the European Union (EU) to amalgamate data protection for all individuals within the EU, Great Britain, and other specific European based countries. GDPR replaces the Data Protection Directive 95/46/EC. The goal of the GDPR is to protect the personal information of all EU citizens/residents by setting standards for the collection, storage, sharing, transferring, processing, and management of various categories of personal information. It also addresses the export of personal information outside the EU. It is designed to standardise data privacy laws across the EU in order to “protect and empower all EU citizens’ data privacy and to reshape the way organizations across the region approach data privacy.” With the ever-growing threat of cybercriminals focusing their efforts on stealing personally identifiable information (PII), the GDPR is easily the most important and impactful regulatory scheme adopted by the EU in recent times.

Personal Information is the Focus

GDPR is 100% focused on protecting PII. That is, essentially, any information related to a Natural Person, referred to as a ‘Data Subject,’ that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.

What this and other privacy concerns an individual or company may have had in the past has not had the spotlight shone on it, and furthermore there are real penalties if a business if found to have been negligent.

Its not all doom and gloom though. If your business deals with private information – personally identifiable information (PII) (of individuals), or corporate information which is deemed sensitive (in a similar context of PII), then you should consider conducting a Privacy Impact Assessment (PIA). This exercise identifies what is private information and where is resides, giving the business a laser beam focus on what it needs to protect. It can focus on structured data – data which is known and understood, but it can also focus on unstructured data – the data that may be duplicated, reside on a legacy storage device, etc. This way the business can make informed decisions as to how to protect such data.

If your organisation is concerned about privacy, is required to comply with GDPR, then contact Intact Security today to get more information on what is involved in a Privacy Impact Assessment (PIA).

Configuration Review

Dot the I’s and cross the T’s
Having a firewall deployed within your business is critical to controlling the flow of network traffic inbound, inside and outbound of your organisation.
However, poor configuration of even the most effective firewalls can be rendered useless when not properly integrated and the rules they enforce are not well planned and implemented.

Why should I have a configuration review or architecture review?

Poor system configuration or architecture may cause systems to communicate in a less efficient or effective way and leave it vulnerable to unnecessary services. If these were to be exploited, they could provide a foothold for attackers and/or malware to propagate within your environment, reducing the security of your business.
It is important to first understand your specific business requirements, processes and functions; to then be able to translate these into an effective design and rule policy which can be enforced within the context of the current environment.

Intact Security offers a range of configuration, architecture and configuration reviews designed specifically to your business to ensure the protection of your network and systems.

Data Leakage Protection

Intact Security recognises that each organisation is unique in the way that they do business. Many businesses have embraced the explosion of web based technologies, making information on demand more easily available. However, this availability may be to those who should have access and also to those that shouldn’t.It is simply becoming increasingly harder to manage the entry and exit points of your business, through email, web, network, file transfer, USB, Apple iPhone or any other piece of technology capable of storing information. Organisations either don’t monitor these points, aren’t capable of controlling them, or in worst case aren’t aware of them.

Why should I prevent data leakage?

Email is the most prolific avenue for data loss. It is incredibly easy to attach documents, spreadsheets, database files and the like into an email with a distribution list extending beyond the corporate email domain. USB keys and other portable media such as music players, external hard drives, CD/DVD ROMs etc all provide high density, low form factor options to extract information from corporate systems. Laptops themselves are designed to be portable devices and are frequently lost or stolen with inordinate amounts of sensitive data on them.

Proposed changes to the Privacy Act in Australia will mean that it is likely there will be an obligation to disclose sensitive data lost via security breaches in the not too distant future.

Intact Security can provide a number of existing technologies which can be deployed to address the various loss vectors (e.g. encrypted laptop hard disks, encrypted USB keys, email gateway monitoring). When these are combined with appropriate governance they can provide an effective solution to data leakage across the business.The time to act on protecting corporate and client information is now. Ensure your security is Intact.

Call or email Intact Security today.

Security Awareness & Education

Intact Security can help teach your staff the fundamentals of security, how to recognise and detect an attack or security incident when it has occurred or while its occurring.

Intact Security uses real life examples to demonstrate security awareness concepts so that employees understand what a web browser SSL certificate error means, what social engineering is and what a phishing email attacks is, among others.

The Security Awareness Training program can increase your organisation’s security awareness in order to prevent your weakest layer of security – your staff.

Leave the security awareness training to those that live and breathe it… Intact Security.

HEADING

BUBBLE. BUBBLE. BUBBLE. BUBBLE. BUBBLE. BUBBLE. BUBBLE. BUBBLE. BUBBLE. BUBBLE. BUBBLE. BUBBLE. BUBBLE. BUBBLE.