Trusted Security Advisor Services.

As organisations become more reliant on information technology, they face a multitude of challenges in ensuring the data held or processed by the organisation is secure from unauthorised disclosure or modification and available to the right people when they need it. Both the public and private sector are subjected to legislation such as the Data Protection Act, Industry standards such as PCI DSS and ISO/IEC 27001 and sector specific standards such as the Cabinet Office Security Policy Framework (SPF) for government agencies.

Information security projects often fail to deliver the results expected by the business due to a number of issues including: Security requirements driven by the IT department rather than by the business;

• Lack of a clear strategy for information security;
• Lack of management buy in;
• Data assets are not identified or valued;
• Poor security awareness within the organisation;
• Poor security culture;

As a result, businesses tend to either over protect data assets by applying a blanket approach to security or not protect them enough by not identifying the critical assets.

Effective security is a risk based mechanism. Security controls must be applied in a proportionate and appropriate manner based on a risk assessment.

In order to manage risks effectively, information security must be properly integrated into business management such that it adds value to the business throughout the life cycle of the information systems containing the data.

Aristi has developed the Trusted Security Advisor service to assist organisations to implement sustainable and manageable security programmes. Under this banner we are able to offer strategic level consultants with the following key strengths:

• Technical experience to understand the information systems being protected;
• HMG Standards and industry best practice knowledge to establish which controls are applicable and how best to implement them in a pragmatic and appropriate manner;
• Business expertise to appreciate how information security can be integrated into business processes adding value to our clients;

• Customers can draw on our wealth of experience of developing successful security programmes within the public and private sector;
• We work in partnership with our clients to help solve their problems and aim to develop long term relationships where customers can call on us whenever they need specific expertise;
• Our consultants provide objective advice and guidance and can assist by identifying options for implementing secure solutions that deliver substantial business benefits;

Our TSA services include:

• Assistance in developing business cases, requirement specifications and tender evaluations;
• Identification of information security requirements for outsourcing agreements Development of IT Strategy;
• Advice on new and emerging technologies such as cloud computing and the Public Sector Network (PSN); Technical expertise for reviewing security architecture;
• Assessment of service providers to ensure they are providing the services they are contracted to provide;
• Assessment of accreditation services and security programs and providing recommendations on how an effective and sustainable accreditation function can be established;
• Development of security awareness programs and delivery of training sessions to management and staff;
• Development and implementation of security policies and procedures that meet business requirements and industry standards;
• Expertise to identify and value key data assets and conduct risk assessments;
• Physical security assessments of buildings and server rooms