What we do...
Small businesses with less than ten employees will typically spend $200 - $500 a year on information and cyber security. Comparing the price of anti-virus software and these budgets, one can deduce the values match up just right for an anti-virus installation per employee. While installing anti-virus software is a step in the right direction, this effort cannot be the limit of an organization's security strategy. Anti-virus software will generally only catch half of malware that can find their way onto a corporate network.
Information and cyber security encompasses wide swath of disciplines. These disciplines can include but are not limited to: network security, training and education, risk assessment, incident response, vulnerability assessment, penetration testing aka "ethical hacking," computer forensics, mobile forensics, network forensics, malware analysis, secure coding practices, etc. To prevent and limit loss encountered by a security incident, Janyx has geared the services it provides to locally owned and operated small businesses with two general types of services: preventative and incident response.
Preventative services are provided with the intent to provide the tools, knowledge, and guidance to business leaders with the objective of preventing a cyber incident from taking place.
The security audit is a survey of corporate policies, procedures, standards, and guidelines as well as an assessment of the state of security for information systems and other technology devices, network topology, cloud infrastructure, and communication protocols. The audit evaluates the client's conformity to both ISO 27001 and the NIST Cyber Security Framework as both systems additionally include risk analysis integration.
Please note, the security audit is not a certification qualification for organizations seeking ISO 27001 rating.
Guidance and advice are sometimes best where other services are not applicable. In cases such as these, consulting would be advantageous, providing the customer with an "as needed" support structure. Consulting services include policy development, network topology, authentication, identity management, secure coding practices, source code review, blue team exercises, red team exercises, cloud infrastructure, and architecture, etc.
Application source code review focuses on providing businesses that develop mobile, web, or desktop applications a security audit of their source code to ensure secure coding practices have been applied during the development process. The source code review is intended to identify that no vulnerabilities exist that can be exploited to compromise the data of users further, revealing personally identifiable information (PII), patient health information (PHI), or payment card information (PCI).
Security Awareness Training
Janyx is partnered with Curricula to provide security awareness training to companies in a rich interactive environment. The training program is customized by each organization to ensure the needs of the company come first. Each module of the training can be provided or once or split up for a module per month. Curricula also offers graphics to companies to coincide with the current module, such as the module of the month. Social engineering simulation is also provided by Janyx to allow the companies to practice and apply the techniques learned in training. Due to the nature of the training and simulation, security awareness training plans are implemented on a yearly basis.
Threat Intelligence Summaries
Periodically, Janyx publishes a Threat Intelligence Summary (TISUM) which presents the readers with a summary of the latest data breaches, cyber attacks, malware trends and an overall analysis of the threats and compromises. The TISUM is freely available and distributed via PDF download located here.
Incident Response Services
What exactly constitutes a cyber incident is determined differently by each organization. In the event a cyber incident does occur, Janyx provides services for each stage of incident response to help the company get back to normal business operations, known as business continuity.
There are five major stages to the incident response cycle: preparation, detection, containment, eradication, recovery, and the post-incident analysis. Typically, a business will seek external assistance during the detection phase which is generally triggered by malware being found on a system, website defacement, or anomalous traffic on the network.
- Triage - confirm the existence of a cyber incident.
- Containment - ensure no further compromises to the network take place.
- Forensics - determine the intrusion vector and extent of the damage.
- Eradication - removal of malicious infections or unauthorized programs.
- Recovery - work in coordination with the customer to bring systems back online.
- Post-Incident - provide follow-on services as needed to prevent further cyber incidents.