Cyberis offers a wide range of technical assurance services which can help you and your business achieve information security objectives. From Cyber Essentials assessments to in-depth advanced targeted attacks, Cyberis can provide the technical security knowledge and industry experience to identify and manage technical risks before these become a threat to your organisation.
All of our technical assurance offerings can be combined and tailored to your specific organisational or project requirements.
The Cyberis Incident Response Team (IRT) can be deployed to provide expert consulting and technical advice to help you manage a security incident from the initial detection to closure.
The Cyberis IRT will help you manage an entire incident, from a simple breach of policy to an estate-wide compromise, or work to the methodology within your organisation's incident response plan and as a colleague within your own incident response team.
At Cyberis, we believe in providing solutions to information security problems.
Drawing on years of experience within the information security arena, Cyberis has developed a number of solutions which will help our clients manage their risk and address common information security problems. We share many of our tools with the community via GitHub and our blog.
Our research is shared with vendors and trusted community groups such as ISSA, Security Research Information Exchange and CISP.
Personal attributes: Cyberis are looking for a highly organised, self-disciplined multi-tasker with an exceptional eye for detail and the ability to be flexible, accommodating, calm and focused, all whilst working to tight deadlines. A problem solver by nature, you must have excellent communication skills and be used to working professionally at all levels demonstrating patience and understanding.
Overview
In the last quantum cryptography blog post we looked at the popular BB84 protocol and discussed how it is, at least theoretically, a secure protocol.
This time we’ll see how, when put into practice, physical implementations of the protocol can introduce vulnerabilities that we can exploit to undermine the entire key exchange!
When testing these types of systems, vulnerabilities can be broken down into two broad classes:
Shadow IT increases your business' security risks and is invisible to you. It might not be covered on your asset lists, because your asset management lists are incomplete. It might have no assigned owner, either because it doesn't fit neatly into any business unit, or isn't related to any current operational priorities but hasn't been fully decommissioned yet. It might have been installed outside of usual processes, either without authorisation or because usual processes were overridden.
Encryption implementation issues are, in my experience, some of the most commonly reported findings during penetration tests. Whilst they may not always be quite as scary as seeing "SQL Injection" or "Stored Cross-Site Scripting" in a report, their ubiquity merits some discussion.
We broadly find the most often encountered issues fall under three categories:
How are these three categories linked and what do they do to keep my data safe?
| Email: | info@cyberis.co.uk |
| Telephone: | +44 1684 353514 |
| Telephone (Non-Geographic): | +44 3333 444800 |
| Address |
Cyberis Limited Unit E The Courtyard Tewkesbury Business Park Tewkesbury Gloucestershire GL20 8GD |