Services

Affordable cybersecurity services developed specifically for small and medium enterprises.

11062b_12568f280e304a668e2920040f718284~mv2_edited.jpg

Service packages...

Cybersecurity risk assessment and recommendations

Assessment of your organisation’s cybersecurity risk profile, i.e. the overall level of cybersecurity risk, and the individual risks feeding into this picture.

Associated recommendations based on this assessment, focussing on practical and affordable measures to greatly improve cyber security and resilience.

Flexible options starting from less than $2000 ex. GST

Your part-time security officer ("virtual CISO")

Large companies and government agencies employ Chief Information Security Officers (CISOs) for governance and risk management going way beyond IT systems. They focus on cybersecurity, information and data protection, across technology and governance practices. This role is distinct from your IT people responsible for installing, configuring and operating your IT. To ensure independence and avoid conflicts of interest, they often report directly to the managing director or board of directors.

If your organisation is not large enough to justify a full-time CISO then Holistic Cyber provides a slice of this big end of town, tailored to the smaller end, i.e. working as your "virtual CISO" part-time and/or on-demand.

Security strategy, inlcuding business continuity, incident response, disaster recovery

Compliance to regulation if and where applicable

Identifying and prioritising and managing security risks

Security related governance, policies and procedures

Staff awareness and education

Monitoring and reporting

Any other relevant services from the list below

Individual services...

Cybersecurity strategy

Even IT and technology companies often need help with cybersecurity strategy.

Incorporation of security considerations for your products and services to remain competitive

Incorporation of security considerations into overall company strategy and operations.

Applicable industry regulation, certifications and accreditations required to sell into various market segments. E.g. government, defence, and larger organisations that have stringent security requirements.

Responding to questions about your organisation's security

Responding to questions from customers or other third parties about your organisation's cybersecurity practices and measures ("cybersecurity controls").

Advice on how to respond or writing the actual responses.

Technology evaluation and guidance

Establishing your technology needs

Evaluation of your existing technology, i.e. strengths, weaknesses and gaps

Advice on any technology changes and additions to improve security

Supplier evaluation and guidance

Evaluation of your existing service providers (contract terms, SLA's, fees, value for money, etc)

Evaluation of potential new technology and service providers.

Assessment of Return on Investment (RoI)

Development of investment proposals and business cases

Liaising with providers

Liaising with IT providers

If you don't have strong IT and/or cybersecurity knowledge, then you're at a substantial disadvantage when trying to engage IT and security vendors, service providers, and staff.

Exploring product and service offerings, digging behind the glossy marketing, detecting and cutting through any sales spin, knowing the questions to ask, and where to negotiate on options, features, service levels and pricing.

Policies, processes and procedures

E.g. business continuity plan, disaster recovery plan, incident response plan, policies and procedures for storing, sharing and backing up your sensitive data.

Advice, templates, review of documents that you have written, or finished documents tailored specifically for your organisation.

Staff awareness and education

Organizations that invest in cybersecurity awareness and training and that foster secure online habits can significantly reduce the likelihood of data breaches, financial losses, and reputational damage.

Topics include common scams, spotting phishing attempts, the importance of approving operating system and software updates, password practices, secure file sharing, verifying email and web addresses, dealing with third-party partners and suppliers.

Staff cybersecurity awareness sessions delivered in person on-site or virtually, or with a series of self-paced online materials. Not time consuming. Can be engaging and even entertaining!

Selecting from best-of-breed awareness and training options.

Phishing and spear-phishing emails and messages sent to staff, measuring how many employees are recognising phishing messages and how many are falling for them.

General expertise and advice

Expertise and advice is available if you have specific topics, issues or concerns related to the security of your information, data and associated IT systems, processes and procedures, whether or not they relate to a cybersecurity risk assessment.

Deep-dive into certain topics.

Assistance developing a detailed action plan.

Choosing a path to take if there are multiple options to consider.

Services

Affordable cybersecurity services developed specifically for small and medium enterprises.

Service packages...

Cybersecurity risk assessment and recommendations

Assessment of your organisation’s cybersecurity risk profile, i.e. the overall level of cybersecurity risk, and the individual risks feeding into this picture.

Associated recommendations based on this assessment, focussing on practical and affordable measures to greatly improve cyber security and resilience.

Flexible options starting from less than $2000 ex. GST

Your part-time security officer ("virtual CISO")

​​Security strategy, inlcuding business continuity, incident response, disaster recovery

Compliance to regulation if and where applicable

Identifying and prioritising and managing security risks

Security related governance, policies and procedures

Staff awareness and education

Monitoring and reporting

Any other relevant services from the list below

Individual services...

Cybersecurity strategy

Even IT and technology companies often need help with cybersecurity strategy.

Incorporation of security considerations for your products and services to remain competitive

Incorporation of security considerations into overall company strategy and operations.

Applicable industry regulation, certifications and accreditations required to sell into various market segments. E.g. government, defence, and larger organisations that have stringent security requirements.

Responding to questions about your organisation's security

Responding to questions from customers or other third parties about your organisation's cybersecurity practices and measures ("cybersecurity controls").

​​Advice on how to respond or writing the actual responses.

Technology evaluation and guidance

Establishing your technology needs

Evaluation of your existing technology, i.e. strengths, weaknesses and gaps

Advice on any technology changes and additions to improve security

Supplier evaluation and guidance

Evaluation of your existing service providers (contract terms, SLA's, fees, value for money, etc)

Evaluation of potential new technology and service providers.

Assessment of Return on Investment (RoI)

Development of investment proposals and business cases

Liaising with IT providers

If you don't have strong IT and/or cybersecurity knowledge, then you're at a substantial disadvantage when trying to engage IT and security vendors, service providers, and staff.

Exploring product and service offerings, digging behind the glossy marketing, detecting and cutting through any sales spin, knowing the questions to ask, and where to negotiate on options, features, service levels and pricing.

Policies, processes and procedures

E.g. business continuity plan, disaster recovery plan, incident response plan, policies and procedures for storing, sharing and backing up your sensitive data.

Advice, templates, review of documents that you have written, or finished documents tailored specifically for your organisation.

Staff awareness and education

​Staff cybersecurity awareness sessions delivered in person on-site or virtually, or with a series of self-paced online materials. Not time consuming. Can be engaging and even entertaining!​

Selecting from best-of-breed awareness and training options.​

​Phishing and spear-phishing emails and messages sent to staff, measuring how many employees are recognising phishing messages and how many are falling for them.

General expertise and advice

Expertise and advice is available if you have specific topics, issues or concerns related to the security of your information, data and associated IT systems, processes and procedures, whether or not they relate to a cybersecurity risk assessment.​​​ ​ ​​

​​Deep-dive into certain topics.

Assistance developing a detailed action plan.

Choosing a path to take if there are multiple options to consider.

Security strategy, inlcuding business continuity, incident response, disaster recovery

Advice on how to respond or writing the actual responses.

Staff cybersecurity awareness sessions delivered in person on-site or virtually, or with a series of self-paced online materials. Not time consuming. Can be engaging and even entertaining!

Selecting from best-of-breed awareness and training options.

Phishing and spear-phishing emails and messages sent to staff, measuring how many employees are recognising phishing messages and how many are falling for them.

Expertise and advice is available if you have specific topics, issues or concerns related to the security of your information, data and associated IT systems, processes and procedures, whether or not they relate to a cybersecurity risk assessment.

Deep-dive into certain topics.