Managed Services

An End to End Support Solution To Optimise Your
 Operations, 
Reduce Cost and Manage Risk

Chamonix Managed Services provides access to a highly skilled team to provide your platform with the support it needs in a robust, scalable, and relevant IT support solution with expertise in Essential Eight, Environment, Application and Integration as a Service and Intelligent Automation.

Our Services

ESSENTIAL EIGHT
MATURITY MODEL

CYBER SECURITY
 

ENVIRONMENT
 

ROBOTIC PROCESS
AUTOMATION

INTEGRATION MANAGEMENT AND
ENHANCEMENT AS A SERVICE

APPLICATION MANAGEMENT AND
ENHANCMENT AS A SERVICE

Essential Eight Maturity Model

The Essential Eight Maturity Model was developed to help organisations mitigate potential cyber security incidents. The Essential Eight provides a roadmap for organisations seeking to reduce their cyber security attack surface by detailing a minimum standard of mitigations organisations can put in place to reduce the risk of a cyber-attacks and to minimise the exposure in the event a cyber attack does occur.

Impacts and Recommendations

Cyber attacks can impact an organisation in many ways including:

  • Economic Costs: Includes loss, damage or theft organisational, customer and employee data and disruption of services.

  • Legal Consequences: Including data protection and privacy breach

  • Reputational Damage


The Australian Cyber Security Centre recommends all organisations target Maturity Level Three. The varying levels give organisations a pathway enabling them to achieve a recognised level of compliance on their journey to Level Three.

  • Maturity Level One: Partly aligned with the intent of the mitigation strategy.

  • Maturity Level Two: Mostly aligned with the intent of the mitigation strategy.

  • Maturity Level Three: Fully aligned with the intent of the mitigation strategy.

The Essential Eight

Application Control

Application Control or whitelisting is the practice of specifying a list of approved software applications that are permitted to be present and active on a computer system. Whitelisting is designed to protect computers and networks from potentially harmful applications.

Application Control

Application Control or whitelisting is the practice of specifying a list of approved software applications that are permitted to be present and active on a computer system. Whitelisting is designed to protect computers and networks from potentially harmful applications.

Application Patching Strategies

Most common threats use known vulnerabilities in applications, using a robust application patching strategy mitigates these risks. End of life applications (those not receiving vendor support) should be updated or replaced with supported applications

Application Patching Strategies

Most common threats use known vulnerabilities in applications, using a robust application patching strategy mitigates these risks. End of life applications (those not receiving vendor support) should be updated or replaced with supported applications

Microsoft Office macro settings

Macros allow users to group together multiple commands into a single action to complete tasks automatically. While this can be a convenient way automatically complete tasks, they are also used to execute malicious code. Strict controls should be applied to control how macros execute

Microsoft Office macro settings

Macros allow users to group together multiple commands into a single action to complete tasks automatically. While this can be a convenient way automatically complete tasks, they are also used to execute malicious code. Strict controls should be applied to control how macros execute

User application hardening

Web browsers are hardened against common intrusions such as ads, unmanaged extensions, and flash content. Microsoft Office is hardened against intrusion from plugins, objects and embedded packages.

User application hardening

Web browsers are hardened against common intrusions such as ads, unmanaged extensions, and flash content. Microsoft Office is hardened against intrusion from plugins, objects and embedded packages.

Restricting administrative privileges

Ensuring the principal of least privilege is applied. Administrative access is limited to only those users who require it. Administrative credentials are only used when performing administrative functions and have additional controls in place to prevent the exposure of administrative accounts to common attack vectors such as email and web browsing.

Restricting administrative privileges

Ensuring the principal of least privilege is applied. Administrative access is limited to only those users who require it. Administrative credentials are only used when performing administrative functions and have additional controls in place to prevent the exposure of administrative accounts to common attack vectors such as email and web browsing.

Patching Operating Systems

Operating systems patching must be implemented to ensure identified security vulnerabilities are not left open for exploitation. End of life operating systems must be updated or replaced with vendor supported alternatives

Patching Operating Systems

Operating systems patching must be implemented to ensure identified security vulnerabilities are not left open for exploitation. End of life operating systems must be updated or replaced with vendor supported alternatives

Multi-factor authentication

Operating systems patching must be implemenaMulti-factor Authentication (MFA) provides an additional layer of security protecting your accounts from being compromised with the use of two (or more) authentication methods. Examples of MFA include biometrics, software, and hardware tokens – when used in combination with a password.ted to ensure identified security vulnerabilities are not left open for exploitation. End of life operating systems must be updated or replaced with vendor supported alternatives

Daily backups

Ensuring important information is backed up in a secured manner and for a sufficient period with a high enough frequency to minimise the risk of permanent data loss. Restoration processes must be in place and tested regularly to ensure data restoration is reliable.

Daily backups

Ensuring important information is backed up in a secured manner and for a sufficient period with a high enough frequency to minimise the risk of permanent data loss. Restoration processes must be in place and tested regularly to ensure data restoration is reliable.

Outcomes

Chamonix Managed Services works with organisations to:

  • Assess Essential Eight Maturity level

  • Work with your organisation to assess the impact of implementing all controls required to achieve Maturity Level 3

  • Establish a plan to achieve your desired Maturity Level

  • Implement the required technical controls

  • Conduct user training

  • Setup on-going management of security controls to ensure your organisation maintains compliance.

Cyber Security

Chamonix specialises in the implementation of technical security controls. We work closely with security advisors to assist in the development of the statement of applicability. We then work with security advisors and auditors as we design, implement, test and audit the technical controls required to meet the statement of applicability.

As ACSC (Australian Cyber Security Council) Partners, we have a track record of implementing and maintaining secured environments, providing implementation of technical controls to improve security posture and achieve compliance with a number of security standards.

Our services are designed to work across various maturity levels and we commonly work with the following frameworks and programs:

  • ACSC Essential Eight

  • IRAP – Information Security Registered Assessors Program

  • DISP – Defence Industry Security Program

  • SACSF – South Australian Cyber Security Framework (formerly ISMF)

  • CIS Benchmark – Centre for Internet Security

  • ACSC ISM – Information Security Manual

  • Australian Digital Transformation Agency (ADTA) Blueprint

In the table provided we have listed some of the more common systems and services we work with.

 

Environment

For organisations looking to transition to a modern mobile way of working, our Environment as a Service offering provides a highly responsive solution that enables mobile workforces whilst maintaining a high level of security. Our team has deep experience in implementing and migrating environments, working with organisations of all sizes. We apply a strong security focus in delivering high quality, modern outcomes for our customers.

Our services include:

  • Cloud Migration

  • Management of On-Prem and Hybrid environments

  • Management of cloud-based environments

  • End user device management

  • IT Service Desk (Incidents, Problems, Changes, Service Requests)

  • Architectural advice

In the table provided we have listed some of the more larger number of systems and services we work with

 

Robotic Process Automation

For organisations looking to maximise value and increase employee satisfaction whilst reducing reliance of heavily manual processes, our RPA as a Service offering provides a solution to generate value quickly and cost effectively. We work with businesses to identify repetitive tasks that could be automated, analyse processes, design and implement RPA based automation solutions and manage and maintain RPA processes.

Chamonix delivers Robotic Process Automation using two primary platforms:

  • Automation Anywhere

  • UI Path

Integration Management and Enhancement as a Service

For organisations needing assistance creating or supporting integrations, our Integration Management and Enhancement as a Service offering ensures they remained aligned to the changing needs of the business. Our team can provide guaranteed availability of skilled personnel to support integrations on a basis to suit requirements.

Our services include:

  • Management and monitoring

  • Maintenance

  • Service Desk (Incidents, Programs, Changes, Service Requests)

  • Enhancements

Chamonix supports the following integration platforms:

  • Azure Integration Services

  • BizTalk

  • WSO2

  • AWS Application Integration

  • WebMethods

Application Management and Enhancement as a Service

Designed for organisations needing access to a development capability, our Application Management and Enhancement as a Service offering provides both support and enhancement services. From smaller requirements through to larger, more complex projects, we assist customers in keeping application and platform functionality aligned to evolving needs.

Our services cover:

  • Scope, Design and Build solutions

  • Leveraging existing platforms or build custom solutions

  • Management of applications and platforms

  • Health Checks and architectural reviews

  • Enhancements

  • Security assessments

The Managed Services application team is capable of supporting a wide variety of applications and platforms. We have listed our most common platform and technical stacks. 

 

CHAMONIX IT CONSULTING 2020