CertX Cyber Security Checkup Package

Companies today are moving more and more of their vital infrastructure online; and this makes them more vulnerable to cyber attacks. The failure to institute proper cybersecurity technologies and processes means that you risk exposing your organization to many different cyber threats. If your company does fall victim to a cyber attack, you not only run the risk of losing money, but you may also lose sensitive data and the trust of your customers/clients.

At CertX we strongly believe that awareness across all businesses is paramount if we would like to reduce the number of cyber attacks. Of course, we are aware that setting up a secure framework addressing techologies, processes and human factors can require a significant amount of resources (skills, time, budget) depending on the context. That is representing one of the main reason why keeping a pragmatic approach to cyber risks is a key topic.

for that purpose, we decided to launch a new kind of services which aims to increase the awareness of any type of company regarding its own security posture:

the CertX Cyber Security Checkup Package (CSCP).

 

 

It could be compared to a typical assessment project but a CSCP is aiming to be more pragmatic in its approach. Here the idea is to go beyond of the scope of an evaluation against a specific reference document (such as a standard, norm, regulation or even a guideline) and think about the specific properties of any targets, identify its weakest point on a system-level and recommend good references for the specific need of a organization.

In spite of the lack of one-fits-all solution, our main goal is to help our clients to tackle cyber security challenge in pragmatic, holistic, transparent, affordable and efficient way.

CSCP Process details

Independently from the target, a CSCP project always follows the same 4-steps approach as follow:

  1. Scope definition – Definition of the scope of the project (which systems/processes…)
  2. Reference applicability study – Identification of the reference documents, regulations, standards and guidelines, relavant the customer specific context.
  3. High-level analysis of the current security posture – Based on sector-specific properties, identifications of major threats potential weak points
  4. Results – Formalization of the project results in a Cyber Security Checkup report

CSCP projects are tailored to be executed on two weeks to allow our clients to rapidly get feedbacks and potentially initiate subsequent activities based on relevant results. Of course, CertX remains available for more specific and advanced assessment activities, as well as complete certification under accreditation rules if needed (see our full cyber security portfolio here).

Pragmatic pricing for a pragmatic service

As described above, our goal is to propose CSCP’s to any type of company. We are thinking that cyber security should not be reserved to world-sized organization but for any company which are interested by delivering secure and reliable products and services to their customers. To meet our purpose, we defined fully transparent and affordable pricing list which is strongly based on the size of your company as follow:

  • Cat.A: Company size < 10 employees
  • Cat.B: 10 employees < Company size < 25 employees
  • Cat.C: 24 employees < Company size < 50 employees
  • Cat.D: Company size > 50 employees

Use cases

#1 - SME working in the construction sector

Learn more

The business model of this 40-employees company is to design, build and install custom kitchens in new construction. Several department of the organisation use specific connected tools for achieving different purposes.

Regarding industrial part first, the company operates some CNC-machines (Computer Numerical Control) for building kitchen modules while design docs are developed in the office part of the site. This network part also includes administration and financial department of the company on a common business network.

In that context, the company is clearly working in an environment intrinsically subject to cyber attacks. Even if the company does not develop their own devices/network parts, secure operations of these systems and the entire architecture should be considered as cyber security critical for ensuring continuous activities

CertX could propose a CSCP-I to investigate the best practices to be followed by this company and identify potential existing weak spots.

#2 - Large SME working in the automotive sector

Learn more

The business model of this 150-employees company is to provides (development & production) ECU’s for several application in the automotive sector. Several department of the organisation use specific connected tools for achieving different purposes.

Regarding industrial part first, the company operates SCADA infrastructures for producing final products while design, implementation and testing activities are executed in the office part of the site. This network part also includes administration and financial department of the company on a common business network.

In that context, the company is clearly working in an environment intrinsically subject to cyber attacks, and on different level. First, secure operations of these systems and the entire architecture should be considered as a cyber security critical for ensuring continuous activities, therefore, some activities could be realized on organizational level. In an other hand, end product produced by the organization could aslo be subject to cyber security related activities to ensure that these will not compromise the system of the customers

CertX could propose either a CSSP-C for evaluating cyber risks on ECU level or a CSCP-I to investigate the best practices to be followed internally by the company and identify potential existing weak spots.

#3 - SME working in the medical devices sector

Learn more

The business model of this 30-employees company is to provides (development & production) several types of medical devices (such as smart insulin pump) and respective backend services for data analytics. Several department of the organisation use specific connected tools for achieving different purposes.

In that context, the company is clearly working in an environment intrinsically subject to cyber attacks, and on different level. On internal network level as well as on medical device and/or backend services, cyber threats should be taken into account in order to reduce cyber risks to an acceptable level.

CertX could propose either a CSSP-C for evaluating cyber risks on the medical device itself, a CSCP-S targeting the ecosystem including the medical device and backend services or a CSCP-I to investigate the best practices to be followed internally by the company and identify potential existing weak spots.

#4 - Start-up working in the financial sector or as consultant for any sectors

Learn more

The business model of this 4-employees start-up is to analyze and support their customers through consultancy services. Due to its current size, the organization is flat and ready-to-use solutions have been privileged.

Even if the company does not develop their own solutions, some proprietary internal data as well as documentation from customers are stored/handled. Of course, the company is directly connected to the internet for emailing, cloud sharing and research activities

In that context, the company is clearly working in an environment intrinsically subject to cyber attacks. Even if the solutions have been selected based on some cyber security requirement, secure operation of thoses tools should be ensured for assuring continuous activities. Biggest topics here are account management, autorization schemes, passwords, data privacy…

CertX could propose a CSCP-I to investigate the best practices to be followed by this company and identify potential existing weak spots.

Contact

Kilian Marty
Head of the Cybersecurity department
kilian.marty@certx.com
T +41 26 309 29 94

CertX AG
Ancienne Papeterie 460
1723 Marly
Switzerland
T +41 26 309 29 99
View on Google Maps