This is a fast moving practice with new risks and exposures growing exponentially. Our efforts focus on key areas – employee training and awareness – security and control design in systems and services – monitoring and protection services, audit, assurance and compliance.
Employee awareness training is a most critical element. Our classroom and on-line offerings include specialized modules for employees at large, individuals than handle “most confidential” information, systems developers and systems administrators.
Design of security and controls in systems and services requires skilled risk assessments, clear categorization of severity levels, standardized and simplified controls by risk category, and particular rigor for identity, access management and disaster recovery services. Many clients have become increasingly interested in Information Security Controls certification based on ISO or NIST which we offer as a service.
Monitoring and protection services are now vital and typically include establishment of a Security Operating Centre (SOC) and deployment of Security and Event Management (SIEM) services. These address intrusion detection, incident management and recovery. There is a vast and growing array of industry vendors, technologies and services that are difficult to keep up with. Our practice stays abreast of latest developments and can advise on what are deemed most effective.
Compliance and assurance have become vital elements in Security and include audits both with internal audit and with external auditors, assurance that controls have been properly implemented, and compliance to local legislation. Ethical hacking has also become a regular tool for compliance assessment.
New EU Privacy legislation is effective as of May 2018. It is called the GDPR (General Data Protection Regulation) and represents an expansion of previous privacy legislation. It comes with expanded reach and more serious penalties for non-compliance. While it primarily applies to businesses established in the EU it also applies to businesses based outside the EU that offer goods & services to, or monitor individuals in, the EU. Implementation delivers best practice in Privacy and this can have business value for a company beyond just compliance. Our Audit, Security and Controls practice has been expanded to include GDPR readiness assessment and compliance implementation.