Advisory Services

As a result of the technical complexity and the ever-changing threat landscape, information security can be a daunting challenge for most organizations. Moreover, information security requires specialist experience and knowledge that is beyond the skill-set of many IT professionals. At Gamut Group we combine long experienced with a specialized body of knowledge to provide information security advice specifically suited to each client's needs and goals.

There is no one-size-fits-all solution because the security posture that is appropriate for you will depend on your size, type of operations, strategic objectives and organizational culture. Before we make any specific recommendations we take the time to understand your needs and the information security challenges you face.

We also refrain from selling services or tools that you do not need. If you deal directly with a security vendor there is a real likelihood that they will attempt to sell you their most expensive or profitable products. A benefit of dealing with an independent consultancy like Gamut Group is that we do not have a vested interest in pushing product through the door. Indeed, studies demonstrate that for most organisations, the rate of return on additional security investment declines sharply after initial improvements have been made. Therefore, it is in your interest to ensure that you are investing just the right amount to yield the appropriate return.

Fortunately, there are a number of frameworks that have been developed by security practitioners and researchers to determine what level of information security investment will be appropriate for you. Our advisor will use these tools to analyze your situation and make appropriate recommendations in consultation with you. Beyond this, we can help you to establish formal processes and procedures and to facilitate employee-awareness training that will help you to maintain an appropriate information security capability after our engagement has come to an end. 

Your will find information about popular advisory services below. If you have already identified a specific need in one of these areas we would be happy to help. However your best course of action is often just to start a conversation so that together we can identify what your next steps should be. To facilitate this, our first consultation is always cost and obligation free. Please contact us by telephone or email at any time to arrange a confidential meeting at our premises or yours.

Security Audits

An IT Security Audit should be your first step in building a more secure IT environment. The IT Security Audit provides an independently prepared report which documents your vulnerabilities and outlines the actions required to reduce risk.

Gamut Group uses the Open Information Security Capability Model (O-ISM3) as a basis for all its security audit work. O-ISM3 covers a range of technical, managerial and operational areas such that a comprehensive picture of your security readiness emerges.

Security audits can be undertaken for your whole organization or just a single department.

Needless to say, all work is performed discreetly and on a strictly confidential basis. Our report will be provided only to your nominated contact and results will not be shared with any other person inside or outside your organization. All working papers and source documents are safe-guarded at Gamut's premises in Australia for professional assurance purposes only. We use "Chinese walls" to ensure that information is quarantined to only those Gamut personnel who have a legitimate need to access it.

Penetration Testing

Penetration testing, sometimes referred to as "white-hat hacking" is a way of testing whether the controls and defenses you have put in place as part of your security hardening program actually work.

Gamut utilizes a range of automated and manual penetration testing techniques to simulate what attackers might do should they target your organization. If our white-hat hackers are able to exploit vulnerabilities in your security then it is highly likely that a malicious hacker will be able to do the same.

Continuously monitoring for weaknesses is an essential tool for ensuring that you keep up to date with the latest challenges and newly discovered exploits.

Employee Awareness Training

Gamut can assist you in developing formal security policies and procedures for your organization and in facilitating employee training programs to increase information security awareness.

Attackers often use social engineering techniques in an attempt to exploit vulnerabilities in your environment. Providing employees with an understanding of the risks you face so that they can be alert to unusual situations can go along way to protecting you against these type of threats.

PCI Compliance Testing

All merchants who process payments online must be able to prove their compliance with card industry standards for information security.

Gamut recommends Hacker Guardian, a certified PCI scanning service that helps you automate PCI compliance reporting. Its fast and easy to manage and schedule. 

Hacker Guardian offers flexible plans and options, making it suitable for organizations of all sizes. Contact us today for more information and pricing options.

Data Breach Reporting

Mandatory data breach reporting is already reality in Australia for large corporations. And from 1st March, 2018 this regime is being extended to cover all health providers (regardless of size) as well as SME businesses with revenues exceeding $3M per year.

Under mandatory data breach reporting you are legally required to report any data breach that is likely to have an adverse impact on your customers. You must notify all affected customers as well as the Office of the Australian Information Commissioner.

Failure to comply with the mandatory data breach reporting regime attracts the potential for substantial fines.

Data breach is becoming a serious problem, with organized crime gangs profiting from identity theft, sale of credit card numbers, or the disclosure of personal information etc. No organization handling the personal information of its clients is immune from this risk and the mandatory reporting regime aims to ensure transparency so that individuals can take necessary corrective action such as changing passwords, cancelling credit cards etc. Consumers and business customers are also increasingly aware of their rights to privacy and this leads to many organisations closing-down within six months of serious data breach.

To comply with your legal requirements effectively requires a 3 step process:

  1. You need to be aware that a breach has taken place,
  2. You need to be able to qualify what information might have been effected by the breach, and
  3. You need to notify any customers who may be adversely affected as a result of the breach.

Some of these steps can be implemented systemically by using controls like intrusion detection systems. But once a breach has been identified you also need to determine what potential damage has been done, and this will require human intervention and review.

Of course, the best approach is to minimize the risk of breach in the first place, or to have controls that limit the impact of breach when it occurs. That is where tools like unified threat management and active threat response come in.

Gamut Group can assist you with all of these tools and services. While we cannot guarantee that a breach of your systems will never occur, we can help to reduce the likelihood and impact of such events. We also provide assurance that you have implemented best-practice data protection procedures which can go along way toward rebuilding customer trust.