CertX Cyber Security Checkup Package
More and more of their vital infrastructure goes online making them more vulnerable to cyber attacks. The failure to institute proper cybersecurity technologies and processes means that you risk exposing your organization to many different cyber threats not only loss of sensitive data and money, but also the trust of your customers/clients and in the worst case endangering people and environement by hijacking your operational equipment..
At CertX we strongly believe that awareness across all businesses is paramount if we would like to reduce the number of cyber attacks and offer CertX Cyber Security Checkup Package (CSCP) which increases the awareness regarding your security posture and providing you guidance in further steps to increase it.
Our CSCP go beyond typical cyber security assessmentis (such as standards, norms and regulation) and considers the specific properties of any targets, identify its weakest point on a system-level and recommend good references for the specific need of a organization.
In spite of the lack of one-fits-all solution, our main goal is to help our clients to tackle cyber security challenge in pragmatic, holistic, transparent, affordable and efficient way.
“There are only two types of companies: those that have been hacked, and those that will be” - FBI Director, Robert Mueller
CSCP Process details
Independently from the target, a CSCP project follows a 4-steps approach:
- Scope definition – Definition of the scope of the project (which systems/processes…)
- Reference applicability study – Identification of the reference documents, regulations, standards and guidelines, relevant the customer specific context.
- High-level analysis of the current security posture – Based on sector-specific properties, identifications of major threats potential weak points
- Results – Formalization of the project results in a Cyber Security Checkup report
CSCP projects will be executed in two weeks to allow you to rapidly get feedbacks and potentially initiate subsequent activities based on relevant results.
CertX can suport you later on for more specific and advanced assessment activities, as well as complete certification under accreditation rules if needed (see our full cyber security portfolio here).
Pragmatic pricing for a pragmatic service
As described above, our goal is to propose CSCP’s to any type of company. We are thinking that cyber security should not be reserved to world-sized organization but for any company which are interested by delivering secure and reliable products and services to their customers. To meet our purpose, we defined fully transparent and affordable pricing list which is strongly based on the size of your company as follow:
- Cat.A: Company size < 10 employees
- Cat.B: 10 employees < Company size < 25 employees
- Cat.C: 24 employees < Company size < 50 employees
- Cat.D: Company size > 50 employees
Use cases
#1 – SME working in the construction sector
LEARN MORE
The business model of this 40-employees company is to design, build and install custom kitchens in new construction. Several department of the organisation use specific connected tools for achieving different purposes.
Regarding industrial part first, the company operates some CNC-machines (Computer Numerical Control) for building kitchen modules while design docs are developed in the office part of the site. This network part also includes administration and financial department of the company on a common business network.
In that context, the company is clearly working in an environment intrinsically subject to cyber attacks. Even if the company does not develop their own devices/network parts, secure operations of these systems and the entire architecture should be considered as cyber security critical for ensuring continuous activities.
CertX could propose a CSCP-I to investigate the best practices to be followed by this company and identify potential existing weak spots.
#2 – Large SME working in the automotive sector
LEARN MORE
The business model of this 150-employees company is to provides (development & production) ECU’s for several application in the automotive sector. Several department of the organisation use specific connected tools for achieving different purposes.
Regarding industrial part first, the company operates SCADA infrastructures for producing final products while design, implementation and testing activities are executed in the office part of the site. This network part also includes administration and financial department of the company on a common business network.
In that context, the company is clearly working in an environment intrinsically subject to cyber attacks, and on different level. First, secure operations of these systems and the entire architecture should be considered as a cyber security critical for ensuring continuous activities, therefore, some activities could be realized on organizational level. In an other hand, end product produced by the organization could aslo be subject to cyber security related activities to ensure that these will not compromise the system of the customers.
CertX could propose either a CSSP-C for evaluating cyber risks on ECU level or a CSCP-I to investigate the best practices to be followed internally by the company and identify potential existing weak spots.
#3 – SME working in the medical devices sector
LEARN MORE
The business model of this 30-employees company is to provides (development & production) several types of medical devices (such as smart insulin pump) and respective backend services for data analytics. Several department of the organisation use specific connected tools for achieving different purposes.
In that context, the company is clearly working in an environment intrinsically subject to cyber attacks, and on different level. On internal network level as well as on medical device and/or backend services, cyber threats should be taken into account in order to reduce cyber risks to an acceptable level.
CertX could propose either a CSSP-C for evaluating cyber risks on the medical device itself, a CSCP-S targeting the ecosystem including the medical device and backend services or a CSCP-I to investigate the best practices to be followed internally by the company and identify potential existing weak spots.
#4 – Start-up working in the financial sector or as consultants
LEARN MORE
The business model of this 4-employees start-up is to analyze and support their customers through consultancy services. Due to its current size, the organization is flat and ready-to-use solutions have been privileged.
Even if the company does not develop their own solutions, some proprietary internal data as well as documentation from customers are stored/handled. Of course, the company is directly connected to the internet for emailing, cloud sharing and research activities.
In that context, the company is clearly working in an environment intrinsically subject to cyber attacks. Even if the solutions have been selected based on some cyber security requirement, secure operation of thoses tools should be ensured for assuring continuous activities. Biggest topics here are account management, autorization schemes, passwords, data privacy…
CertX could propose a CSCP-I to investigate the best practices to be followed by this company and identify potential existing weak spots.
