Case Study: International Recruiter
An international recruitment company based in Kenya was looking to enhance its positioning for winning UK tenders. It approached ToraGuard to seek assistance with achieving Cyber Essentials.
How can we help?
Advanced Cyber Security Audit For Infrastructure Maintenance Company
ToraGuard partnered with a key player in city infrastructure to conduct a rigorous cyber security assessment, ensuring their systems and processes were resilient against the latest cyber threats. Driven by the organisation’s senior leadership, this audit aimed to uncover vulnerabilities and provide clear direction for strengthening their cyber security posture.
Delivering Uncompromising Security
The advanced cyber security audit was comprehensive, incorporating stakeholder interviews, thorough documentation reviews, process evaluations, and detailed technical assessments. This multifaceted approach ensured a deep understanding of the organisation’s current security stance.
Activities In The Advanced Cyber Security Audit
ISO 27001 Gap Analysis
ToraGuard conducted a detailed gap analysis against the ISO 27001 standard, which the organisation was already aligned with. This analysis pinpointed areas of non-compliance and provided targeted recommendations for improvement, offering a clear baseline for the company’s cyber security framework.
Controls and Process Review
The audit reviewed endpoint protection measures, assessing their defence against malware. ToraGuard evaluated change management for network switches and firewalls to prevent unauthorised changes. User training on social engineering was examined, and network segregation, access controls, and OT change management were analysed to protect infrastructure.
Penetration Testing
Before conducting on-site assessments, ToraGuard performed vulnerability scanning across the organisation’s networks to identify any immediate security gaps. Following these findings, both internal and external penetration tests were conducted. These tests simulated real-world attack scenarios, providing a realistic assessment of the organisation’s security posture and highlighting areas for improvement.
Wi-Fi Security Testing
A thorough review of wireless network security was carried out, focusing on authentication and encryption controls. ToraGuard also conducted a rogue access point search to detect any unauthorised devices that could potentially compromise network security.
Advanced Intrusion Techniques
To fully stress-test the organisation’s defences, ToraGuard employed advanced intrusion testing techniques. This included analysing historical data to detect any previously compromised user accounts and testing threat tactics that have been used against similar organisations. For instance, ToraGuard tested the organisation's response to potential security breaches by introducing real-world scenarios, such as leaving a USB stick in the office to see if it would be used by an employee. This approach allowed the organisation to anticipate and prepare for industry-specific threats.
Audit Summary
The audit culminated in five detailed reports, each covering a different aspect of the organisation’s security measures. An executive summary provided an overarching view of key findings, with remediation efforts prioritised for action.
This comprehensive assessment equipped the infrastructure company with a clear understanding of its security vulnerabilities and offered actionable recommendations to enhance its defences. By addressing these gaps, the organisation has significantly bolstered its resilience against cyber threats, ensuring the continued safety and reliability of its critical IT infrastructure.
Related articles
Case Study: Insurance Company
ToraGuard partnered with a leading London-based insurance firm, deeply embedded in regulated financial partnerships, to elevate cyber security awareness among its users.
Case Study: Local Government
ToraGuard’s cyber security team partnered with a large council to enhance their IT security infrastructure through the deployment of Microsoft Intune, migration to Microsoft Defender for Business, and additional cyber security initiatives.
Get in Touch
Please get in touch using the form below.
