Simple security health check

We’ll begin by framing a set of questions; based on established standards and tailored to your business needs.

The questions will reveal gaps and weaknesses in your information security controls and processes from which we can develop a measured improvement program.

We'll encourage you to ask the right questions about your information security so that appropriate corrective measures can be taken, in the right place, in good time.

We can run internal audits against the standards and prepare you for certification.

Information risk management

Risk Management is central to any information security management system.

can help you set up a new or modify an existing risk management framework for your organisation and help you run it effectively.

We can run workshops and team sessions to help you identify, qualify and score risks and prioritise and manage risk treatment.

controls you put in place and the modified processes and procedures you adopt will contribute to reducing your information security risk in a measurable way over time.

Security improvement planning

We assess any gaps in your security defences. We analyse your risks and create risk mitigation plans with you.

The process of planning and implementation to bridge any gaps in your security and to keep the attention on what will make the most positive difference is a series of projects known as the security improvement plan.

We shall help you plan these projects and keep your security improvement on track.

Information Security Management System

Keeping on top of information security requires a system of policies, guidelines and controls, a methodical approach to risk management, a clear process for performance monitoring and leadership that is open to observation, questioning, feed-back and continuous improvement.

We shall use the ISO27001 security management system framework as a preference to help ensure all of this is in place. However, we would recommend close integration with existing management and documentation systems you already have in play.

Business continuity and disaster recovery planning

We shall build clarity about the importance of each of your main information-based systems, we shall establish ownership and from this build a plan of what to do when that asset fails or ceases to become available. We shall use agreed measures of how long the organisation can run without the asset (Recovery Time Objective). We shall use agreed measures of how much data the organisation can afford to lose (Recovery Point Objective).

From this we shall develop plans that incorporate re-design, system redundancy, re-direction of load and resources and other risk mitigation controls and measures as appropriate.

Failures that affect multiple assets or that take the organisation beyond the parameters of a business continuity plan are termed disasters.

There should be plans in place so that all parties are aware of their roles throughout the tense period of time-to-contain through to business-as-usual.

>Scenario’s and disaster recovery planning will be key to this.

Communicating the outcomes formally through the organisations risks management process will be critical.

Special security project management

There are many routes to a position of ‘good information security.’

There will be many occasions where an agreed security improvement plan that has been through the formal risk management processes will require project management to take the control to completion.

We shall use our ITIL, CISSP, TOGAF and ISO27001 training to look at the end-to-end operating model for the creation, delivery and continual improvement of tech-enabled products and services.

Projects will be managed according to the PRINCE methodology.

We have access to associates with deep knowledge of both technical infrastructure and for top-level organisation and behavioural change projects where this is appropriate.