Knowing where to start with information security can be challenging. If you don’t have specialists in-house, it can be difficult to know whether you have good baseline security practices and controls in place and whether there are threats or vulnerabilities that you haven’t addressed.
Our security posture assessment services can help you understand whether your security posture is sufficient. We can help you identify and understand your information security risks, pinpoint areas for improvement and provide recommendations to follow. Because no two organisations are the same, we tailor every assessment to the client’s specific objectives. Common standards or guidance we use to assess an organisation’s security posture are as follows:
Before starting an assessment, we carry out a scoping exercise with you during which we’ll discuss and agree the standard or guidance to compare your security posture and security working practices against and the scope of the engagement. We’ll also discuss and agree the number of consultancy days required to deliver the service. The number of days will depend on the type and scope of the assessment and your objectives.
A specialist information security consultant will scope and lead the engagement. The consultant will be supported by other specialists where appropriate (such as data protection specialists).
At the outset we gather information about your organisation. This is important to understanding the nature and sensitivity of the information assets you hold, the information systems you use, the regulatory environment in which you operate and the potential impact of a security incident on your organisation. During the assessment, our consultant will gather information from your stakeholders in a variety of ways, depending on the size, locations and nature of your organisation.
Once we have the required information, we’ll create and provide you with a written report setting out our consultant’s findings and prioritised recommendations. We measure your current state using our maturity model. We also arrange a post report review meeting with you, at which we’ll present our findings, answer any questions you have and discuss next steps.
Following your security assessment, we can support you to remediate the issues identified by our consultant. Our specialists can help prepare and manage an ongoing ‘get well’ programme of activities, assist with strategy and help with ongoing privacy programme management. We can also schedule follow-up assessments to help you track improvements in your security posture over time.