- Managed Services
- Security Engineering
- About Us
- News & Blog
Security Centric offer information and cyber security consulting services alongside professional engineering services. Founded in 2012, our mission is to genuinely help organisations better understand risk in the context of information security, and work with you to ensure appropriate measures are in place to effectively manage these risks on an ongoing basis.
Our Australian-based team of consultants and skilled engineers have extensive experience performing a range of cyber security services for organisations spanning across multiple industries, including government, banking and financial, manufacturing, retail, and health.
Security Centric consultants and engineers have applied a comprehensive information security methodology to protect the systems, services and environments entrusted to them by the owners of valuable, sensitive and sometimes highly classified information of the Department of Defence, the Intelligence community, and Federal Government agencies. Experience in these demanding environments has shaped the methodology, techniques and services which are also available to the commercial sector whilst achieving strong return on investment and cost effectiveness.
Security Centric has extensive experience with a number of compliance frameworks including PCI DSS for financial environments, IRAP and ISM for Government, sometimes classified, environments as well as the ISO 27000 range of international standards. Our involvement is both in understanding and architecting a solution as well as implementing the governance and technical solutions.
Using a risk-based approach to systems design, Security Centric is able to achieve the desired outcomes whilst maximising functional performance and minimising cost and schedule. With experience assessing security posture, evaluating and remediating against national and international compliance frameworks, and implementing numerous security solutions, Security Centric is well placed to provide security compliance and architecture guidance.
Security Centric has applied this expertise in technical, compliance and governance aspects of information security for numerous government and non-government organisations.
Business lines are arranged to facilitate the full lifecycle capability and also provide a ready-to-use information security function for our partners.
The consulting line features strong capabilities in business risk, governance, compliance including regulated industries and designing pragmatic security transformational projects.
|Risk||Best Practices||CSA, NIST, ASIC, APRA|
|Cyber Maturity Assessment||Privacy Act, ISO 27005, ISO 27017, ISO 27032|
|Penetration Testing||External Infrastructure, Internal Infrastructure, Web Applications, Wireless Networks, API, Social Engineering/Phishing, Industrial Systems|
|Compliance||Standards/Frameworks||ISO 27001 & 27017, IRAP ISM, PCI DSS, Privacy Act, NIST, GDPR, APRA, ASIC, NSW DISP.|
|Assessment||Scoping and Applicability, Gap Analysis, Pre-Audit (Preparedness), Cyber Security Maturity Assessment.|
|Remediation||Remediation Program Development, Governance Formation, Policy Development, Technical Control Implementation, Continuous Improvement Program, Certification, Program Management.|
A logical extension from this is a team of subject matter experts and engineers to either lead projects, provide targeted specialist advice or supplement existing engineer resources as required. This also ensures hands-on experience, usually across multiple vendors, drives pragmatic consulting recommendations rather than easy to recommend but difficult to implement or maintain audit findings.
|Hardening||Security Architecture Design, Windows, Linux, Access, Authentication & Authorisation, Process Control, IoT (Internet of Things).|
Our client partners commonly find that achieving a good security baseline is only part of the challenge, and thus Security Centric’s managed services unit has developed tools, techniques, processes, platforms and automation to maintain a chosen security posture over time whilst minimising the impact on internal resources and providing value for money.
Our clients make use of all of these units as required, performing as a de-facto information security department with numerous subject matter experts and ready-to-consume technology platforms, without the overhead and cost of building this capability internally. This extends over and above merely a monitoring service, but one that works alongside the board and executive to manage stakeholder expectations surrounding information security.
|Technical||Event Monitoring, Threat Detection, Technical Exposure Monitoring and Alerting, Security Program Management, Compliance Program Management.|
|Personnel||CISO as a Service, Security Architects, Change Review Board.|
|Proactive||Preparedness and Detection|
|Reactive||Response, Triage, and Forensic Analysis.|