Security Risk Assessment
Our security risk assessment identifies your critical assets and vulnerabilities, in addition to evaluating your organisation’s core cyber security capabilities. Once we’ve determined your defence measures and readiness to respond, we’ll deliver a recommended roadmap to help improve your organisation’s cyber resilience.
Cyber Security Testing
We use real-world testing and simulations to help you understand your vulnerabilities and strengthen your defences. Our tailored approach illuminates your system’s weaknesses, so you can address them, clearing the way for peace of mind.
Cyber Impact Analysis: Financial Quantification
Knowing the financial impact of a cyber event is essential for good governance. Our proprietary financial modelling helps you make smart, data-driven choices on cyber security and risk management. We’ll assess your organisation’s cyber risk exposure and model probable scenarios. Insights from our data analytics will direct and strengthen your case to invest in information security, business continuity, and cyber insurance. Should a cyber incident occur, these models demonstrate to key stakeholders that an appropriately sophisticated approach was undertaken, and reasonable efforts were made to protect shareholder equity, customers, and the public.
Incident Response Readiness Assessment
During a cyber attack, you need to know what to do. Rapid detection and meaningful response is critical. Every moment you wait for important decisions or information is a delay in containment and recovery, while the event continues to chip away at your brand integrity. Our assessment takes a dynamic and consultative approach. We know what being prepared looks like, and we can evaluate your current cyber incident response plan, research your environment, evaluate your response capabilities, and identify gaps. We provide tactical and strategic recommendations that help your organisation respond to a cyber event with conﬁdence.
Network & Cloud Penetration Testing
Our highly-developed penetration testing methodology is a deep dive into the layers of your defences to uncover your potential weaknesses. By simulating the activities of a malicious individual or organisation, our testers evaluate and attempt to compromise a broad range of your systems, creatively adapting to the environment and security controls we encounter. From there, we assess the exposure to risk of business-critical systems that reside deep within your network.
Attackers can go undetected in a network. It’s critical to identify possible indicators of compromise to understand the impact and scope of an attack before the damage is done. We use state-of-the-art assessments to help unearth attack vectors, techniques and technology. Using our deep experience and sophisticated tool set, we rapidly collect, correlate and analyse vast amounts of endpoint and server status data artefacts and compare them with our behavioural indicators of compromise. This allows us to identify patterns of activity associated with a variety of attack scenarios. Should one be detected, we activate our incident response teams.
Privacy Compliance Assessment
Organisations must commit to protecting the personal information in their care. We’ll begin your privacy compliance assessment by extensively reviewing the strength of your computer security, policies and data agreements, including interviews with key business and IT managers, analysis of back-end databases, and a technical review of documents. Next, we’ll map our ﬁndings to the statue and privacy guidelines that govern your industry and assess whether encryption techniques are appropriately deployed at the server, desktop, and backup levels. Finally, we’ll provide prioritised recommendations for addressing your organisation’s needs.
Application & Mobile Security Testing
How do you secure your applications? What data is exposed or insufficiently protected? What happens if an employee’s device is lost or stolen? We identify and help mitigate the vulnerabilities of the applications running on your network. Our proprietary application security directives (ASDs) provide a framework for testing and scoring your applications, providing a report of all identiﬁed security issues, including all the information necessary to reproduce each issue and help correct or mitigate the vulnerability.
With Cyber Quotient Evaluation from Aon you can rapidly size up your organisation’s cyber risk. CyQu Enterprise is an award winning cyber risk assessment platform which leverages in-depth cyber data analytics to provide you with instant insights and a fully customised report enabling you to take an important step in strengthening your cyber risk posture.
Discover your cyber risk with CyQu.
Due Diligence & Background Investigations
Risks at the intersection of politics, commerce, and regulation can be some of the most difficult to manage. Missteps can bring reputational and ﬁnancial damage to your organisation. We provide deep research into potential acquisitions, signiﬁcant new clients or employees, and third parties. Our due diligence services provide you with the insight you need by delivering vital information into the hands of legal, compliance, anti-money laundering (AML), ﬁnancial crime and investment decision makers to help you reduce risk.
Source Code Security Review
The software you’re using should be tested against your security standards. We evaluate your application’s internal structures to help identify flaws that could allow attackers to gain access to your critical assets. Using techniques such as control flow testing, data flow testing, branch testing, path testing, statement coverage and decision coverage, we examine the hard-to-copy error conditions that could be abused by skilful attackers. On top of that, we can pinpoint the exact line of code where the flaw occurs and provide very speciﬁc remediation recommendations.
Executive Vulnerability Assessment
Executive cyber security is not just a personal problem. It has an impact on businesses as well. An identity can be stolen at any time, threatening the ﬁnancial affairs of your senior executives and your company. Passwords might be stolen providing access to company documents and sensitive information could be placed on open source forums, exposing your executives and company to external threats. Through one-on-one discussions and data-gathering, we conduct an individual threat assessment providing personalised security vulnerability evaluations to help protect your top executives, their families, and therefore your organisation.
Aon's CyberScan is a full-stack vulnerability assessment solution that gives you the tools you need to control and manage IT security risk. Delivered as a cloud-based managed service, it provides a combination of technology and human expertise to supply you with on-demand, verified security risks.