We provide a full range of services both individually or as a program to our clients to establish and operate cyber security programs that are structured, measured and manageable. Some of the services we offer in this space include:
Some organisations have small cyber security teams that typically report to an IT director or manager. These teams are often doing purely operational aspects to security and tend to lack strategic vision and often real issues are not effectively communicated to senior management.
To address these gaps, and understanding that some organizations do not have the budgets to hire full time Chief Information Security Offices (CISO), we offer this service to companies which includes:
Security strategic planning.
Executive engagement and stakeholder management.
Risk management and board reporting.
Flexible scope and terms that we tailor them to meet your needs and budgets.
Full Program Development
A number of customers are in a position where they recognize the need or have the beginnings of a cyber security program, but don’t have the in-house skillsets to develop a program. We assist our clients to build the requirements, set the baseline of control in place and get the foundation set for the program.
Additionally we get asked to implement the program and either operate it as a managed service or work with their teams in knowledge sharing and slowly transition the security operations from being outsourced to internally managed.
We are flexible to either model or a hybrid in-between.
Our focus on security is to ensure it supports business, not the other way around. Too many times we see technology being implemented without a clear understanding of what the business requirements were in the beginning.
We see clients struggling to connect real business impact and risk with cyber security. There always seems to be a disconnect between management and technology as to what is truly important to protect. To solve this we use impact assessments, both for the traditional IT world as well as Operation Technology (OT) systems. This enables us to provide a mechanism to measure the true impact to a business process of an IT or OT failure. This is one of the most valuable services to any organisation as it forms the basis for the application of controls and justifies any budgetary requirements. Additionally these impact assessments can be further used to develop business continuity and disaster recovery plans.
Strategy and Roadmap Development
We have a number of clients who turn to us to provide guidance on where budgets and efforts should be focused in coming years. We use various tools from rapid maturity assessments, previous audits and understanding where business is going to drive clear and concise strategic plans and by doing a slightly deeper dive we can develop your yearly roadmap of security activities that will improve the overall health and maturity of your program within set budgets.
Incident Response Planning
We work with many organisations to develop incident response plans that are easy to follow and specific to their organisation. Too many times we see generic plans that simply fail under severe attack due to complexity and confusion they cause. Our approach includes:
Development of simple flow diagrams
Identifying key decision makers and involving them in the process
Building technical triage playbooks to stem an attack or event in the shortest time possible
Providing tabletop testing services to walk the organisation through a simulated scenario
Numerous clients have provided positive feedback on the simplicity and ease of use our plans offer.