Enhance the safety and control of your company information, get higher productivity and lower security costs with Cyberbrain.

20 years of experience

11 certifications offered

4 large banks served

Cyberbrain consulting helps companies to get control and protection of their cybernetic safety environment. We offer solutions for improve processes, tools, and awareness for collaborators. Our mission is to help achieve the highest level of privacy and data security, for a safer environment and effective governance to address cyber risks.

Cybersecurity is everyone's accountability

The increasing digital threats put your reputation and assets at risk. Cyber security has become an issue that goes beyond the IT universe and can severely impact its entire organization. It is common for this topic to be a growing concern among the C-level.

CyberBrain aims to adapt its entire organization to the policies and good security practices. Our goal is to stablish effective governance over security controls capable of mitigating cyber risks and ensuring data privacy. We transcend the IT universe and offer multidisciplinary approaches to deal with the complexity of technological and multicultural environments.

Highly complex IT environments require expertise
as well as broad, coordinated approaches.

CyberBrain brings together what’s best about information security, with methodologies, tools, and several cases in major brands.

Information Security Diagnostics and PenTest.

Get to know and monitor your exposure level. Even though it is impossible to eliminate threats in their entirety, it is essential for your company to know the level of risk it is assuming and take consistent measures to continuously reduce it.

With extensive experience in audits and assessments for information security, CyberBrain maps and tests existing security resources, providing a concrete measurement of your protection and exposure. Count on CyberBrain to evaluate the security quality of its own or third-party solutions.

Compliance

CyberBrain possesses extensive experience in adapting companies to regulatory requirements, and international standards as much as preparing for certifications:

SOX Compliance
PCI-DSS Compliance
ISO 27001 – Information Security
ISO 27701 – Data Privacy
ANBIMA
CVM
BACEN
B3 - QPO
COBIT
LGPD
GDPR

Governança with Flexibility

Evolve your security processes to face the demands of the market and the growing threats of the digital environment. CyberBrain can help you review, create and establish cybersecurity procedures that meet your challenges.

Furthermore, CyberBrain offers the flexibility your business needs. It is possible to rely on our services for closed scope projects, and flexible scope projects, as well as for continuous monitoring in the CISO as a Service and DPO as Service modality.

Successful Stories

Awareness Program and Safety Training at a Large Brazilian Bank

Deliverables

Study of the main attack tactics of the industry
Technical content for awareness assets
Awareness of executives and management
Definition of strategy and coordination of campaigns and events
Conducting safety lectures and quizzes

Achieved Results

Improvement of collaborators’ safety awareness and attitude
Decrease in security incidents
Increased availability of the technological environment

Adaptation of a Large Multinational Bank to SOX

Deliverables

Sox test design and audit evidence of IT and IS
Structuring and organization of tests and evidences
Coordination of the audit strategy with external and internal auditors
Support for auditors

Achieved Results

Sox Certification
Improvement of the control environment

Deployment of a Large Brazilian Bank to PCI

Deliverables

Assessment for PCI gaps diagnostic
Definition of action plans for compliance
Training for executives and collaborators
Support with the preparation and adaptation of the environment
Structuring and organization of responses and evidence to PCI DSS requirements
Recommendations report
QSAs service support

Achieved Results

Compliance cards environment to PCI DSS
Improved security in the card data environment

Implementation of the SoD Matrix (Segregation of Duties) in a Large Company in the Health Industry

Deliverables

Analysis of critical processes and identification of sensitive functions
Matrixes of toxic combinations of function access and operations (SoD)
Sensitive transaction (operations) identification arrays (SAD – Sensitive Access Transaction)
Policies definition of identity and access (IAM – Identity Access Management)
Identification of access security gaps and action plans for solution

Achieved Results

Profile adjustments and access to critical system functions
Reduction of the possibility of fraud and information leakage
Control improvement and speed in transactions flow
Business areas with better knowledge of their risks and mitigating control

Diagnosis and LGPD audit in large call center company, a large circulation newspaper, and one of the largest consortium companies in Brazil

Deliverables

Process mapping and risk analysis of personal data processing
Review of the legal bases and protection of personal data according to the LGPD
Training workshop with cases for executives and collaborators
Review of information security processes for personal data protection
Regularization of the use of cookies on company websites
Deployment of service processes for Holders and Regulators (ANPD – National Authority of Data Protection)
Construction of policies and privacy rules
Formulation of information safety specs
Definition of support organizational structure to the DPO – Data Protection Officer
Support service about the law through DPO as a Service and CISO as a service

Achieved Results

Assistance to LGPD – Law 13,709/2018
Reduction of sanctions risk and negative exposure of the company to the media
Possibility for the company to keep business relations with the European bloc and other countries that require personal data protection
Assistance to the clients’ contractual demands
Increase the company safety information level
Positive image in the marketplace due to the company respect for the elementary privacy principles.

CyberBrain was founded by João Carlo Mauro, a cybersecurity specialist with more than 25 years of experience and participation in projects for large companies such as Santander, BankBoston, Itaú, B3, and Citi. He has led several projects to ensure the adequacy of the regulations and standardization, such as SOX, PCI-DSS, ISO27701, ANBIMA e LGPD.

The CyberBrain staff has extensive experience in several segments, with special expertise in the financial, retail, and energy sectors, being prepared to act in highly complex scenarios.

Methodologies used

João Carlo Mauro, CISM

Cyber Security Area executive with extensive experience in Risk Management, Privacy and Data Protection, IT, Audit, and Internal Controls in the Financial and Consulting areas.