As Western Canada’s leading cybersecurity organization, iON understands the challenges you face in selecting both the best technology and a trusted partner for your security journey. We have collaborated with transport, energy, and logistics companies, as well as health care organizations and financial institutions from across Canada for whom safeguarding customer and operational systems data information is vital. We solve cybersecurity challenges, enabling your organization to balance multiple priorities and create a secure environment while ensuring your users and customers have an excellent experience. While our focus is Western Canada, we are pleased to offer our expertise nationally.
Strategic Risk Assessments and Road-mapping
Using a hybrid approach based on the 20 Critical Security Controls and reinforced by other frameworks like NIST, PCI, DSS, and GDPR, we measure the controls necessary to develop effective cybersecurity programs. We map these controls to your business’s objectives and processes, then prioritize them according to their impacts on your business. We then outline the budget requirements for the hardware, software, and staff to build and maintain a more robust security practice for your organization.
How mature is your security practice? Where can you reduce the greatest risk with the least effort and cost? An iON security assessment will help you identify your strengths and weaknesses and build a road map for improving your security practice. By measuring your organizational maturity against the Center for Internet Security 20 Critical Security Controls, iON can provide actionable recommendations to help you increase your maturity and align with any other governance standards, including the NIST Cybersecurity Framework, the ISO 27000 series, PCI DSS, GDPR, HIPAA, NERC CIP, and FISMA.
iON’s penetration tests and vulnerability assessments go beyond following industry-standard practices such as NIST SP800-115 and the SANS Penetration Test Methodology. We work with our clients to create appropriate scope and rules of engagement and collaborate throughout the remediation process. Our penetration tests model techniques used by real-world attackers to find vulnerabilities, identify business risk, test specific controls, improve defences, and simulate the adversaries you may face.
Incident Response Planning and Table Top Exercises
While it is ideal to prevent attacks, 100% prevention is impossible and at some point you may experience a breach, such as a credential compromise, ransomware attack or business email compromise. iON will help to develop incident response plans or review and augment existing plans so your organization is prepared for any situation. Working with IT and business stakeholders, including existing business continuity and emergency response teams, iON will ensure that you have the tools to overcome all circumstances.
Table-top exercises provide clients the opportunity to gage their level of preparedness and address areas where improvements are required. In preparation for a TTX, iON will work with you to develop appropriate and varied scenarios. Exercises are designed to focus on different aspects of the IR plan such as communication, technical capabilities, completeness of plan and so on. Exercises range from paper-only exercises to controlled simulations. Each exercise will be led by iON incident response experts, followed by a team debrief and a detailed report offering a summary of the exercise, key findings, recommendations and action items.
When you need to collect digital evidence for an investigation with legal implications, conventional data analysis and collection methods will not suffice. Beyond major security breaches, forensic services are necessary for employment and non-compete disputes, intellectual property theft, litigation support, and regulatory investigations. For these types of investigations, only a certified PCI Forensic Investigator (PFI) can ensure that your investigation is handled thoroughly and defensibly, especially if you expect another party will contest your claims.
iON certified digital forensic investigators preserve evidence, follow defined procedures, and document every step of their analysis. Our forensic teams produce reports which are not only clear and understandable to you, your client, and any other parties in a case, but are also transparent, repeatable, and hold up in court.
Workloads and Security are becoming more abstract, as security systems built for operating systems no longer work in containers or platforms as a service. To address the security challenges of the Cloud requires organization, automation, and a full assessment of your IaaS landscape. iON has the expertise to help you see, control, and secure your cloud-based tools and services.
iON can help you assess, plan, and implement security controls.
Industrial Control System / SCADA Security
Industrial Control Systems (ICS) connect computer systems to the real world, often in support of critical infrastructures such as oil and gas, electricity, and water, so the consequences of breach-related outages of ICS can be disastrous. iON has served the ICS security needs of our customers since our inception, giving us a thorough understanding of the unique operating parameters for these critical systems. Our extensive experience in ICS ensures that we account for the sensitive nature and availability requirements of ICS while protecting them from attack. Let us help you design better ICS security in new deployments, assess your existing systems and implement new security measures where needed, and test your system upgrades in a controlled manner.
Governance and Policy Reviews
iON’s consulting teams can help you draft effective policies and procedures that form the core of a robust cybersecurity posture. We draw from both an extensive knowledge of industry security frameworks and a wealth of front line experience with clients from a wide range of industries. We know what works and what does not, and we can put that knowledge to work for you.
Project management in the field of IT security requires in-depth technical expertise along with a sound, consistent methodology based on best practices. iON United’s Project Management Office (PMO) defines, manages and executes across all iON United’s project teams managing risks related to complex, security-centric projects. The iON PMO offers experienced, PMP-certified Project Managers leveraging Project Management Institute (PMI)-based methodology and tailored to the unique needs of IT security-related projects. Our project management approach is flexible while maintaining our standards for proper risk management and consistent execution. The result: projects delivered on time, on budget, and done correctly the first time.
iON can provide operational support and full management of security-related IT infrastructure platforms. The day-to-day operation includes maintaining current configurations, performing routine maintenance, applying patches and minor changes, and operating all systems at the most stable software version. Under this managed service, iON ensures our clients’ IT infrastructure platforms remain secure, reliable, and available.