Information Security
Our Info Sec Consulting Services:
Our Information Security experts can assist you in building resilience by providing services to:
Capability Assessment
-
Documents your current capability against best practices and any required remediation in the form of a roadmap.
-
Good starting point if you are uncertain how to or where to start
Education
-
Train your people on Information Security and the required processes
Information security and related policies
-
Minimum Required Policies:
-
Information security
-
access control
-
information classification
-
physical and environmental security
-
end user oriented topics such as:
-
acceptable use of assets
-
clear desk and clear screen
-
information transfer
-
mobile devices and teleworking
-
restrictions on software installations and use
-
-
backup
-
information transfer
-
protection from malware
-
management of technical vulnerabilities
-
cryptographic controls
-
communications security
-
privacy and protection of personally identifiable information
-
supplier relationships
-
Applicability Assessment
-
Determine what controls are applicable to your organisation and what are not
Risk analysis
-
Undertake Risk analysis on key assets to determine risk treatment plan
Procedures
-
Create Procedures for:
-
Organisation of Information Security
-
Human Resources
-
Asset Management
-
Access Control
-
Cryptography
-
Physical & Environmental Security
-
Operations Security
-
Communications Security
-
System Acquisition, Development and Maintenance
-
Supplier Relationships
-
Information Security Incident Management
-
Information Security Aspects of Business Continuity Management
-
Compliance
-
Reference Sources:
ISO IEC 27001-2013 Information technology - Security techniques - Information security management systems – requirements
ISO IEC 27002-2013 Information technology - Security techniques - Code of practice for information security management