For pragmatic and rapid results, we partner with you and your inhouse specialists to fully understand your risk appetite and goals, diagnose the challenge and provide much needed expert resources and capabilities to solve your high-risk cyber security challenges.
Our highly skilled team combine expertise across regulatory and cyber security programme management and have a proven record of delivering many projects, including the following;
- Regulatory and security assessments,
- Data loss prevention,
- Identity and access management,
- Cyber risk management,
- Operational resilience,
- Vulnerability management,
- Secure configuration,
- Phishing defences.
We are experienced security professionals, bringing expertise in Project and Programme Management, Security Analysis and Architecture, so rest assured, your project is in safe hands.
Security Strategy Development
We are frequently surprised by the number of organisations that have designed their security posture around the deployment of more and more tools, rather than by first setting a tailored risk appetite and investing selectively. We have worked with numerous controls and risk frameworks, and have experienced the full range of challenges that come with deploying security change. Our strategy development service can help you identify the best use of budget and protect your information assets based on their importance.
Activities we might undertake in this area include:
- Risk appetite design
- Control framework identification, tailoring and testing
- Security architecture reviews
- Development of metrics and MI reporting
- Strategic development at entity and team levels
- Operating model design
Security and Business Analysis
We have highly skilled and experienced analysts, specialising in requirements definition and traceability, use-case development and solution design. These are targeted at the right level for your organisation to give your security projects the best chance of success.
We have multifaceted skills in specific security capabilities such as:
- Privileged Access Management,
- Data Loss Prevention,
- Vulnerability Management,
- Network Access Control and device hardening.
Our experience extends beyond security delivery, as we have team members with regulatory experience including GDPR, FATCA and FSA-FCA transitional compliance. activities we might undertake in this area include:
- Use case development
- High level and detailed level requirements
- User training delivery
- Standards and controls design
- Security risk and controls analysis and assessments
Data Protection Services
We support organisations with their significant data privacy transformations by ensuring that data privacy within an organisation is supported by a robust strategy, defined and implemented with the appropriate level of skill and expertise.
The profile of Data Protection laws has arguably never been higher. Since the introduction of Europe’s General Data Protection Regulation (GDPR) in May 2018, data protection breaches have continued to regularly hit the headlines. Compliance is mandatory and with sky-high penalties and reputational damage for breaches, this is an area that companies ignore at their peril.
It is essential that data privacy within an organisation is supported by a robust strategy, defined and implemented with the appropriate level of skill and expertise.
our consultants have deep knowledge and experience within the field, and have supported organisations through significant data privacy transformations. This includes the full implementation of GDPR readiness for a global FTSE 50 Asset Manager.
Our Data Protection services include:
- Data Privacy Assessments (DPAs).
- Definition and implementation of full Data Protection strategies.
- Alignment with GDPR regulations.
- Helping organisations understand how Data Protection is mapped to Business and IT strategy.
ISO/IEC 27001 Information Security Management
ISO/IEC 27001 certification is a highly effective way to communicate your diligence to your regulators, partners and customers. It provides a visible marker that you are taking your data protection and information security obligations seriously.
In terms of Information Security Management Systems (ISMS), ISO/IEC 27001 is the number one globally recognised standard. Being able to certify that you are compliant with ISO/IEC 27001 provides a visible marker that you are taking your data protection and information security obligations seriously.
Developed in 2013, the risk-based standard allows for a degree of flexibility in implementation that other standards often don’t. Each implementation of ISO/IEC 27001 is different, depending on the organisation.
our partners ISO/IEC 27001 consultants are certified and highly skilled in this area, having completed multiple ISO/IEC 27001 implementations for organisations of different shapes and sizes.
Our ISO/IEC 27001 services include the following:
- A fully managed ISO/IEC 27001 certification process.
- An ISO/IEC 27001 audit.
- ISMS framework development.
- ISO/IEC 27001 gap analysis and remediation planning.