INFORMATION SECURITY CONSULTING · 2017-08-22 · SECURITY STRATEGY Know what you really should be doing and why Strategy development Joining up the ‘Why’ with the ‘What’

© 2016 ITC Secure Networking

INFORMATION SECURITY CONSULTING

WELCOME TO ITC SECURE NETWORKING’S INFORMATION SECURITY CONSULTING PRACTICEWe have enterprise experience across the entire spectrum of information security management, and the consulting experience to tailor outcomes to meet the needs of the mid tier market. The engagements can be around a specific need or capability, or can run from strategy through to procedures, depending on your needs.

This iPDF will give you insight into the services we offer and the journey to the right, sustainable answer for your business.

INFORMATION SECURITY

CONSULTING

Guided self-assessments and health checksUsing repeatable industry-standard references and tools, ITC will quickly guide you to a high-level understanding of your current state of maturity, and help identify where there are any significant gaps. This will drive an understanding of immediate priorities. Health check results can be delivered against a number of recognised frameworks to suit your environment.

STOP 1

ZONE 1

SECURITY POSTURE ASSESSMENTUnderstanding where you really are

Standards-based auditsOur experienced and certified auditors perform formal audits against ISO 27001, PCI-DSS, ISF SoGP or COBIT frameworks to provide the certainty of your alignment to or compliance with recognised security standards.

STOP 2

ZONE 1

SECURITY POSTURE ASSESSMENTUnderstanding where you really are

ZONE 1

SECURITY POSTURE ASSESSMENTUnderstanding where you really are

BenchmarkingUsing a large and up to date data set from the ISF, we anonymously benchmark you against relevant peer organisations. This provides context and comparison to your security capabilities in the marketplace.

STOP 3

Asset modellingITC’s security consultants will help you identify your organisation’s key assets (information, data and systems) and consider these against a range of risk types. This is the key step to ensuring attention is focused in the right areas – on your crown jewels.

STOP 1

ZONE 2

RISK MANAGEMENTUnderstand what really matters

Risk and threat modellingBuilding on insight from the asset modelling stage, we undertake detailed mapping of realistic threat scenarios. This pinpoints particular assets and the corresponding business risks that may arise.

STOP 2

ZONE 2

RISK MANAGEMENTUnderstand what really matters

Vulnerability assessmentsFrom both technical and process perspectives, ITC is able to assess your level of vulnerability to key threats. This provides you with a more informed view of the likelihood of risks arising.

STOP 3

ZONE 2

RISK MANAGEMENTUnderstand what really matters

ZONE 3

SECURITY STRATEGYKnow what you really should be doing and why

Strategy developmentJoining up the ‘Why’ with the ‘What’ – ITC will develop a strategy to enable your business to recognise and manage information security risks. We will also help maintain awareness of, and support for, security initiatives.

STOP 1

ZONE 3

SECURITY STRATEGYKnow what you really should be doing and why

Policy design and developmentWe are experienced in the design of policies to address a wide range of requirements and to meet primary business risk drivers. Policies are always clearly written in a way that makes them usable and relevant. We don’t do shelfware.

STOP 2

ZONE 3

SECURITY STRATEGYKnow what you really should be doing and why

Governance and compliancePart of any effective security environment is appropriate governance and compliance. ITC uses its mix of enterprise to SME experience to tailor security practices to established methods within an organisation, or, if needed, to develop completely new processes and practices.

STOP 3

ZONE 4

REMEDIATIONChoosing, designing and delivering what you really need

Control selectionBy this stage we will both have a clear understanding of business risks, a strategy for managing them and an awareness of your current posture. Together these will allow us to choose appropriate controls to manage those risks in the most effective way.

STOP 1

ZONE 4

REMEDIATIONChoosing, designing and delivering what you really need

Architecture developmentWhere technical controls are required, we will develop an architecture that delivers the control objectives, while reusing existing assets wherever possible.

STOP 2

ZONE 4

REMEDIATIONChoosing, designing and delivering what you really need

Procedure developmentPolicies are nice, but without procedures they are often poorly implemented or not implemented at all. ITC will develop detailed procedures to help ensure the right things are done in the right way.

STOP 3

1

2

3 GO

ZONE 4

REMEDIATIONChoosing, designing and delivering what you really need

AwarenessIt’s all about the people. Overlooked, underfunded, out of date – that’s the sad state of many awareness programmes. So don’t blame the people if they don’t know the right way to do things or can’t see what bad looks like. ITC will introduce engaging, customised and relevant learning methods for your employees.

STOP 4

CISO AS A SERVICEWe provide access to enterprise-level, experienced CISOs who can provide on-going strategic advice and governance, together with risk and compliance oversight. This service can be used to support or develop existing security teams, or delivered directly into the organisation to act as its own CISO.

THE END STOP

If you would like to discuss anything in this iPDF please contact Gareth Lindahl-Wise at gareth.lindahl-wise@itcsecure.com or call 020 7517 3900