|
While information security remains a hot topic in the news media, the day-to-day realities of assessing and managing information risks are mostly rather mundane and routine. It takes a patient and persistent team to design, implement and maintain a sensible approach to information security management. Systematic processes, coupled with suitable IT security systems and technical tools, definitely help but by far the most critical success factor is genuine senior management support for the information security and risk management professionals. This is an absolute requirement, in our experience, not a nice-to-have, but it is one that IT security professionals generally find hard to address from deep in the trenches. Negotiating adequate resources for information security in competitive commercial situations, for instance, goes beyond the experience of many security officers.
IsecT consultants have the experience, qualifications and skills either to work with your senior management to establish and manage a class-leading information security function from scratch, or to review, support and enhance your existing function. Our specialism and prime focus is ISO27k, the growing suite of international standards for Information Security Management Systems. We have helped clients:
-
Plan and initiate their ISMSs using the structured approach promoted by ISO/IEC 27001
-
Assess their information security risks and consider the range of possible approaches to avoiding or mitigating unacceptable risks using ISO/IEC 27005, looking always to optimise the cost-effectiveness of controls
-
Plan, write, approve and promulgate information security policies, procedures, standards and guidelines, designing and documenting a suitable blend of non-technical information security activities plus technical information security controls drawn from ISO/IEC 27002
-
Manage, assess/audit and maintain the controls, using security metrics advice from ISO/IEC 27004 (well possibly - it’s not actually much help).
IsecT’s broad focus on IT and information governance sets us apart from pure technology-based security consultancies. Our services address the human and strategic/business elements of information security including management and direction of the information security function itself as well as the classic IT security controls such as antivirus software and PKI systems. We offer assistance in areas such as information security strategy formulation, risk assessment/gap analysis, proactive risk management and change management, and contingency planning.
Take for example the integration of information security with IT development projects. Major activities of this nature don’t just happen by themselves: they need to be envisioned and planned, the resources justified to management, and the associated work led purposefully through the ever shifting sands typical of most project management environments.
|
