Services

SWIFT assessment

About SWIFT Customer Security Programme

Since July 2020, all SWIFT users have been required to carry out an independent assessment when attesting compliance with CSP controls. NRD Cyber Security has been listed* as a registered provider on the Society for Worldwide Interbank Financial Telecommunication’s (SWIFT) Customer Security Programme (CSP) Assessment Providers directory to offer assessment services. SWIFT’s CSP Assessment Providers directory works as a list of companies that can help financial institutions ensure their defence mechanisms against cyber-attacks are up-to-date, practical, and effective. As a provider that offers assessment services as part of SWIFT Customer Security Programme (CSP), NRD Cyber Security fulfils the requirement of an independent external assessor.

Why NRD Cyber Security?

  • Track record of various assessments;
  • Qualified team of experts dedicated to cybersecurity with CRISC, CISM, ISO lead implementer and other certifications;
  • Experience in working with the financial sector organizations, such as banks, payment institutions, etc.

How do we do it?

Based on the information provided by the organization, our experts perform an assessment which identifies where risk drivers from the SWIFT CSP are, or are not, met. The organization is provided with a clear and concise report, which provides insights and advice on how to address non-conformities to achieve SWIFT CSP requirements as well as works as a guide through submission of a fully compliant attestation via the SWIFT KYC-SA application. This report also meets requirements for SWIFT IAF supporting documents.

For details, please get in touch with Modestas Sadauskas 

Customer story:

 SWIFT assessment for Paystrax

*SWIFT does not certify, warrant, endorse or recommend any service provider listed in its directory and SWIFT customers are not required to use providers listed in the directory.


Read moreShow less

Security risk assessment

About security risk assessment

Exclusive reliance on security technologies cannot guarantee information security. To adequately approach such an important area for many organizations, it is vital to have the right mechanisms and processes in place. Our team of security experts will help you identify the main processes, critical assets, most important threats as well as evaluate the applicable organizational and technical controls and measures. Our risk assessment is based on:

  • ISO 27005, NIST 800-30 risk assessment methodologies;
  • ENISA, Symantec or National Cyber Security Centre threat reports;
  • ISO 27001, ISO 27002, NIST 800-53 controls assessment standards or COBIT 5 frameworks or CIS Critical Security controls.

How do we do it?

  • Assess external compliance requirements;
  • Establish the current state of information security management;
  • Define information security risk assessment methodology;
  • Perform information security risk assessment;
  • Develop risk treatment plan;
  • Select the most applicable information security management standard/ framework;
  • Implement required security controls;
  • Draft necessary policies and procedures;
  • Provide support and oversight in certification process.

Benefits

  • Identification of effective resource allocation to enhance security within the organization;
  • Awareness of your current security status;
  • Identification and awareness of the most critical vulnerabilities;
  • Identification and awareness of the core assets, the greatest threats and the appropriate security measures;
  • Actionable list of recommendations.

For details, please get in touch with Modestas Sadauskas 


Read moreShow less

Compliance assessment and assurance

About compliance assessment and assurance

To ensure compliance with legal regulation and full protection of your company‘s assets, you need to understand your security vulnerabilities and address them in a proper manner.

Our team of security experts will provide you with a comprehensive security compliance assessment, which is tailored to your company‘s unique needs. This assessment covers both organizational and technical means of security.

How do we do it?

  • Select the most appropriate information security management standards/frameworks or legal requirements;
  • Establish current state of information security management;
  • Focus on technology, processes and people;
  • Assess compliance, focusing on the effectiveness of your processes. The assessment is conducted using interviews, discussions and on-site evaluations;
  • Provide a detailed report on your company‘s security vulnerabilities and recommendations on how to address them.

Benefits

  • Know your current security status;
  • Understand your most critical vulnerabilities;
  • Adjust your security investments;
  • Know your core assets, your greatest threats and the appropriate security measures;
  • Get the list of recommendations.

For details, please get in touch with Vytautas Kuliešius


Read moreShow less

CSIRT/SOC maturity assessment and modernization

How do we do it?

NRD Cyber Security assesses CSIRT/SOC maturity by applying best international practices (SIM3 and SOC-CMM) and as a result the organization is provided with an actionable CSIRT/SOC improvement plan and CSIRT/SOC modernization activities. Depending on scope, the following areas could be assessed:

  • Governance;
  • Human resources, including knowledge management and training/education;
  • Processes;
  • Technology, including automation and orchestration;
  • Services: security monitoring, security incident management, security analytics and forensics, threat intelligence, threat hunting, vulnerability management and log management.

Experienced, qualified and certified cybersecurity experts perform the assessment, hence, highest quality standards are guaranteed.

The service steps are:

    1. Engagement (request  quote  contract);
    2. Maturity assessment;
    3. Reporting (report, maturity certificate and actionable CSIRT/SOC improvement plan);
    4. CSIRT/SOC improvement activities (modernization).

The assessment results provide objective overview of team’s maturity (supported by issued certificate) and allow a well-informed decision making towards CSIRT/SOC improvement actions. NRD Cyber Security has carried out a number of maturity assessments the examples of which include, but are not limited to Peru and South Africa.  

Benefits

  • Provides objective view on current CSIRT/SOC maturity state;
  • Identifies areas for improvement;
  • Helps to identify opportunities;
  • Provides an actionable plan with prioritized activity list on how to step-by-step modernize the CSIRT/SOC;
  • As the assessment is performed based on international best practice and carried-out by experienced and qualified experts, it is easier to build credible arguments and compose improvement initiatives for decision makers.

Is it the right solution for us?

Try to answer the following questions:

  • Do we have a CSIRT/SOC mandate in place with clear constituency, authority, responsibility services model and accountability?
  • Can we provide objective evidence whether our security operations are running in effective and efficient way?
  • Is there a comprehensive and actionable CSIRT/SOC improvement plan, reflecting current environmental situation and aligned to the best international practice?
  • Is CSIRT/SOC a part of recognized international cyber community, such as FIRST.Org and TF-CSIRT?
  • Are security incidents automatically registered from various tools and tracked in a unified service desk system with specialized workflow? Are they supported by the Standard Operating Procedures (SOPs)?

Read moreShow less

Penetration and vulnerability assessment

About penetration and vulnerability assessment

Malicious actors exploit the weaknesses in networks, computer systems and applications to steal data, get access to or take over the control of your networks. To protect your business and information, you need to know which weak links can be exploited and what the likely damage would be. 

Our team of cybersecurity experts will collect publicly available information related to your networks, identify your vulnerabilities and use their real cyber-attack knowledge to test your organization as an intruder might.

We will determine whether and how, in case of a cyber-attack, your company’s network vulnerabilities can be exploited, what could the likely damage be in terms confidentiality, integrity and availability of information and information systems. Our specialists would also rate the vulnerabilities in terms of risk to your company and provide mitigation recommendations.

How do we do it?

  • Focus on your primary business function;
  • Follow the same processes used by real hackers;
  • All attacks are executed safely under controlled conditions;
  • Black box or white box testing methods are used;
  • Social engineering tests are carried out to check whether your staff can be easily manipulated;
  • Detailed report on your network vulnerabilities, including risk ratings, likely damage and mitigation recommendations are provided.

Benefits

  • A comprehensive picture of your network security;
  • Awareness of your vulnerabilities and how they can be exploited;
  • Awareness of how resilient staff is to social engineering attacks;
  • Visibility of security areas, which require recourse allocation;
  • List of actionable recommendations.

For details, please get in touch with Vytautas Kuliešius


Read moreShow less

Business and IT continuity check

About business and IT continuity check

To ensure the functioning of core business processes and IT systems in critical disruptions and to protect your assets, you need to be aware of which of processes and IT systems are critical as well as what would be their recovery time.

Our team of security experts will provide you with a comprehensive business and IT continuity assessment to be ready for any critical disruptions. The assessment is based on international standards, legislation and best practices.

How do we do it?

  • Perform business impact analysis;
  • Set RPO (Recovery Point Objective) - the age of files that must be recovered from backup storage for normal operations to resume;
  • Set RTO (Recovery Time Objective) – the target time to recover IT and business activities after a cyber disaster;
  • Evaluate the business continuity processes;
  • Analyze business continuity capacity;
  • Analyze discrepancies and weaknesses according to ISO 22301;
  • Provide a detailed report on areas for attention to ensure business and IT continuity as well as a list of recommendations on how to address them.

Benefits

  • Ensures compliance with industry standards;
  • Preserves brand value and reputation;
  • Cultivates a resilient organizational culture;
  • Provides valuable business data;
  • Helps mitigate your financial risk;
  • Protects your supply chain;
  • Very likely to give a competitive advantage.

For details, please get in touch with Modestas Sadauskas 


Read moreShow less

Cloud infrastructure security assessment

About cloud infrastructure security assessment

To ensure compliance with legal regulations and for your company‘s cloud infrastructure assets to be fully protected, you need to understand your cloud security vulnerabilities and address them in a proper manner. Our team of security experts provides you with a comprehensive cloud infrastructure security compliance assessment, which is tailored to your company‘s unique needs. This assessment covers both organizational and technical means of cloud security.

How do we do it?

  • Assessment of external compliance requirements;
  • Selection of the most proper information security management standards/frameworks and best practices for your company;
  • Establishment of current state of cloud infrastructure security;
  • Focus on technology, processes and people;
  • Security assessment, focused on the effectiveness of your processes;
  • Assessment is conducted using interviews, discussions, questionnaires and on-site evaluations;
  • Detailed report on your cloud infrastructure security vulnerabilities and recommendations on how to address them.

Benefits

  • Know your current cloud infrastructure security status;
  • Understand your most critical cloud infrastructure vulnerabilities;
  • Security investments will be proportionate to security risks as well as consistent, compatible and focused;
  • Assurance of the continuity of the critical business process;
  • A comprehensive list of recommendations.

For details, please get in touch with Vytautas Kuliešius


Read moreShow less
  • SWIFT assessment for Paystrax

    Country Lithuania

    Read more
  • IT security assessment for Regitra

    Country Lithuania

    Read more
  • IT security assessment for Viciunai Group

    Read more
  • Security risk assessment for EPSO-G

    Country Lithuania

    Read more
  • Enhancing internal fraud prevention for Šiaulių Bankas

    Country Lithuania

    Read more
The cookies are used on this website to improve your browsing experience. Some of the cookies are essential, while others help us to obtain data about how this website is used and to improve your experience. If you agree to the use of all cookies, please click "I agree", otherwise, please click on "Cookie settings" and select which cookies you agree to use. For more information on the use of cookies, please refer to our Cookie Policy.    I agree    Cookie settings
©