Security in any system should be commensurate with its risks. However, the process to determine which security controls are appropriate and cost effective, is quite often a complex and sometimes a subjective matter. One of the prime functions of security risk analysis is to put this process onto a more objective basis.
IT Security Policy Development
Assisting a client to develop a corporate IT security policy which reflects the needs of the business and its exposure to risk.
IT Security Procedures
Developing detailed security controls and procedures for IT environments to comply with the ISO/IEC 1 7799:2000 – Code of Practice for Information Security Management. ISO/IEC 1 7799 and Gap Analysis and Healthcheck reviews of Security Operating Procedures.
HMG Infosec Standards
Given the complex nature of risk assessment in Information Technology, it is a baseline requirement that those responsible for securing protectively marked information will comply with the Infosec Standard, which has been specifically tailored to the current HMG security environment. We have associates who are CESG CLAS Scheme consultants, and will work with clients to determine the appropriate levels of assurance to ensure that protectively marked information is adequately protected and to prepare Assurance Document Sets.
Business Impact Analysis
Assisting a client to build a catalogue of threats and vulnerabilities relating to their business and the potential impacts.
ISO 27001 Security Audit
Conducting audits of business computing systems to assess their compliance with the ISO/IEC 17799 – Information Security Management.
Education and Training
Provision of Information Security training courses at locations throughout the UK. Providing in-house training courses for groups of staff in client organsiations. In particular, tailor-made security awareness training for management and staff.
Business Continuity Planning
Assisting clients to plan for recovering business operations following a disaster that might befall the client’s business systems and resources.