Services A Broader Range Of Services

image description
image description
Certification & Accreditation (C&A)
  • Security Design Review

    A Design Review of your existing business process or information system will help identify issues that may contribute to a security incident. The key outcome of the design review are the recommendations that can be implemented to address identified issues.

  • Information Risk Assessments

    An assessment of threats, likelihood, impact and effectiveness of security controls and measures. The risk assessment establishes the business and technical context of a given system or service. It identifies the classification of the official information that is stored, processed and transmitted with the system and also identifies the relevant security risks and assesses the impact and likelihood of each risk based on the GCIO’s assurance framework.

  • Controls Validation Audit

    A Controls Validation Audit will help provide your organisation with assurance and confidence that controls in your existing business process and information systems have been configured according to the defined security requirements. The outcome from the Controls Validation Audit can be used to inform and prioritise remediation activities that ensure processes and systems are configured to operate within your organisation’s risk tolerance levels.

  • On-going Assurance

    Ongoing Assurance in the form of security roadmap activities will help your organisation gain continual assurance that your existing business processes and information systems are operating effectively. The outcome from ongoing assurance activities can be used to inform and prioritise remediation activities that ensure processes and systems continue to operate within your organisation’s risk tolerance levels.

  • Remediation Planning & Validation

    Remediation Planning will support your organisation’s risk management plan by establishing and implementing a defined approach to address issues that may result in the organisation operating outside their risk tolerance levels. The remediation plan will identify the action, accountability and timeframes, so that they can be tracked and managed.

image description
image description
Compliance & Audit
  • IT Audit

    IT audits verify whether the IT systems you have in place are providing security for you and your clients’ data. IT audits consist of an examination of your IT infrastructure and processes against industry best practice. This examination will ensure your assets are safeguarded and are operating effectively to achieve your organisation's goals.

  • GCIO Certification & Accreditation

    Help with delivering GCIO requirements from a security expert. Define a Statement of Applicability, conduct a risk assessment, and complete an audit against a Controls Validation Plan.

  • ISO 27001 Alignment

    IS270001 is a popular international standard providing requirements for information security management. Quantum can conduct an IS027001 gap analysis for your organisation; reviewing IT systems against ISO27001 controls and highlighting the gaps between your system and the standard. The review includes both paper-based and interview-based reviews and can help you align your IT systems against international best practice. This can give a focus to your information security programme, and can be used as an input into further testing and security activities.

  • NZISM Compliance

    The New Zealand Information Security Manual (NZISM) is the New Zealand Government’s manual on information assurance and information systems security. Quantum has a wide range of experience in helping organisations to achieve NZISM compliance. We can assist you through the entire process including developing a risk assessment, creating controls validation plans focusing on NZISM controls and conducting audits against those controls. This is all tied together with an audit report, highlighting the service’s strengths and weaknesses and what needs to be remediated to meet compliance with the NZISM.

  • PCI DSS Consultancy

    The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organisations handling credit card transactions. Quantum can assist your business in achieving PCI DSS compliance by working with your team to complete PCI questionnaires , Attestations of Compliance (AoC), and provide a summary of PCI self-assessment controls. This is a cost-effective way to ensure that your organisation meets its PCI requirements, without undergoing a full PCI audit.

image description
image description
Penetration Testing Services
  • Security Code Review

    A review of application code from a security perspective. We’ll find your security bugs before “go live”. This review verifies that good security controls are present and that they are enabling your business.

  • Application Penetration Testing

    A Website and Mobile Application penetration test from the perspective of an attacker. This is an attempt to penetrate your internet-facing website or mobile app to ensure that attackers cannot steal sensitive data residing.

  • Host Configuration Review

    An in-depth look at the configuration of both your business applications and the underlying operating systems that host them.

    We aim to find misconfigurations in your systems that automated scanners won’t be able to, resulting in a hardened environment that keeps your business secure.

  • Network Penetration Testing

    A perimeter and host security test to ensure your IT infrastructure is securely managed. We play the role of an external attacker attempting to breach your perimeter or a malicious insider trying to exploit internal resources.
    Providing a you with a view of the weak points in your IT infrastructure, so they can be patched before attackers find them first.

  • Firewall Review

    A review of the rule base of the firewalls securing your network to ensure there is no overly-permissive access being granted. This includes checking for appropriate protocols, sources and destinations.
    Providing a view of the edge of your IT infrastructure, we can enable you to keep up with an increasingly more hostile external world.

image description
image description
Security Advisory
  • Security Staff Augmentation

    Security Staff Augmentation services will provide suitably skilled consultants on site, to support and work alongside you, with the aim of meeting your specific requirements.

  • Staff Security Training

    Staff Training services will provide and deliver tailored face to face workshops that meet your organisation’s training objectives. Some examples include increasing user security awareness among employees or software developers.

  • General Consultancy

    General Security consultancy services will provide you with specialised and pragmatic advice that solve problems and help you move closer towards achieving desired business outcomes.

  • Privacy Impact Assessment

    A Privacy Impact Assessment will help identify the privacy risks and controls associated with the implementation of your information system. The outcome of the Privacy Impact Assessment will provide you with a view of how the information system is aligned with the Privacy Principles described in the New Zealand Privacy Act 1993.