Securing Your Ideas TM
Brier & Thorn Corporate Brochure IT Risk Management Consulting Consulting | Managed Security Services
© Copyright 2010-2017 Brier & Thorn, Inc. All Rights Reserved.
We are Brier & Thorn
Securing Your Ideas
Brier & Thorn is a global IT risk management firm, supporting companies in their important strategic decisions on operational security, IT risk management, and managed security services in their enterprise and products – cross-industry and cross-border.
TM
Alissa Knight Group Managing Partner
Marti Bockhold Senior Partner, Group
Aurora Vasili Junior Partner, Germany
Carolina Ruiz Managing Partner, Mexico
Paul Ingram Senior Partner, UK
Eric Conlon Junior Partner, Group
Vicky Alcaraz Managing Partner, Germany
Elizabeth Ramirez Junior Partner, Group
Selene Puertos Junior Partner, Mexico
Together with its clients, Brier & Thorn works towards achieving clear competitive advantages and upgrading enterprise value over the long term. Since our founding in 2010, we have been measuring our success by only one yard stick, the results of our work. We advise global leaders on their most critical IT risk management issues and opportunities across all industries and geographies. Our unique approach to traditional IT security in penetration testing, incident response and forensics, risk assessments and audits, ISMS program development, and managed security services, helps clients measure and manage risk and overcome the odds to realize results. Our firm is designed to operate as one. We are a single global partnership united by a strong set of values, focused on client impact. Our firm is owned by a global network of partners spread across Europe and the Americas.
Securing Your Ideas TM
ISMS Program Development The governing principle behind an ISMS is that an organization should design, implement and maintain a coherent set of policies, processes, and systems to manage risks to its information assets, thus ensuring acceptable levels of information security risk. Brier & Thorn will work with you to develop all of the necessary policies and procedures required by ISO 27001 for your ISMS library, perform an IT risk assessment, internal audit, help you develop KPIs for your ISMS, and present those findings in your annual management review meeting. For organizations with an existing ISMS, we can provide the ongoing maintenance and management of the ISMS as a service, maintaining your annual surveillance and recertification audits to maintain your ISO 27001 certification.
Securing Your Ideas TM
Penetration Testing Organizations need a clear view of which risks are acceptable and which ones must be treated as a result of posing an unacceptable risk to the business. Furthermore, the need to understand the intricacies of complex technical solutions, interpret technical jargon and consider vulnerabilities in the context of impact to the business is increasingly a challenge for managers and stakeholders in an organization. A penetration test presents a focused view of potential risks to information in the context of attack, loss of service, and impacts to data integrity from any threat source. Brier & Thorn performs both external and internal penetration testing following the Penetration Testing Execution Standard (“PTES�); a methodical framework for performing a penetration test. Using a combination of exploits, Metasploit modules, and open source tools, Brier & Thorn takes vulnerability identification to the next level through exploitation in attempts to gain a foothold on the target network or application to determine the level of risk vulnerabilities place on the business so risk-based decisions can be made on which vulnerabilities to remediate.
IT Risk Assessment An effective risk management process is an important component of a successful information security management system. The principal goal of an organization’s risk management process is to identify, assess, and mitigate key risks in order to protect their assets, brand, and reputation. Risk management is the process of identifying, controlling, and mitigating information system-related risks. It involves the process of identifying vulnerabilities and threats to the information assets used by our clients in achieving business objectives, and deciding what countermeasures, if any, to be taken in reducing risks to an acceptable level. Our Risk, Audit, and Compliance practice will assist you in adopting an enterprise-wide approach to analyzing and prioritizing IT risks and aligning them with your strategic goals. Our advisors perform risk assessments according to the ISO 27005 standard framework, which drives all security planning, analysis, and design activities later in the risk management lifecycle. The ISO 27005 standard provides guidelines for information security risk management that support the requirements of an ISMS as defined by ISO 27001. Our methodology for performing a risk assessment follows a process of vulnerability and threat identification to information assets that equips our clients with the requisite information needed to make informed decisions about their risk profile so that risk can be treated to an acceptable level to the business.
Internal Audit We perform IT security audits for our clients that examines the management controls within the Information Security Management System according to the ISO 27001 standard. The evaluation of obtained evidence determines if the information systems are safeguarding assets, maintaining the confidentiality, integrity, and availability of data within scope of the ISMS, and that IT security controls are operating effectively to achieve the organization’s stated goals or objectives. Brier & Thorn helps its clients accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of IT risk management, control, and governance processes surrounding the scope of the ISMS. Our auditing services act as a catalyst for improving our client’s governance, risk management and management controls by providing insight and recommendations based on analyses and assessments of data and business processes. With commitment to integrity and accountability, our advisors provide value to governing bodies and senior leadership as an objective source of independent advice.
Network Security Monitoring Our distinctive managed security service is built around a fundamentally different approach that is redefining what managed security services are. Our approach is unique in the industry, one that centers around a product agnostic methodology that weaves our SOC into the fabric of our clients IT security organization by managing and monitoring our clients existing network and endpoint security controls rather than requiring an overhaul of existing infrastructure with new technology. We believe in creating a better way for our clients. That better way has redefined the managed services model at Brier & Thorn. Through our managed services, our clients are able to integrate our SOC into their IT organization, allowing our engineers to take over the management and monitoring of already deployed network and endpoint security controls — from UTM devices on the edge and core to antimalware agents running on every endpoint. To this end, our team also believes that managed security services shouldn’t stop at monitoring, but should also include a robust vulnerability management program that includes quarterly vulnerability scanning and annual penetration testing. Where there is no monitoring solution in place, whether that’s a lack of a central log management server or Security Information and Event Management (SIEM) solution, our team will review the requirements our clients have for such a solution, identify what log types are in place currently, and make the appropriate recommendation for a SIEM solution that meets their needs.
Managed Governance, Risk Management, and Compliance (GRC) Governance is the overall management approach to driving and controlling the whole organization, with appropriate information and control mechanisms; Risk management encompasses all risks that are relevant to the organization, and the response to each of those risks; and Compliance ensures the organization conforms to laws, standards, industry directives, contractual commitments, and internal policies. Brier & Thorn provides managed GRC services which includes the GRC platform itself, which so many companies struggle with in implementation and continuous “care and feeding” in order to keep it functional. Brier & Thorn brings the technology, infrastructure, and resources needed through a full spectrum of delivery models from co-sourcing to operating as an extension of the our client’s IT risk management, internal audit, and compliance functions within their organization. Brier & Thorn has partnered with Metricstream to provide clients a one-point access to multiple risk frameworks and best practices, the ability to perform qualitative and quantitative risk assessments, assess risks by leveraging configurable risk scoring algorithms, monitor issues and recommendations to closure, gain enterprise-wide visibility into IT risk processes and data, and align IT risks to business and enterprise risks. Brier & Thorn’s IT Risk Management platform in the Metricstream GRC tool empowers organizations to adopt a focused and business-driven approach when managing and mitigating their IT risks.
Product Security: Telematics Control Units and Infotainment Systems Cars are becoming extremely complex products. In the 1950s all it took was a mechanical engineer to build one, today most vehicle controls are electronic. Even low-end cars have embedded more than 30-50 so-called Electronic Control Units (ECUs) that talk over Controller Area Networks (CANs). Brier & Thorn performs security testing of all layers of the Telematics System over the entire attack surface that the TCUs use to communicate, including Bluetooth, WLAN, and cellular phone networks. All layers of a telematics system are tested, including the:
Telematics Control Unit or TCU, which is an embedded in-vehicle device control unit that communicates with the automobile electronic control units ECUs and GPS satellite, accessing the telematics services over the wireless infrastructure. Telematics Network Operations Systems or TNOS, which is the hub where all telematics services are delivered and all raw data from the TCUs is processed. Wireless Communications Infrastructure or WCI, which provides the backbone for all the information exchange between the TNOS and TCUs and between the TCUs in the form of AD-HOC networks Vehicle Interface Block or VIB, which is responsible for communication with the rest of the vehicle ECUs and GPS receiver, including all network types and protocols used in the in-vehicle network, such as LIN, MOST, CAN, and Flexray.
Client Portfolio
Contact Us San Diego - World Headquarters Brier & Thorn, Inc. 1855 1st Avenue Suite 103 San Diego, CA 92101 Tel: +1 858 381 4977 Fax: +1 858 346 6262 URL: www.brierandthorn.com Email: sales@brierandthorn.com
Milwaukee Brier & Thorn, Inc. 310 East Buffalo Suite 108 Milwaukee, WI 53202 Tel: +1 262 476 0614 URL: www.brierandthorn.com Email: sales@brierandthorn.com
Mexico City Brier & Thorn Mexico, S.A.P.I. de C.V. Mexico City Reforma – New York Life Building Torre New York Life Piso 26 Paseo de la Reforma 342 Col. Juárez Mexico City, C.P 06600 Tel: +52 551 168 9620 URL: www.brierandthorn.com.mx Email: sales@brierandthorn.com.mx Brier & Thorn Germany, GmbH Lautenschlagerstraße 23a, 1st Floor, 70173 Stuttgart, Germany Main: +49 711 2295 4576 URL: www.brierandthorn.de Email: sales@brierandthorn.de
Brier & Thorn UK Limited London Kensington Olympia Crown House 72 Hammersmith Rd. Hammersmith, London UK W148th Main: +44 20 3318 6696 URL: www.brierandthorn.co.uk Email: sales@brierandthorn.co.uk