We offer Cyber Security Assurance consulting, helping organisations to implement practical Information Security Governance and Risk Management capabilities. We also help our clients to develop the necessary policies and procedures necessary to align with industry standards: from Cyber Essentials to ISO27001 and NIST, recognising that each implementation will be unique to each client.
Our team has experience in Government, as well as the Financial, and Technology sectors. Projects include development and implementation of post cyber-attack recovery road maps; Cyber Essentials Plus accreditation; security policy suite development against ISO27001; design and implementation of Risk Management framework; implementation of Vulnerability Management processes; Compliance assessment against critical functional areas including Identify and Access Management, Backups, and cloud ‘devops’.
The global impact of Cyber related crime is estimated at anywhere from $3Tn to $10Tn US Dollars. And the threat not only comes from criminal gangs and small hacker groups, but also from nation-states. As a result, the risks from Cyber-attacks are increasing exponentially – against both public and private sector organisations and critical infrastructure.
Cyber Security can no longer be assigned to the “IT guy in the corner”; the consequences of a cyber breach such as a ransomware attack may be as stark as pay the ransom or go bankrupt. Consequently Cyber Security has become a critical function in its own right and responsibility sits with all management across the organisation.
We provide a range of consulting services, including:
- Development of security strategy:
- This starts with an initial assessment of an organisation’s current security posture.
- The development of a security capability requires a roadmap of key initiatives needed to address areas of concern identified in the initial assessment phase.
- Development of security protocols to help protect against phishing and deep-fake attacks:
- Internal financial and operational controls
- Controls of 3rd party transactions
- Implementation of security specific capabilities:
- Definition and implementation of a Security governance capability, bringing together cross-functional teams including: Cyber Security, Information Security, IT, Data Protection.
- Risk management processes
- Vulnerability scanning and remediation processes, including recommendations on tools.
- Assessment of security compliance against industry standards including:
- Cyber Essentials (CE) and CE+
- Implementation of security policies and processes including:
- General employee security policies, including Acceptable Use Policy
- Asset Management Policy
- Network Security Policy (including Server Hardening)
- 3rd Party Management Security Policy
- End User Device Policy
- Security logging and monitoring
- Vulnerability Disclosure
- Remote Access
- Backup Management Policy
- Incident Management Policy
- Patch Management Policy
- Identity and Access Management Policy (including Password and Authorisation Policy)
- Cryptographic Controls Policy
- Configuration Management Policy
- Password Policy
Each organisation’s IT architecture is unique, ranging from largely on-premise solutions to a completely Cloud based architecture. Therefore each document and procedure is developed in cooperation with client teams, avoiding off the shelf templates. In this way we ensure that the end result is a security assurance capability that works as an integral part of the organisation’s day to day operations.
We also work with a number of trusted partners and can provide a range of services including:
- Virtual CISO
- Security capability across:
- Infrastructure including email systems and end point security
- Managed SOC and SIEM
- Network security
- Threat analysis – including dark-web searches
- Education and training
- Zero trust set up
- Data protection
- Penetration testing
Check out the other services we offer:
We offer management consulting services across the full transformation lifecycle, from strategy development through to delivering large-scale change programmes.
We tackle our clients’ most complex challenges, helping them to shape and implement change that delivers real results.
With technology now critical to helping drive corporate strategy and ensuring its success, today’s CIO is fast becoming the new corporate “rock star,” as well as an advocate for change, corporate transformation and the realities of what new technologies can do. But technology investments don’t always achieve the expected benefits, and companies are finding that harnessing technology to fuel innovation is a major challenge.
How do we mentally process change? Why are we resistant to change, and is it normal for us to do so? What benefit do the people subject to the change receive in return?
By understanding these other and critical questions a strategy can be developed which will help ensure that the change is sustainable, and investments secure.