All organisations are different and our services aim to help you determine where you are and help you give steps forward in improving your security posture, not tell you everything you're not doing or could be doing. Moving forward is the only sustainable strategy.

01. Strategic advisory

Component description

Taking in consideration your business and your businesss situation and capabilities,we will help you determine your risk appetite, we will assess your current security and privacy posture and advise on an actionable plan or provide insights to support your informed decision making.

Measures of success

Senior understanding of the current security and privacy posture and understanding of risk appetite as driver for control applicability and security and privacy investment.

02. Security process improvement

Component description

We will advise on process changes, using techniques such as value-chain analysis and Wardley Mapping applied to Information Security and Cyber Security, to ensure your security or operation teams are as efficient as they can and focused on value-add activities whilst identifying constraints or opportunities to standardize or automate process elements for quality and speed.

Measures of success

Improved processes on time and quality required, reduction of touchpoints and improved customer experience. Improved job satisfaction by aiming to eliminate or automate non-value add activities.

03. Recruitment Support

Component description

We will understand your recruitment needs and interview candidates independently to ensure you only spend time with suitable candidates that have been vetted by true information security professionals. It takes one to know one.

Measures of success

Security talent that is vetted by another seasoned information security professional increasing the likelihood of fit.

04. Cyber Security Policies and Standards

Component description

We will work with you to either create or revise your Information Security, Cyber Security and/or Data Protection and Privacy policies and standards in order to ensure there's clear management direction to support meeting your control as well as enablement objectives (where security could and should be enabling your organisation) and embedding them in your business operations.

Measures of success

Security and privacy policies that reflect what the organisation is willing to fund and manage exceptions to or, alternatively, risk manage. Security standards that are defined and applicable by the organisation in its operations.

05. Privacy by design and by default

Component description

We will work with your business and assess how the principles of Privacy by Design and Privacy by Default can be enacted throughout your organisation. We will assess your technology platforms and business processes to ensure personal information is appropriately treated and secured, and personal information is minimized across your infrastructure.

Measures of success

Organisational processes that consider security and privacy implications in both transformation and operations. Ensure the principles of data minimization and the appropriate controls based on an assessment of your organisation to support a risk-based approach.

06. Threat modelling and risk assessments

Component description

We will do a deep-dive into a particular area of your organisation you may have concerns or wishing further assurance of security and privacy posture, by identifying threats and risks. This will be a combination of assessing impact and likelihood of events, as well as applicable and applied controls and their effectiveness.

Measures of success

Assurance of the threats, risks, applicable and applied controls and advice provided for appropriate risk treatment options. Pragmatic approaches to reducing risk or for continuously monitoring the possibility of materialization.

07. Compliance gap analysis and B2B contract reviews

Component description

Depending on your level of maturity, we will work with your organisation to determine the appropriate standard of reference to aim for which can include NCSC guidance, ISO 27001, NIST, Cloud Security alliance, PCI DSS or others. We will advise you on scope, applicability and gather evidence to assert your compliance to these frameworks. Similarly, for B2B organisations, we will support the review of your key contracts to assert current compliance and identify any contractual or regulatory risks

Measures of success

Senior management understanding of the "next milestone" in their compliance maturity to enable security as a business journey. Understanding of how the organisation measures against industry recognised security standards. Validation of controls or risk identification in how organisation is meeting their security and privacy contractual requirements.

08. Cyber Risk Managment

Component description

We will either establish, revisit or support your Cyber Risk management policies and procedures, to ensure security and privacy matters are discussed by your senior team on a regular cadence, tracking actions and outcomes with a view to continually improve your posture and reduce risk.

Measures of success

Senior management governance of cyber security risks and continuous treatment as well as on-going risk identification.