Information is an organisation’s most vital asset. If it is mishandled it can also become its most toxic liability. The challenge is to use information effectively, efficiently and securely. This requires every decision to gather, retain or share information to be based on sound Information Assurance (IA) principles.
IA is fundamental to modernising and transforming society in a way that empowers citizens, enables businesses to prosper and creates safe and reliable networks in government and industry. However in today’s economic climate there are huge pressures to make efficiency savings. IA must therefore provide real cost benefits rather than become an expensive barrier to service delivery. High profile data losses within government have brought IA to the forefront as each department now has to report on data security breaches in its annual report.
The use of cloud services brings new benefits to government but it also introduces new information risks. Without a coherent cloud strategy, moving to cloud hosting can expose personal and sensitive information to global attackers.
Over the last 10 years, our consultants have been assisting local and central government to identify and understand information risks. This in depth knowledge and experience has enabled us to develop professional services to help clients achieve business objectives through the effective use of IA.
Our services include:
- Risk assessment of information systems
- Review and development of Risk Management regimes that deliver real value to the business
- Advice and guidance on building sustainable and manageable security culture
- Advice and guidance on achieving compliance with national code of connections such as the Public Service Network (PSN)
- Cyber security health checks to gauge your exposure to cyber risk
- Privacy Impact Assessments
- Assessment of suppliers and service providers to ensure security requirements are met
- Physical security assessments
- Social Engineering assessments (including phishing attacks)
- Training for Senior Information Risk Owners (SIRO), Information Asset Owners (IAOs) and Accreditors
- IT Health Checks / Penetration Tests to identify technical security vulnerabilities in IT systems
- General Data Protection Regulation (GDPR) readiness assessments
- Cloud security risk assessments
- Cloud strategy development