Our Services

There's significant hype surrounding cyber security, often fuelled by media reporting. However, where there is smoke there may well be fire. The challenge with cyber security is helping senior business leaders understand which of the real facts of cyber security impact their business and how to sort the wheat from the chaff. Exploiting the experience and insight secured from a wide range of business, from assessing a wide range of threats and the consequences to enterprises from successful attacks can help build this understanding.

A strategy helps point and show the enterprise where it needs to go to protect its critical information assets. At a lower level of detail, the enterprise must have sound and relevant policies to define what it needs to do to be secure. Importantly, these policies must if they are to be effective must be relevant and appropriate to the culture, ethics and organisational structure of the enterprise that is going to use them! We now help enterprises to move beyond classical information security policy structures to embrace cyber security recommendations that can help create policies that are more accessible and relevant to the business.

If one has a strategy and defined policies and standards for the enterprise, the next question is how well am I doing., and am I doing enough? Gauging the maturity of an enterprise’s cyber security governance, risk and compliance activities and operational capabilities is an important step in defining how well placed an enterprise is to defend itself from threats. Also, it can help to assess how far the enterprise has come and how far it might need to go in implementing its strategy. These cyber security maturity assessments establish a benchmark to help make informed management decisions on the direction and pace of the cyber security strategy.

A strategy gives direction and purpose to your security and protection initiatives. It is essential to have a strategy if you want to transition your enterprise from simply addressing compliance to being risk aware and sufficiently secure against your threats.

As much as “compliance” is perceived to be an absolute, “you will comply!”, there are shades of compliance and strategies that can both manage and reduce risk and at the same time reduce the compliance burden. Nowhere is this more relevant in considering which PCI standards might be apply or which standards one needs to be compliant to and to what level of assurance of compliance.

Government regulation and private regulation such as PCI has always had a role in setting out what you need to secure and now it is increasingly telling you how you need to protect it and what you need to do. Is your business ready, and what impacts will it have upon you? This is becoming increasingly important in the area of data protection and the need to conduct data privacy impact assessments.

All risk assessments start with a consideration of the threat. Yes cyber threats are real, but are all threat actors and their attack strategies going to target you? Are some threats more likely than others given your business? A threat assessment allows you to make reasoned decisions which threats you certainly need to be concerned about.

Data breaches and compromise events can be harrowing and costly. You most probably will need expert forensics analysis to determine exactly what happened and what was damaged or lost. But are you prepared to manage the consequences of these forensic findings? You may well need support to assess and prioritise the resolution of any findings. However, most of all you may also need support in managing the impact and consequences of the incident with those external and internal parties who were relying upon you to be secure.

Technology and securing it is now a board level concern. Enterprises big and small are increasingly employing technologists and security specialists in senior positions. Given the rapidity in career progression for these individuals, they may well lack the breadth of experience they need. Mentoring and supporting them can reduce these risks.

Security leadership is becoming increasingly important for all enterprises big and small to help enterprises make appropriate decisions to protect their information. Where the resources to provide the required leadership cannot be found from inside, or outside, the enterprise securing external support can be the next best thing. This support can be measured in short or long-term support as frequent as the enterprise needs it.

How do you know that the third parties and vendors that provide you products and services are secure? Is that piece of paper or certificate they show you sufficient to understand the level of risk they represent to you? You can never delegate or abrogate risk to these third parties it is always your risk. Everyone should therefore be conducting risk assessments of those they buy products or services from.