Business overview
Our client is a world leader in speciality chemical manufacture. They supply leading global brands and contribute heavily to the manufacture of other companies products.
Background
Our client was keen to develop and implement a sound Information Security Management System (ISMS). Of the consultancies that our client contacted (including the Big 4) MWR InfoSecurity was chosen for its demonstrable knowledge base and its down-to-earth pricing.
Details of service delivered
Our client contracted MWR InfoSecurity consultancy to enable improved Information Security Management. The first stage in this process was the creation of an ISMS and Policy.
In order to establish the likely benefits of such a project our client's intangible value needed to be established (using standard financial reporting data).
Information Security has a significant impact on the Intangible Value of an organisation. For publicly quoted companies this is easy to calculate and is a useful guide to the value of an Information Security Management programme. In our client, this exercise indicated initial potential benefits to its Market Value in excess of £1m. The project began with 2 stages:
Stage 1:
Production of the Corporate Risk Assessment and draft Information Security Policy
Stage 2:
Production of a detailed, technical risk assessment which is compliant with ISO 17799, an Information Security Management System Framework, Strategy and Development Plan.
A profound effect of the security consultancy was the buy-in gained from non IT management. This is critical to the success of an ISMS.
Expectations
Identify the areas of greatest Information security risk
Identify key Information, Systems and Technology configuration management requirements
Increase the level of awareness and support for Information Security Management issues
Problems solved / Outcomes
The benefits that cur client gained from the consultancy project are:
Staff and suppliers became more aware of the value and confidentiality of company information and the need to protect it.
Management gained better control over the storage and distribution of information.
Sensitive client and supplier owned information used by the organisation is safer
The organisation's information required by third parties is better protected.
Greater awareness of the implications of relevant legislation and regulation.
Management know how to identify and respond to a breach in information security. In turn this helps to reduce significantly the likelihood of damaging stability incidents.
There is less chance that any white-collar crime will remain undetected and more chance that it will be detected early and even prevented.
It provides a strong basis on which to negotiate more relevant and cost-effective digital insurance cover where this is required.
These benefits will combine to help to preserve a significant proportion of our client's intangible value that would otherwise dissipate through deliberate or accidental attacks and misuse and hence it helps to protect its market value, i.e. the wealth of all its stakeholders, especially shareholders. |
