Project Triage Tool v1 – Sentaris

Home
Security Services

Sentaris Security Services

Sentaris is your full-service cyber security team. We don’t just provide services; we partner with your business, integrating our Consulting, Assurance, and Engineering teams with yours.

View All Services

Consulting

NIST CSF Assessment

Evaluating security posture using NIST frameworks

Strategy Creation

Developing a comprehensive security strategy

Policy Development

Creating security policies, plans and procedures

Security Awareness Training

Training your team to recognise and respond to cyber threats

Phishing Simulations

Testing and educating employees to combat phishing attacks

View All Consulting Services →

Security Assurance

Penetration Testing

Simulating attacks to identify vulnerabilities

Web Application Testing

Securing your web applications from threats

Red Team

Simulating real-world attacks to test defences

Social Engineering

Identifying and mitigating human security risks

IoT Testing

Uncovering vulnerabilities in connected devices and systems

View All Assurance Services →

Engineering

Vulnerability Management

Identifying and addressing security weaknesses

Engineering As A Service

Providing tailored engineering solutions

Microsoft 365 Uplift

Enhancing security and functionality

Security Control Deployment & Configuration

Implementing and configuring security controls effectively

View All Engineering Services →
Resources

Resources

Explore our collection of resources designed to help you stay informed and protected in today’s digital landscape.

View All Resources

Security Tips

Protecting Yourself Online

Stay safe online with our expert tips

Protecting Your Family Online

Learn how to safeguard your loved ones from cyber threats

View All Security Tips →

Risk Calculators

NIST Phishing Difficulty Calculator

Online calculator for applying the NIST Phish Scale to phishing emails

Project Triage Tool

Tailored security recommendations for your organisation

View All Calculators →
About Us
Our Mission

At Sentaris we are committed to uncovering hidden risks and empowering organisations to enhance their security posture. By doing so, we positively impact our community by safeguarding sensitive information. We strive to be the trusted partner of choice, fostering strong relationships through the delivery of high-quality, customised security services.

About Us

About Sentaris

Sentaris is a trusted name in cyber security, known for our team of senior professionals who bring extensive experience across various industries.
More About Us →

Our Vision

Discover more about what drives Sentaris
Our Vision →

Careers

Join our team of passionate cyber security professionals and make an impact protecting businesses from evolving threats.
Careers →

Industries We Serve

AI

Construction

Disability

Education

Entertainment

Facilities Management

Financial Services

Government & Councils

Health

Insurance

Legal

MSP

Retail

Science

Technology

Telcos

Transport & Logistics

Utilities
Contact Us

Project Triage Tool

Project Name:

1. Will the solution process or store sensitive Personally Identifiable Information (PII)? *

Yes

No

2. Will the solution store, process, or transmit cardholder data? *

Yes

No

3. Will the solution be internet-facing? *

Yes

No

4. Will the solution contain a web application(s)? *

Yes

No

5. Will the solution expose API’s to the internet? *

Yes

No

6. Will custom code be developed for the solution? *

Yes

No

7. Will the solution handle file uploads or downloads? *

Yes

No

8. Will the solution process critical business transactions? *

Yes

No

9. Will the solution require privileged user access that caters to various roles? *

Yes

No

10. Will third-party integrations be used? *

Yes

No

Project Name:

0.00

Recommendations

IT Operations

Implement strict access controls like formalised access granting/revoking processes and multi-factor authentication
(CIS Control 6: Access Control Management)

Assign permissions using the Principle of Least Privilege (PoLP)
(CIS Control 12.2 Establish and Maintain a Secure Network Architecture)

Use SSL/TLS certificates for data-in-transit and strong encryption standards like AES for data-at-rest
(CIS Control 3.10/3.11: Encrypt Sensitive Data in Transit and At Rest)

Enable logging and auditing of system and user activity from workstations, servers, and devices
(CIS Control 8.1: Establish and Maintain an Audit Log Management Process)

Enable logging, monitoring, and alerting for critical component configurations
(CIS Control 4.6: Securely Manage Enterprise Assets and Software)

Perform system hardening on operating systems, servers, and applications
(CIS Control 16.7: Use Standard Hardening Configuration Template for Application Infrastructure)

Ensure appropriate network segmentation between hosts and among assets. Aim for Zero-Trust Architecture (ZTA)
(CIS Control 12.2: Establish and Maintain a Secure Network Architecture)

Implement role-based access control (RBAC) so that individual users are linked to unique identifiable accounts
(CIS Control 6.8: Define and Maintain Role-Based Access Control)

Conduct regular backups of all in-scope assets and data
(CIS Control 11.2: Perform Automated Backups)

Develop a Disaster Recovery Plan to prevent data loss and maintain business continuity
(CIS Control 17.4: Establish and Maintain an Incident Response Process)

Actively manage and maintain all devices, servers, and network infrastructure to identify all assets
(CIS Control 1.1: Establish and Maintain Detailed Enterprise Asset Inventory)

Actively manage and maintain all operating systems and applications so that only authorised software is installed and can execute
(CIS Control 2.1: Establish and Maintain a Software Inventory)

Use HTTPS to secure communications between client and server
(CIS Control 12.3: Securely Manage Network Infrastructure)

Configure upload/download permissions to only accept specific file types
(CIS Control 4.1: Establish and Maintain a Secure Configuration Process)

Governance, Risk and Compliance (GRC)

Ensure a role matrix is defined within Project documentation
(CIS Control 6.8: Define and Maintain Role-Based Access Control)

Prioritise vulnerability identification and remediation using a formalised process
(CIS Control 7.1: Establish and Maintain a Vulnerability Management process)

Provide ongoing Security Awareness and Training to educate users on different forms of social engineering
(CIS Control 14.2: Train Workforce Members to Recognise Social Engineering Attacks)

Conduct Privacy Impact Assessment (PIA) for systems and applications that process Personally Identifiable Information (PII)
(CIS Control 7.1: Establish and Maintain a Vulnerability Management process)

Implement information classification and handling processes commensurate with business criticality
(CIS Control 3.7: Establish and Maintain a Data Classification Scheme)

Ensure compliance to Payment Card Industry Data Security Standard (PCI DSS)
(CIS Control 3.1: Establish and Maintain a Data Management Process)

Assess third parties and their proposed services prior to acquisition and engagement
(CIS Control 15.5: Assess Service Providers)

Create OpenAPI Specification (OAS) documentation to manage APIs
(CIS Control 4.1: Establish and Maintain a Secure Configuration Process)

Stay informed on the threat landscape by monitoring emerging risks
(CIS Control 7.1: Establish and Maintain a Vulnerability Management process)

Software Development

Apply Secure Coding Best Practices
(CIS Control 16.1: Establish and Maintain a Secure Application Development Process)

Keep third-party libraries up to date with the latest security patches
(CIS Control 16.5: Use Up-to-Date and Trusted Third-Party Software Components)

Perform code reviews as part of Management Release
(CIS Control 16.12: Implement Code-Level Security Checks)

Ensure external libraries are identified and documented on a register
(CIS Control 16.4: Establish and Manage an Inventory of Third-Party Software Components)

Security Operations

Conduct regular Technical Risk Assessments to identify risks and required security controls
(CIS Control 7.1: Establish and Maintain a Vulnerability Management process)

Conduct regular Penetration Testing on all aspects of the solution
(CIS Control 7.1: Establish and Maintain a Vulnerability Management process)

Implement endpoint detection and response (EDR) tools to enhance attack visibility
(CIS Control 13.7: Deploy a Host-Based Intrusion Prevention Solution)

Develop a Business Continuity Plan to maintain the delivery of services during an incident
(CIS Control 17.4: Establish and Maintain an Incident Response Process)

Conduct monthly vulnerability scanning
(CIS Control 7.5: Perform Automated Vulnerability Scans of Internal Enterprise Assets)

Implement a SIEM application to enable real-time system and network monitoring |
(CIS Control 13.1: Centralise Security Event Alerting)

Use a Web Application Firewall (WAF) with managed rules to analyse network traffic
(CIS Control 13.10: Perform Application Layer Filtering)

Use data masking and/or tokenisation to protect PII when being processed, in-transit, and at-rest
(CIS Control 3.1: Establish and Maintain a Data Management Process)

Regularly test the Business Continuity Plan
(CIS Control 17.7: Conduct Routine Incident Response Exercises)

Regularly test the Disaster Recovery Plan
(CIS Control 17.7: Conduct Routine Incident Response Exercises)

Use tools to verify file types to ensure that no files are 'masking' as other file types
(CIS Control 7.1: Establish and Maintain a Vulnerability Management process)

Implement anti-malware solutions to detect, prevent, and remove malicious code from the network
(CIS Control 10.1: Deploy and Maintain Anti-Malware Software)

Ensure backup restorations are tested regularly to verify backup integrity
(CIS Control 11:5: Test Data Recovery)

Ensure Functionality Testing includes testing against the role matrix
(CIS Control 6.8: Define and Maintain Role-Based Access Control)

Conduct Red Team exercises on the solution
(CIS Control 18.2: Perform Periodic External Penetration Tests)

View all of our Security Services

Copy & paste the below URL with your saved answers for your records:

0.00

We strongly encourage you to engage your existing security team to implement the recommended controls identified within this report. Should you require further assistance, please feel free to reach out to us.

Sentaris is your experienced team of Cyber Security experts, specialising in Consulting, Security Assurance and Engineering to safeguard your business.

Services

Consulting
Assurance
Engineering

Quick Links

Home
About Us
Careers
Contact Us
Privacy Policy

Home
About Us
Careers
Contact Us
Privacy Policy

© 2024 All Rights Reserved.