Governance
- Strategy – establishing business goals for information security compliance
- Security Architecture – creating security designs that address the necessities and potential risks involved in defined scenarios and ICT environments
- Policy and Standards – formally communicating and developing information security requirements to your users, service providers and governments
- Project Management – ensuring your information security systems are delivered on time and to the required standards
- Awareness Training – explaining to your users what they need to do to operate your systems securely
Incident Management
- Breach Investigation – reviewing your systems and processes to understand why a security violation occurred and how you can prevent it from happening again
- Forensic Analysis – detailed examination of your systems and data to determine the cause of an event while protecting evidence from contamination
- Social Engineering – using deception to manipulate individuals into divulging confidential or personal information
Penetration Testing
- Vulnerability Assessment – identifying unnecessary and vulnerable services running within your information systems and advising you on how to remediate them
- Black Box Testing – testing systems without knowledge of the internal functions
- White Box Testing – testing systems using information provided by the client
- Security and Training – Securing existing systems from intrusion and provision of technical training services
- Bespoke testing – where bespoke software is produced to test a specific threat.
- Useful in proving that software behaves in the way it is designed to
Assessment
- Risk Assessment – evaluating potential risks that may be present in an activity or information system
- ISO27001 assessment and certification – ISO 27001 is the international standard that sets out the specifications of an information security management system (ISMS) and a best-practice approach to addressing information security that encompasses people, processes and technology
- PCI DSS Assessment and Certification – PCI DSS is a set of security standards designed to ensure that all companies that accept, process, store or transmit credit card information maintain a secure environment
- GDPR Compliance – GDPR is a new (May 2018) regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU)
- Data Protection Compliance – ensuring that personal information is used in accordance with applicable rules and regulations
- Audits – assessing how well your company’s information systems conforms to a set of established criteria
- Design Reviews – determining the capability and adequacy of a system design to meet requirements, and to identify present and potential problems
- Readiness Review – confirming that a change or new system is ready to be released into the production environment.