top of page

Information Security 

Our Info Sec Consulting Services:

Our Information Security experts can assist you in building resilience by providing services to:

Capability Assessment

  • Documents your current capability against best practices and any required remediation in the form of a roadmap.

  • Good starting point if you are uncertain how to or where to start

Education

  • Train your people on Information Security and the required processes

 

Information security and related policies

  • Minimum Required Policies:

    • Information security

    • access control

    • information classification

    • physical and environmental security

    • end user oriented topics such as:

      • acceptable use of assets

      • clear desk and clear screen

      • information transfer

      • mobile devices and teleworking

      • restrictions on software installations and use

    • backup

    • information transfer

    • protection from malware

    • management of technical vulnerabilities

    • cryptographic controls

    • communications security

    • privacy and protection of personally identifiable information

    • supplier relationships

 

Applicability Assessment

  • Determine what controls are applicable to your organisation and what are not

Risk analysis

  • Undertake Risk analysis on key assets to determine risk treatment plan

Procedures

  • Create Procedures for:

    • Organisation of Information Security

    • Human Resources

    • Asset Management

    • Access Control

    • Cryptography

    • Physical & Environmental Security

    • Operations Security

    • Communications Security

    • System Acquisition, Development and Maintenance

    • Supplier Relationships

    • Information Security Incident Management

    • Information Security Aspects of Business Continuity Management

    • Compliance

Reference Sources:

 

ISO IEC 27001-2013 Information technology - Security techniques - Information security management systems – requirements

ISO IEC 27002-2013 Information technology - Security techniques - Code of practice for information security management

bottom of page