Information Security Consulting

Information Security Consulting is a discipline that focuses on assisting organisations on how best to secure digital assets to ensure the health and wellbeing of a business, through the reduction of risk exposure.

What are the key building blocks to a healthy security conscious posture?

The key areas of concern to an Information Security Consulting are detailed below:

  1. Information Security Risk Assessment: this is a process required to identify threats, vulnerabilities, attacks, probabilities of occurrence and the most likely outcomes.
  2. Information Security Strategy: Every organisation needs a plan to mitigate risk. This is done by combining technology, policies, procedures and awareness into an on-going Security Strategy that is continuously refined..
  3. Security Controls Implementation: The actual implementation of the Security Strategy that will enforce the required or appropriate response. This is a policy, technology tool or awareness program, or a combination thereof.
  4. Security Testing: Is the measurement of the effectiveness of the Security Strategy and subsequent controls that have been implemented.
  5. Monitoring and Updating: To ensure on-going security readiness we need to continuously be gathering and analysing security events to mitigate against new threats, vulnerabilities and possible direct and targeted attacks. The information and data gathered needs to feed into a risk and governance framework. This ensures constant assessment of the security posture in line with the Security Strategy.
Why does an organisation need an independent Information Security resource?

Every organisation should have individuals concerned with Information Security. In fact there likely multiple individuals, each with their own opinion on how best to implement an Information Security Program. This is not necessarily an issue but can certainly impact how efficiently decisions get made.  What is key is the ability to make the correct decision for the organization. What is also key is that the decisions need to be agnostic of any political alignment within the organization and they need to be independent and based on industry best practice.

iDatasec – Changing the Threat Landscape

iDatasec can provide up-to-date knowledge of security best practices and the latest security technology as iDatasec have an unbiased view on security technology and will be able to advise on what is fit for purpose.

iDatasec do not have political affiliations within an organisation, and thus have no need to temper opinions. iDatasec can “tell it like it is” without fear of retribution. Many security managers are afraid to bring up important issues within their organisation because they are concerned with alienating their peers or impacting business operations.

Finally, iDatasec have the ability to focus efforts on a single project and do not have to juggle the multitude of daily responsibilities that the security manager may have. Activities such as developing or setting up a Digital Forensic Readiness Program or architecting an Information Security Strategy or Framework to present to the board.

Protecting the Right Assets from the Right Threats with the Right Measures

Discover the threats that are likely to have the greatest impact on your organization, and learn strategies to mitigate risk while meeting compliance goals.

The iDatasec Risk Assessment identifies and analyses the convergence of assets, threats, and vulnerabilities to present a comprehensive evaluation of your current risk profile.

The point of a Risk Assessment is to identify the presence and relative value of risk, so that the appropriate risk management strategies are utilized. Risk management strategies must reduce risk to a level that minimises the possibility of catastrophic emergencies.

Measures

Discover the threats that are likely to have the greatest impact on your organization, and learn strategies to mitigate risk while meeting compliance goals.

The iDatasec Risk Assessment identifies and analyzes the convergence of assets, threats, and vulnerabilities to present a comprehensive evaluation of your current risk profile.

The point of a risk assessment is to identify the presence and relative value of risk, so that the appropriate risk management strategies are utilized. Risk management strategies must reduce risk to an acceptable level

Process

The information gathering process focuses on the three key risk components: assets, vulnerabilities, and threats

Asset Identification

The goal of a Risk Assessment is to identify the risk to critical business operations. The first step in the Risk Assessment is to identify the assets that support critical business operations.These assets could include physical and logical assets such as data center systems, employee computers, network communications devices and channels.

Vulnerability Assessment

Threats cannot impact assets unless the assets are vulnerable to the specific threats.

Mitigating controls may be in place, reducing the likelihood of a threat exploiting a given asset. Understanding the types of vulnerabilities that exist on critical assets is a key step in risk assessment.

Threat Identification

Threats are individuals, groups, or external events which can impact assets. Threats can take many forms, including people (such as insiders or internet users), technology (such as worms or Trojans), and events (such as flood or fire).

iDatasec works with your company to identify the threats that may impact identified assets.