Cyber Security Strategic Consultancy
For C-Level Executives
Plan and develop long term cybersecurity strategies and middle term tactical plans
These consulting services are based on maturity level determination and the principle of necessity and proportionality.
- Realistic view about the existing cybersecurity exposure of the organization
- Sparing unnecessary expenditure
- Preparing for the worst possible scenario
- Creating sustainable cybersecurity systems
Government
Sport events
Energy
Smart city
Law enforcement
Cloud strategies
Waterworks
Transportation
Fields
Security Operation Centers
Securing industry 4.0 projects
Mitigate ICS/OT cyber exposure
Moving to the cloud
Incident response
Develop frameworks for international events
Planning a Smart City concept
Secure by design
„The assessment result that is systems procedures is under the baseline. Now our bank has a 3 years plan on how to figure it out. That was a pleasure to work with Black Cell.”
Key Steps
Analyse internal environment
Analyse external environment
Determining issues / Identifying gaps
Formulate objectives / Set up goalds based on assessment
Strategy Plan
Internal Assessment
People
Process
Technology
Business
Data processing
Internal process descriptions
Training materials
Internal and external audit reports
Internal and external cybersecurity risk assessment
Crown Jewel Analysis
Validation
Validating the collected data via interviews and international standards
Mission Objectives
Mission objectives and priorities come from the senior leader inputs
Osint
Vulnerability assessment
Penetration testing
Red teaming
Social engineering
Operational tasks
Tasks and mission dependencies come from manager inputs
Measuring Capability Maturity
Information assets/System function
Information and task dependencies come from operator inputs
Validation
War game
Cyber Assets
Cyber and information dependencies come from tech inputs
External Assessment
Cyber Threat Intelligence
Monitoring
Malwarelab
Real time threat feeds
Lightning fast search
Experience
Defensive services
Consultancy
Offensive services
Managed security services
International Information Sharing And Analysis Centers (ISAC)
Sector/industry specific feed from companies
Subject matter experts
Scientific institutions
Determining the actual maturity level of the organisation and identifying the “gaps” between current and future/desired maturity levels in order to set up the goals to be achieved.
Defining goals based on the results of assessments carried out by Black Cell
Short term
Long term
Process goals
Outcome goals
Strategy Plan
Enterprise Level
Assessing the existing strategy from a cybersecurity point of view [based on the results of assessment procedure]
Enriching the strategy with cybersecurity elements [high-level]
Breaking down high-level vision/strategy into actionable activities for division
Division Level
Assessing the existing strategy from a cybersecurity point of view [based on the results of assessment procedure]
Enriching the strategy with cybersecurity elements [high-level]
Translating activities into specific tasks
KPI
RACI Matrix
Budget Plan
Monitoring
Incentives
Cyber Security Strategic Consultancy
For Technical Operators
Assessment
Before we start planning we should have a clear view of the organizations current status and the visions. There could be happening based on the existing audits, policies, documented processes, interviews or Black Cell Cyber Security Strategic Consulting team own methodology. Latter includes mostly quantitative analyses like the Crown Jewels Analysis or another objective assaying.
Our target to estimate the maturity level of:
- Competencies
- Technical capabilities
- Policies
- Processes
Set Up Realistic Goals
After we have proper data about the cyber ecosystem we could set a goal, goals, and create necessary frameworks, like SOC codex, inhouse knowledge base, wiki, CMDB, etc.
These goals have to be reachable and objective. To achieve objectivity we need to lean on numbers and pure math. Our team maturity frameworks born for these tasks.
We plan strategically for 3 years in general.
Tactical planning
When we see clearly the long term vision we may set up a roadmap with strict KPI’s and we could start working on these cross-department projects.
First year
- Have a proper map and knowledge about the cyber ecosystems
- Develop detection capabilities via proper use case. | This is generally done by matrixes and depends on the cardinality of the use cases.
- Develop an incident response plan
- Set up the roadmap for the employee skill development |
- Develops in-house e-learning or outsource it
Second year
- Implement a SIEM system | The previously defined use case should be implemented for and have to be synchronized
- Start using the SOAR system | To cut the budget on employ Level 2-3 analyst on work a Level 1
- Test the stack via synchronized RED team TTX (Tabletop Exercise) called War Game
- Start using industry-specific cyber threat intel and join communities (ISACs)
Thrid year
- Set up your Threat Hunting team and the roadmap to develop its maturity
- Set up local malware lab
- Start using ML-based anomaly detection | Develop in-house training model, for example, HTTP anomalies
- Set up deception-based detections
Operative planning
Even we have tactical goals like moving to the cloud or set up a local DFIR ( Digital Forensics and Incident Response) team the operative plan should be as granular as possible because, for example, set up SLA with ticket-based penalties is a serious commitment and could cost money. Logical and administrative tasks should be synchronized. These also require the most accurate planning with mathematical modeling.
Exemplary excerpt about our technical mindset:
Network Intrusion and anomaly detection: three-level IDPS system development
- First-quarter:
- Proper network segmentation
- NAC designing
- Second-quarter:
- IPS deployment
- vendor testing matrix
- cost: 70 point features and function 30 points (based on the clients wish)
- test with malicious pcap’s, Ddos, usability, etc
support
- IPS deployment
- Third-quarter:
- IDS with each network segment
- TAP or SPAN Port, Packet Broker
- Suricata based IDPS engine
- Custom and CTI based YARA rules
- Support threat hunting team
- Fourth-quarter:
- Anomaly detections
- Detect DGAs | Ngrams, and entropy-based DNS entry checker runs on an Apache Spark
- HTTP/HTTPS anomalies | Harvest user agent strings via Zeek IDS and run a Bayesian or CRM114 ML against with a locally developed training model
- Anomaly detections
Review
Our service includes the support and maintenance regarding the strategical yearly review, the tools what we hand over and 24-hour email response 3 hours call back and 5 working days onsite – based on an agreement level.