An effective management system is essential to the success of your security arrangements. We can assist you at all stages in the development of your information security management system.
The starting point for effective security is a detailed Information Security Policy. This should then be backed up with more detailed procedures for specific topics.
If you are creating policies for the first time, we have templates which will speed up the process and ensure you are covering all the required areas. We can work with you to tailor these templates to your company.
If you have existing policies which are due for review (annual reviews are recommended), we can help you identify areas that need to be updated and incorporate current best practices.
Maintaining the security of your organisation is very much a team effort and involves EVERYONE.
As technical security measures become more and more sophisticated, attackers increasingly focus on the weakest link in the systems: people.
As regulatory powers evolve and potential penalties for data breaches increase, it becomes ever more important to train your staff and be able to demonstrate that you have done so.
We offer various training and awareness packages ranging from face-to-face training sessions to customised online awareness programmes. Take a look at our recent blog to understand how these can be combined with our Phishing Security Tests to measure the effectiveness of the training and focus efforts on the weakest areas.
Business Continuity planning allows a company to make informed decisions about the impact of potential adverse events, in order to balance the level of risk with the cost of reducing the risk.
It starts by identifying risks which could affect the business’s ability to operate fully (or at all). The impact of each risk is then assessed and possible risk responses (accept, reject, transfer, mitigate) are decided.
Disaster Recovery plans are then developed to ensure that the company has a viable way to recover quickly and effectively from the identified adverse events. These plans should be tested regularly to ensure they remain accurate and adequate.
We have experience with this whole process and can work with you to define your business continuity plans.
Mobile devices with access to business information are now common place. As a small business, you may also allow your staff to use their own device to access company data (so-called BYOD or bring-your-own-device).
Managing the business data on these devices is an important part of your security arrangements. Do you know who has which business data on which devices? Is the data encrypted on the device? Are you able to remotely wipe the data or the entire device?
We can help you define appropriate policies and implement effective procedures to manage mobile security.
For organisations which want to outsource their Security Management, we offer a Virtual (C)ISO service.
Our service gives you a named individual who will get to know your business and your Security Management system. That individual can then operate in an advisory role as an Information Security Officer (ISO) reporting to your in-house CISO, or can take on the CISO role, as you prefer.
For smaller organisations, this arrangement often makes more sense than looking to recruit and retain a full-time in-house CISO, and is certainly more flexible.
We can structure packages depending on the level of support you envisage needing, and then adjust over time as we gain experience of working together.