Home Services Publications News About us Contact Recruitment Site map
Security Management Consultancy:
  Overview

  The Business Case

  The Case Study
Security Management Consultancy:
Business Case

Overview

The biggest threat to information security is people's lack of awareness of its importance.

Several major 2003 and 2004 reviews of information security recognise the following:
  • 70% of all information security threats occur from within an organisation.
  • 40% of organisations are likely to have had the integrity of one or more systems compromised by an information security incident in the last year.
  • 80% of large organisations have established an information security management strategy, but less than 50% of these organisations have received sufficient buy-in from the rest of the organisation to implement it.

    "Security and privacy are not necessarily mutually supportive. In several respects, the more information security we introduce, the greater the threat to individual's privacy. This paradox is no better represented than in the debate over the introduction of identity cards in Britain at present"
    Trevor Lea-Cox, Global Information, Systems and Technology consultant (Planning and Strategy, Intellectual Capital Management and Information Security Management)

    MWR InfoSecurity's information security management implementation framework is designed to integrate with established corporate disciplines, especially the organisation's strategy development and approval process. The following is a summary of the overall Information Security Management process in this context.

    Key activities:
    1. Plan the initial set up project
    2. Identify the current information security risks and their context
    3. Review the performance and condition of the current information security management infrastructure
    4. Identify / update the information security Policy and Strategy
    5. Identify / update the ISMS Operating and Development Plans
    6. Obtain Board approval for these plans as part of the organisation's main strategy development process
    7. Implement the ISMS Development Plan
    8. Manage and operate the ISMS




    Information Security:
    Some Challenging Issues and Questions

    The following questions and issues provide a good background for a sensible discussion about information security:
  • Where in your organisation is its most valuable information? Where is the most sensitive information?
  • Can information security protect your organisation's intangible value, especially your organisation's knowledge?
  • Can the IT department be charged with ownership of and accountability for information security if they don't have full control over the organisation's information?
  • Can an information security policy be implemented without legal guidance? Why do organisations with information security management systems in place still suffer breaches of their information security?
  • How many information security policies fail because of a lack of buy-in from key members of staff? Who are these key members of staff?
  • If Users of IT are not well trained can an information security management system still be effective.


    Deliverables

    We deliver a project to set up an information security management programme that:
  • is ISO 17799 compliant
  • has a flexible time-frame
  • builds on your existing security management infrastructure
  • complies with relevant national/local legislation/regulations.

    Key project deliverables are:
  • An appropriate Information Security Policy that is easily kept up-to-date
  • Recommended key supporting standards
  • Commercial and technical information security risk assessments
  • An appropriate information security management Strategy and ISMS development plan
  • The information security management Process
  • A summary of organisation-wide responsibilities for information security and guidelines for the implementation of the information security management system (ISMS)
  • Organisational awareness of implications of an ISMS
  • Full project documentation

    The project consists of a series of one-day workshops, interspersed with preparatory work. Typically the project is completed within 1-2 months and is managed and facilitated by a senior consultant.

    The workshops encourage (and in many instances, require) managers from other functions to participate. Their input is often critical in gaining organisation-wide commitment.


    MWR InfoSecurity Information Security Management programme:
    Key Benefits

    A greater awareness of the organisation's information security issues and exposures, especially at the Board level. Key exposures are identified and addressed on a priority basis. This often leads to some "quick wins".

  • The Information Security Policy, Risk Logs, Statement of Applicability and ISMS Development Plans are developed in a way that is easy to maintain
  • Key supporting standards are identified and established
  • Key legislation and regulation is identified and addressed
  • The Corporate Risk Log is updated
  • The ISMS Development Plan is structured to utilise the existing information security infrastructure wherever possible and to minimise the cost of development of any new information security infrastructure.
    On Top
    		•
    Penetration testing
    Application Security Testing
    Wireless Testing
    Fasthold Vulnerability Assessment
    Load Testing
    Security Management Consultancy
    Firewall Testing
    Internal Penetration Testing
    Physical Testing

     
    home       services       news       about us       contact       recruitment       sitemap

    MWR InfoSecurity St Clement House Alencon Link Basingstoke Hants RG21 7SB
    Tel: 01256 300920   Fax: 01256 844083