MINERVA is a boutique cybersecurity consultancy providing tailored services that align with your business goals. We identify security threats and help clients mitigate the associated risks.
In today's rapidly evolving world no two businesses are alike and we believe that no two security assessments should be either. Our consultants have worked with organisations across a wide range of industries from tech start-ups to those listed on the FTSE 100 and Fortune 500. Our broad experience, along with our desire to understand your business objectives, allows for the development of a personalized security approach that can safeguard your information and reputation.
MINERVA is a privately-owned, vendor-neutral company with no external investors, and no sales targets. This allows us more time to focus on your needs and provide a quality service.
What We Offer
Our solid track record comes down to our experience, professionalism, communication skills, and credentials. All of our consultants hold Master’s degrees in cybersecurity-related disciplines. They also hold professional certifications from established industry bodies such as ISACA®, (ISC)2®, and CREST.
As a strategic partner, we will work with you to assess your current security infrastructure and build a customized program based on the results. Our collaborative approach means we help you make security improvements where needed but also point out what you've been doing right.
We take a personable approach with our clients and aim to establish an on-going business relationship and friendship. We won't hide behind our computer screens and can ensure you will have a friendly voice at the end of the phone line or at the end of the table.
Every MINERVA consultant has at least 10 years of experience. The case studies below are examples of the diverse work our team has been involved with in the past.
Let's have a chat to discuss
how we can help.
MINERVA Information Security Ltd
Registered in England no. 08597647
Prama House, 267 Banbury Rd, Oxford OX2 7HT
Service provider PCI DSS compliance
MINERVA was approached by a Florida-based e-commerce solutions provider to support its PCI DSS compliance efforts. After reviewing its cardholder data environment (CDE), MINERVA scoped a multi-phased assessment to address PCI DSS requirements 11.1 and 11.2:
- - Quarterly onsite rogue wireless access point detection
- - Quarterly internal vulnerability scans
- - Gap analysis before each external quarterly ASV scan is due
- - Annual external and internal application and network pen testing
The results of each phase were captured in a detailed deliverable which included findings and recommendations tailored to reference the PCI DSS standards.
Security probes against dating website
Due to recent growth in its user base, an online dating company noticed a surge in security probes against its systems. The company was concerned that the personal data collected for its service would be disclosed to unauthorized parties. Additionally, the company was worried that its users would find a way to bypass the subscription fee required to use its service.
Our consultants were involved in conducting a fully customized infrastructure and web application security assessment–i.e. pentest or penetration test–that kept the company's concerns in mind. Furthermore, server logs were analyzed to confirm that users had not already taken advantage of the security weaknesses found.
The assessment results allowed the company to remediate security flaws that could have resulted in personal information disclosure or fraudulent use of its dating service. It also instilled confidence by ensuring the right security measures had been put in place to advance its data protection efforts. This preventive action has also saved the company from having to deal with potential legal liabilities.
Guest WiFi environment rollout
A financial institution was about to roll out a guest WiFi service at one of its branches. The staff was concerned that the new guest WiFi setup would bridge with the existing corporate WiFi network and potentially allow visitors to access corporate resources.
The institution needed an expert to help review the tentative network design for the guest WiFi network to ensure it didn't expose the corporate network. It also wanted independent verification that the guest WiFi network would be loyal to the agreed design, once it had been implemented.
One of our consultants was engaged to review the draft network design of the Guest WiFi network and made recommendations to ensure that it didn't expose internal corporate systems to guest WiFi users. Once the WiFi network was up and running, the consultant also went on site to verify that the corporate and guest WiFi environments were indeed completely isolated from each other.
Security incident investigation
An online gaming platform discovered that a user's gaming activities had spiked considerably and every single bet placed resulted in a win. The suspicious activity was identified thanks to monitoring controls that were already in place. The specific game used by the suspect user was temporarily closed to prevent any further losses for the house.
The staff suspected that a flaw in the game was being abused to consistently win. Despite significant efforts to identify how the player managed to always win, the company wasn't successful in identifying the source of this abuse.
One of our consultants helped develop a proposal that consisted in analysing the activity logs generated by the user in question. Additionally, the game was assessed for security flaws that may have allowed to consistently win bets and profit illegally from the gaming site.