Services
Our Belief
At GDiS we believe that everything we deliver should have a value for the customer.
Our Aim
Our aim is to make cyber security easier to understand for everyone in the organisation.
Your Takeaway
Businesses should understand what should be done correctly and what kind of support or help is available to help them achieve the required level of security needed for smooth operation of the organisation.
Environment Analysis
-
We evaluate your environment and measures it against industry standard frameworks. This can be a new environment, or it can be an existing environment.
We identify what is in your environment and maps it out for you to get an overview of what is there and what might be there that you are not aware of.
We also test this against frameworks and attack/threat vectors.
-
Customers get a report that shows what has been found and customers can then compare that to what they expected to have.
Penetration Test
-
This service is based on a prior written agreement of a scope that is then tested by us.
When we deliver a penetration test it is important for us that the customer understands what we test, how we test it, and what the result means for the customer.
-
We will provide you with a report and/or presentation of findings, both positive and negative.
We will tell you how we tested the environment and how they can be exploited, and most importantly explain this to you in a plain language what it means for your organization.
Part Time Security Staff
-
We understand that security is a cost center and that a business does not necessarily have the resources to employ a full-time staff for this.
We give you the option to have a staff assigned to your company on a part time basis. -
You will have someone to look at your environment or who can step in to help if you are looking for support over a period, or simply just feel it would be good to have someone who keeps an eye on your environment once in a while.
Jargon Buster
-
To define Cyber security is a general term that over all includes Information security. Cyber security can be defined as a practice to protect infrastructure of an organization. That means servers, network devices, applications, and people from being exposed by intruders who may want to exploit the company for criminal activities, or otherwise interrupt normal business operations.
A few examples of how organizations are being subjected to attacks via social engineering (companies or people acting as part of the organization) in order to obtain information to allow them to enter the network of the company that is being attacked. A second way is by email (phishing), attempting to get people to click on links that may install Malware on the computer, or which tries to lure the recipient to enter their email password. Once access has been gained malware can be used to install software on networks, that for example encrypts the company’s data and demands a ransom to make the data available again (Ransomware). Other software is used to timebomb data and then destroy it, or simply access is gained to do surveillance for future attacks or traverse the network to find data.
-
nformation security is often dealing with processes and tools that are used to shield business related information from the public eye or from being destroyed or used to disrupt a business.
Areas of Information Security include:
- Application security
- Cloud Security
- Cryptography
- Infrastructure security
- Incident response
- Vulnerability managementGreat Dane Infosec GmbH exists in the Information security world and focuses on the industrial control systems.
-
An Information Control System (ICS) is used in industrial environments for manufacturing and product handling. An ICS is a set of control parts and exist in many parts of our everyday life. They can often be part of a critical infrastructure such as regulators at water plants that determine what is added to water pumping systems for dams or used as refineries to determine how the oil should be refined and treated.
In older times these systems were often not connected to the network and had their own proprietary applications. That has changed in the last 15-20 years and today many of these systems run on a network and are running on Windows systems.
These systems include SCADA systems (Secure Control and Data Acquisition). They are used to control assets that may be spread over a larger area.
-
SCADA systems are used to gather information from sensors and machinery to automate, processing and distribution of data from devices that may be local or in dispersed locations. They are often found in industrial sites. SCADA works with ICS, but not on it’s own. They are used to supervise systems. For example, temperature, pressure and other details in machinery. The SCADA system can be automated and respond/react to how systems behave in certain situations. They are operated by people from IT or on a manufacturing floor.
They are primarily used to reduce the cost of people and to limit errors caused by humans handling the machines. It allows companies to automate processes. It also lessens the likeliness of a machine breaking down and infrastructure used to transport gas, chemicals and power plants.
-
PLC stands for Programmable Logic Controllers. As the name insinuates it is a microprocessor-based controller and is used as a sensor and sends information to the SCADA system which is required for the SCADA system to work properly.
Where a PLC is a local device, RTUs are used as remote devices.
-
The systems are often of interest to hackers because they can gather interest to systems and disrupt supplies to the public, as for example happened on in the Spring/Summer of 2021 with for a US East coast based fuel supplier. This meant that there was a sudden shortage of fuel, and the public was found to be queueing in front of gas stations for several hours to secure that they had gas for their cars. In other cases, there has been examples of water companies being broken into and it was demonstrated that the water supply systems could be remotely controlled.
Hackers can vary in size and nature. It can be the bored teenager living in a small village, who out of boredom hacks a giant tech company to nation players such as is speculated in the attack on the ICS/SCADA systems of Iran used to enrich Uranium in the early 2000’s.