SRM Service Guide. Smart Security. Smart Compliance. Service Guide

Transcription

1 SRM Service Guide Smart Security. Smart Compliance. Service Guide Copyright Security Risk Management Limited

2 Smart Security. Smart Compliance. Introduction Security Risk Management s (SRM) specialists cover the full scope of the Governance, Risk and Compliance agenda such as information assurance to UK Government, NATO, PCI DSS, N3 and ISO standards, business continuity, operational risk management and computer & network forensics. This broad portfolio allows SRM to provide an effective service, making the most of consultants skills and offering you better value for money. Having one service provider also improves project accountability and delivery by minimising any potential disruption to operations. Having multiple service providers on site could result in a duplication of effort, investment inefficiencies and conflicts of interest. SRM experts, drawn from the private sector, police service, armed forces and government agencies, offer an exceptional skill-set and depth of experience, all delivered to a first-class level of service. SRM s existing clients, who range from small and medium size businesses to government departments, charities and other non-commercial institutions, trust SRM because we deliver what we promise. Copyright Security Risk Management Limited 1

3 SRM Service Guide Service deliverables With a wide range of knowledge and practical experience, our consultants are ready to help you understand the risks to your information assets and manage them effectively. Consultancy Services Virtual Chief Information Security Officer (VirtualCISO TM ) VirtualCISO TM provides a cost effective bespoke portfolio of professional services supporting, resourcing and advising CISOs on all practical and strategic aspects of Information Security. Access your own VirtualCISO TM team led by an individually-assigned senior IS consultant who will be your key contact throughout Engage with experienced highly qualified consultants to develop, enhance and refine a comprehensive information security strategy Prioritise activity through an analytical audit of your existing risk, compliance and security frameworks Develop and deliver senior-level presentations detailing your security posture to key stakeholders Assess and develop the information security skills of your wider team Co-ordinate any security breach or incident investigations within a remedial, preventative strategy Benefit from a pragmatic and collaborative relationship where trust is key: you will never be pressured to utilise services you do not need Draw on the expertise of the wider SRM team if required including penetration testing, PCI compliance and Cyber Essentials Organisational Risk Profiling & Management Our experienced consultants understand all relevant compliance requirements and, through a collaborative consultative process, will determine a proactively managed strategic plan aligned with your organisation s risk posture and business goals. Copyright Security Risk Management Limited 2

4 Smart Security. Smart Compliance. Security Programme Design and Health Checks / Information Security Strategic Guidance, Policy Design and Health Checks A detailed security analysis identifies gaps, providing SRM with the foundation on which to build an innovative bespoke security programme, balancing business objectives with the need to manage information security proactively. We also identify the critical security risks and challenges presented by emerging technologies, creating a strategic roadmap to mitigate immediate and potential threats to secure customers and partners. Disaster Recovery (DR) Planning & Health Checks To ensure minimal disruption, SRM develops a resilient future state model, based on an evaluation of your current operating state. Understanding that all plans should be tested, we ensure that our jointly created DR plan is safely invoked to demonstrate its effectiveness. Information Governance At SRM we understand that regulatory compliance and/or litigation are the usual drivers for an IG Programme. However, through efficient management of easily accessible data and only retaining what is essential, companies can make tangible cost savings via storage efficiencies and significantly reduce their risk profile. Dedicated Customer Support Portal The SRM portal initiative is free to VirtualCISO TM clients and invited participants. It provides best practice, thought leadership, Q & A, legislative and security breach news with remediation techniques where applicable. Business Continuity Planning (BCP) & Health Checks Our BCP consultants are either Members or Fellows of the Business Continuity Institute and will evaluate existing BC plans and stress test via a business impact analysis process providing a gap analysis and risk profile/analysis to create an enhanced plan. Our health check focus is to ensure mission critical services for your customers are recovered in a timely, ordered manner. Improve Internal Information Security expertise via thought leadership, C-level mentoring and team/individual mentoring and coaching At SRM we have created a team of consultants from multiple sectors bringing a range of relevant deep sector experience to our delivery assignments whilst providing thought leadership via both our blogging, C-level mentoring and VirtualCISO TM programmes. Our team can help you structure and design a coherent Information Governance framework which enables you to get the most from your existing investment and focus future investment on delivering effect that supports your corporate objectives. Copyright Security Risk Management Limited 3

5 SRM Service Guide Compliance Services General Data Protection Regulation (GDPR) & Data Protection (DP) GDPR applies to any country processing EU data and will impact on virtually every UK business. Compliance preparation in readiness for May 2018 is therefore key. SRM provides data discovery solutions supported by expert consultants to ensure full compliance with GDPR. Payment Application Data Security Standards (PA DSS) Our PCI PA-DSS certified consultants can advise on payment application software design and review existing software to ensure your payment application stores, processes or transmits cardholder data in a PCI DSS compliant manner. Cyber Essentials (CE) Cyber Essentials (CE) is a government-backed, industry supported scheme to help organisations protect themselves against common cyber-attacks. SRM can support you in becoming CE certified which is a mandatory requirement for organisations wishing to undertake work for government departments and agencies. Payment Card Industry Data Security Standards (PCI DSS) SAQ to full RoC We have one of the largest teams of QSAs in Europe. We conduct your PCI assessment in order to validate and maintain your compliance with the PCI DSS. We also provide guidance in an advisory role to review any gaps between your documentation, policies, training, IT systems, processes and the requirements of the PCI DSS. Not only does PCI DSS compliance provide you and your customers with the peace of mind that data is secure; failure to adhere to the PCI DSS requirements could result in a loss of customer trust and enforced PFI investigations and fines. ISO Lead Auditor & Pre-Audit preparation SRM understands that the broad applicability of ISO can make the correct application of the Standard to any organisation a challenge. We have experienced Lead Auditors who, using gap analysis and an action plan will guide you on the scope, the appropriate controls required and undertake pre-audit activities to ensure you are well placed to achieve accreditation. Information Security (IS) Awareness Training SRM offers bespoke courses to develop your teams IS awareness; aligned to your business to ensure all stakeholders understand the on-going importance of IS to business operations. SRM also provide cost effective e-learning course options. Copyright Security Risk Management Limited 4

6 Smart Security. Smart Compliance. Information Security Testing & Compliance Bespoke Penetration Testing Not only does your system need to be secure; it needs to be seen to be secure. We work with you to understand your business requirements to develop a test plan which satisfies all stakeholders that your web and supporting infrastructure are secure. Our service considers external and internal threats using proven tools to simulate attacks on your infrastructure. Websites and associated applications Third party applications Firewall, IPS & IDS Evasion Company and client wireless solutions Internet of Things (IOT) both devices and management infrastructure End user device testing including printers and other peripheral devices Mobile applications (IOS/Android & Windows), including OWASP Top 10 Mobile Risks Social engineering (to fully test your IS awareness policies) Telephony / VoIP systems (on premise and hosted solutions) We hold a range of accreditations both at a company and individual level including QSA, PA-QSA, CISSP, Cyber Essentials (IASME) and Tiger. Our deliverable to you will be a comprehensive but easy to understand detailed breakdown of all your results presented by a consultant in an easily interpretable report. It will identify the threats in a jargon free manner so that we can work together to mitigate the key risks to your business. Vulnerability Assessment SRM provides a leading web application and infrastructure scanning tool which automates the discovery of security flaws within network perimeters to quickly identify any required remediating actions. Web Application Testing Testing a web application is key to ensure malicious attack attempts don t exploit poor configuration, out of date patching, cross configuration issues, cross site scripting attacks or injection attacks. Network Security Testing Your network (wired, wireless and cloud based) is the business connectivity you rely on. Regular and robust testing will identify any risks to the backbone of your operation. SRM s network testing methodology includes: Routers, switches, firewalls (both physical and software based) and Wi-Fi access points internal and external to the organisation Remote access solutions and Virtual Private Networks (VPN) Company telephony solutions, including Voice Over IP (VoIP) and any mobile solutions in scope Review of Operating Systems, patching policies and change governance process Cloud deployed services including client access as appropriate Web serving applications including any in scope databases Copyright Security Risk Management Limited 5

7 SRM Service Guide Incident response PCI Forensic Investigation (PFI) SRM is one of only 19 PCI PFIs in the world and one of the top three PCI PFIs operating from the UK. SRM provides pragmatic and collaborative management of the PCI DSS requirement, supporting your business following any breach and offering effective remediation services. Digital Forensic & Investigative Services From forensic laboratories in Rugby and Newcastle, SRM provides services for institutional and private clients. From large scale criminal investigations spanning the globe to personal investigations for individual clients, our team is skilled in all technology platforms. SRM will be ISO compliant by October Incident Hotline & Remote Support On hand 24/7 x 365, our dedicated response team provides professional, pragmatic and strategic support in the event of any type of incident, enabling you to focus on your business activities. Retained PCI Forensic Investigation (PFI) Service SRM offers a bespoke retained PFI service, working proactively through regular strategic reviews to develop enhanced risk mitigation and ensure rapid remediation and minimal disruption in the event of a breach. Security Breach, Incident Management & Containment Support (On-site & Remote) Breaches happen. But having the right team on hand to identify, analyse, correct and report on incidents saves money and reputation while reducing future risk and freeing you to continue to trade. e-discovery and Data Cleansing including Consultancy supported Remediation Services SRM has the complete solution for the identification, remediation and monitoring of sensitive personal data across your entire network. We work with you to reduce the risk of a data breach by containing the valuable customer, employee and payment information hackers are after, and simplify the processes required to make security a business-as-usual practice for your organisation. Emergency? Call our incident response team on Don t hesitate to call our team if you have a problem. We re available 24 hours a day, 7 days a week. To find out more... Call us on Visit us at srm.solutions.com us info@srm-solutions.com Copyright Security Risk Management Limited 6

8 Smart Security. Smart Compliance. srm-solutions.com T F E. Cyber Security Suppliers to Copyright Security Risk Management Limited. All rights reserved. Company registration number: Newcastle upon Tyne The Grainger Suite, Dobson House Regent Centre Gosforth Newcastle upon Tyne NE3 3PF Midlands Sir Frank Whittle Business Centre Great Central Way Rugby Warwickshire CV21 3XH London Portland House Bressenden Place London SW1E 5RS