SRM Service Guide. Smart Security. Smart Compliance. Service Guide

Similar documents
Data Sheet The PCI DSS

BHConsulting. Your trusted cybersecurity partner

BHConsulting. Your trusted cybersecurity partner

Security Awareness Training Courses

CYBER RESILIENCE & INCIDENT RESPONSE

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

IT Governance ISO/IEC 27001:2013 ISMS Implementation. Service description. Protect Comply Thrive

GDPR Update and ENISA guidelines

locuz.com SOC Services

Cyber Security Strategy

IoT & SCADA Cyber Security Services

DIGITAL TRUST Making digital work by making digital secure

Background FAST FACTS

Manchester Metropolitan University Information Security Strategy

Digital Health Cyber Security Centre

GDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool. Contact. Ashley House, Ashley Road London N17 9LZ

CyberSecurity. Penetration Testing. Penetration Testing. Contact one of our specialists for more information CYBERSECURITY SERVICE DATASHEET

Staffing Services UnderDefense your source of experienced professionals to solve security staffing challenges today

New Zealand Government IBM Infrastructure as a Service

Run the business. Not the risks.

Security by Default: Enabling Transformation Through Cyber Resilience

Sage Data Security Services Directory

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

to Enhance Your Cyber Security Needs

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

External Supplier Control Obligations. Cyber Security

Security In A Box. Modular Security Services Offering - BFSI. A new concept to Security Services Delivery.

falanx Cyber ISO 27001: How and why your organisation should get certified

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

New Zealand Government IbM Infrastructure as a service

Securing Your Digital Transformation

Information Security Controls Policy

Cyber Resilience. Think18. Felicity March IBM Corporation

Department of Management Services REQUEST FOR INFORMATION

IT Information Security Manager Job Description

Cyber Security and Data Protection: Huge Penalties, Nowhere to Hide

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Customer Breach Support A Deloitte managed service. Notifying, supporting and protecting your customers through a data breach

Crises Control Cloud Security Principles. Transputec provides ICT Services and Solutions to leading organisations around the globe.

INFORMATION SECURITY GOVERNANCE, RISK & COMPLIANCE CLOUD CONSULTING SERVICES CIO & CISO SERVICES. forebrook

CCISO Blueprint v1. EC-Council

Your Trusted Partner in Europe European Business Reliance Centre

Cyber Security Technologies

DELIVERING SIMPLIFIED CYBER SECURITY JOURNEYS

Security

EU General Data Protection Regulation (GDPR) Achieving compliance

CYBER SECURITY AIR TRANSPORT IT SUMMIT

What every IT professional needs to know about penetration tests

Enhance Your Cyber Risk Awareness and Readiness. Singtel Business

Business Continuity Management: How to get started. Presented by: Tony Drewitt, Managing Director IT Governance Ltd 19 April 2018

THE CYBER SECURITY PLAYBOOKECTOR SHOULD KNOW BEFPRE, DURING & AFTER WHAT EVERY DIRECTOR SHOULD KNOW BEFORE, DURING AND AFTER AN ATTACK

SOLUTION BRIEF Virtual CISO

Automating the Top 20 CIS Critical Security Controls

Industrial control systems

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Penetration Testing. Strengthening your security by identifying potential cyber risks

EUROPEAN ICT PROFESSIONAL ROLE PROFILES VERSION 2 CWA 16458:2018 LOGFILE

Protecting your data. EY s approach to data privacy and information security

HCL GRC IT AUDIT & ASSURANCE SERVICES

IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats.

Cybersecurity Risk Mitigation: Protect Your Member Data. Introduction

Cyber Security Audit & Roadmap Business Process and

Forensic analysis with leading technology: the intelligent connection Fraud Investigation & Dispute Services

Position Title: IT Security Specialist

Cyber Security. Building and assuring defence in depth

Nine Steps to Smart Security for Small Businesses

TRUE SECURITY-AS-A-SERVICE

Will you be PCI DSS Compliant by September 2010?

Global Security Consulting Services, compliancy and risk asessment services

PCI DSS. Compliance and Validation Guide VERSION PCI DSS. Compliance and Validation Guide

PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY

Position Description. Computer Network Defence (CND) Analyst. GCSB mission and values. Our mission. Our values UNCLASSIFIED

Internet of Things. Internet of Everything. Presented By: Louis McNeil Tom Costin

SECURING THE UK S DIGITAL PROSPERITY. Enabling the joint delivery of the National Cyber Security Strategy's objectives

BUILD YOUR CYBERSECURITY SKILLS WITH TRASYS INTERNATIONAL

Background FAST FACTS

How to Underpin Security Transformation With Complete Visibility of Your Attack Surface

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Google Cloud & the General Data Protection Regulation (GDPR)

Cybersecurity. Securely enabling transformation and change

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

SECURITY SERVICES SECURITY

Certified Cyber Security Specialist

Global Statement of Business Continuity

Sirius Security Overview

Incident Response Services

A Checklist for Compliance in the Cloud 1. A Checklist for Compliance in the Cloud

Gujarat Forensic Sciences University

Ingram Micro Cyber Security Portfolio

The NIS Directive and Cybersecurity in

WORKSHARE SECURITY OVERVIEW

Val-EdTM. Valiant Technologies Education & Training Services. Workshop for CISM aspirants. All Trademarks and Copyrights recognized.

The Key Principles of Cyber Security for Connected and Automated Vehicles. Government

INFORMATION SECURITY. One line heading. > One line subheading. A briefing on the information security controls at Computershare

POSITION DESCRIPTION

CYBER SECURITY TRAINING

Welcome ControlCase Conference. Kishor Vaswani, CEO

Express Monitoring 2019

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?

Position Description IT Auditor

Transcription:

SRM Service Guide Smart Security. Smart Compliance. Service Guide Copyright Security Risk Management Limited

Smart Security. Smart Compliance. Introduction Security Risk Management s (SRM) specialists cover the full scope of the Governance, Risk and Compliance agenda such as information assurance to UK Government, NATO, PCI DSS, N3 and ISO 27001 standards, business continuity, operational risk management and computer & network forensics. This broad portfolio allows SRM to provide an effective service, making the most of consultants skills and offering you better value for money. Having one service provider also improves project accountability and delivery by minimising any potential disruption to operations. Having multiple service providers on site could result in a duplication of effort, investment inefficiencies and conflicts of interest. SRM experts, drawn from the private sector, police service, armed forces and government agencies, offer an exceptional skill-set and depth of experience, all delivered to a first-class level of service. SRM s existing clients, who range from small and medium size businesses to government departments, charities and other non-commercial institutions, trust SRM because we deliver what we promise. Copyright Security Risk Management Limited 1

SRM Service Guide Service deliverables With a wide range of knowledge and practical experience, our consultants are ready to help you understand the risks to your information assets and manage them effectively. Consultancy Services Virtual Chief Information Security Officer (VirtualCISO TM ) VirtualCISO TM provides a cost effective bespoke portfolio of professional services supporting, resourcing and advising CISOs on all practical and strategic aspects of Information Security. Access your own VirtualCISO TM team led by an individually-assigned senior IS consultant who will be your key contact throughout Engage with experienced highly qualified consultants to develop, enhance and refine a comprehensive information security strategy Prioritise activity through an analytical audit of your existing risk, compliance and security frameworks Develop and deliver senior-level presentations detailing your security posture to key stakeholders Assess and develop the information security skills of your wider team Co-ordinate any security breach or incident investigations within a remedial, preventative strategy Benefit from a pragmatic and collaborative relationship where trust is key: you will never be pressured to utilise services you do not need Draw on the expertise of the wider SRM team if required including penetration testing, PCI compliance and Cyber Essentials Organisational Risk Profiling & Management Our experienced consultants understand all relevant compliance requirements and, through a collaborative consultative process, will determine a proactively managed strategic plan aligned with your organisation s risk posture and business goals. Copyright Security Risk Management Limited 2

Smart Security. Smart Compliance. Security Programme Design and Health Checks / Information Security Strategic Guidance, Policy Design and Health Checks A detailed security analysis identifies gaps, providing SRM with the foundation on which to build an innovative bespoke security programme, balancing business objectives with the need to manage information security proactively. We also identify the critical security risks and challenges presented by emerging technologies, creating a strategic roadmap to mitigate immediate and potential threats to secure customers and partners. Disaster Recovery (DR) Planning & Health Checks To ensure minimal disruption, SRM develops a resilient future state model, based on an evaluation of your current operating state. Understanding that all plans should be tested, we ensure that our jointly created DR plan is safely invoked to demonstrate its effectiveness. Information Governance At SRM we understand that regulatory compliance and/or litigation are the usual drivers for an IG Programme. However, through efficient management of easily accessible data and only retaining what is essential, companies can make tangible cost savings via storage efficiencies and significantly reduce their risk profile. Dedicated Customer Support Portal The SRM portal initiative is free to VirtualCISO TM clients and invited participants. It provides best practice, thought leadership, Q & A, legislative and security breach news with remediation techniques where applicable. Business Continuity Planning (BCP) & Health Checks Our BCP consultants are either Members or Fellows of the Business Continuity Institute and will evaluate existing BC plans and stress test via a business impact analysis process providing a gap analysis and risk profile/analysis to create an enhanced plan. Our health check focus is to ensure mission critical services for your customers are recovered in a timely, ordered manner. Improve Internal Information Security expertise via thought leadership, C-level mentoring and team/individual mentoring and coaching At SRM we have created a team of consultants from multiple sectors bringing a range of relevant deep sector experience to our delivery assignments whilst providing thought leadership via both our blogging, C-level mentoring and VirtualCISO TM programmes. Our team can help you structure and design a coherent Information Governance framework which enables you to get the most from your existing investment and focus future investment on delivering effect that supports your corporate objectives. Copyright Security Risk Management Limited 3

SRM Service Guide Compliance Services General Data Protection Regulation (GDPR) & Data Protection (DP) GDPR applies to any country processing EU data and will impact on virtually every UK business. Compliance preparation in readiness for May 2018 is therefore key. SRM provides data discovery solutions supported by expert consultants to ensure full compliance with GDPR. Payment Application Data Security Standards (PA DSS) Our PCI PA-DSS certified consultants can advise on payment application software design and review existing software to ensure your payment application stores, processes or transmits cardholder data in a PCI DSS compliant manner. Cyber Essentials (CE) Cyber Essentials (CE) is a government-backed, industry supported scheme to help organisations protect themselves against common cyber-attacks. SRM can support you in becoming CE certified which is a mandatory requirement for organisations wishing to undertake work for government departments and agencies. Payment Card Industry Data Security Standards (PCI DSS) SAQ to full RoC We have one of the largest teams of QSAs in Europe. We conduct your PCI assessment in order to validate and maintain your compliance with the PCI DSS. We also provide guidance in an advisory role to review any gaps between your documentation, policies, training, IT systems, processes and the requirements of the PCI DSS. Not only does PCI DSS compliance provide you and your customers with the peace of mind that data is secure; failure to adhere to the PCI DSS requirements could result in a loss of customer trust and enforced PFI investigations and fines. ISO 27001 Lead Auditor & Pre-Audit preparation SRM understands that the broad applicability of ISO 27001 can make the correct application of the Standard to any organisation a challenge. We have experienced Lead Auditors who, using gap analysis and an action plan will guide you on the scope, the appropriate controls required and undertake pre-audit activities to ensure you are well placed to achieve accreditation. Information Security (IS) Awareness Training SRM offers bespoke courses to develop your teams IS awareness; aligned to your business to ensure all stakeholders understand the on-going importance of IS to business operations. SRM also provide cost effective e-learning course options. Copyright Security Risk Management Limited 4

Smart Security. Smart Compliance. Information Security Testing & Compliance Bespoke Penetration Testing Not only does your system need to be secure; it needs to be seen to be secure. We work with you to understand your business requirements to develop a test plan which satisfies all stakeholders that your web and supporting infrastructure are secure. Our service considers external and internal threats using proven tools to simulate attacks on your infrastructure. Websites and associated applications Third party applications Firewall, IPS & IDS Evasion Company and client wireless solutions Internet of Things (IOT) both devices and management infrastructure End user device testing including printers and other peripheral devices Mobile applications (IOS/Android & Windows), including OWASP Top 10 Mobile Risks Social engineering (to fully test your IS awareness policies) Telephony / VoIP systems (on premise and hosted solutions) We hold a range of accreditations both at a company and individual level including QSA, PA-QSA, CISSP, Cyber Essentials (IASME) and Tiger. Our deliverable to you will be a comprehensive but easy to understand detailed breakdown of all your results presented by a consultant in an easily interpretable report. It will identify the threats in a jargon free manner so that we can work together to mitigate the key risks to your business. Vulnerability Assessment SRM provides a leading web application and infrastructure scanning tool which automates the discovery of security flaws within network perimeters to quickly identify any required remediating actions. Web Application Testing Testing a web application is key to ensure malicious attack attempts don t exploit poor configuration, out of date patching, cross configuration issues, cross site scripting attacks or injection attacks. Network Security Testing Your network (wired, wireless and cloud based) is the business connectivity you rely on. Regular and robust testing will identify any risks to the backbone of your operation. SRM s network testing methodology includes: Routers, switches, firewalls (both physical and software based) and Wi-Fi access points internal and external to the organisation Remote access solutions and Virtual Private Networks (VPN) Company telephony solutions, including Voice Over IP (VoIP) and any mobile solutions in scope Review of Operating Systems, patching policies and change governance process Cloud deployed services including client access as appropriate Web serving applications including any in scope databases Copyright Security Risk Management Limited 5

SRM Service Guide Incident response PCI Forensic Investigation (PFI) SRM is one of only 19 PCI PFIs in the world and one of the top three PCI PFIs operating from the UK. SRM provides pragmatic and collaborative management of the PCI DSS requirement, supporting your business following any breach and offering effective remediation services. Digital Forensic & Investigative Services From forensic laboratories in Rugby and Newcastle, SRM provides services for institutional and private clients. From large scale criminal investigations spanning the globe to personal investigations for individual clients, our team is skilled in all technology platforms. SRM will be ISO 17025 compliant by October 2017. Incident Hotline & Remote Support On hand 24/7 x 365, our dedicated response team provides professional, pragmatic and strategic support in the event of any type of incident, enabling you to focus on your business activities. Retained PCI Forensic Investigation (PFI) Service SRM offers a bespoke retained PFI service, working proactively through regular strategic reviews to develop enhanced risk mitigation and ensure rapid remediation and minimal disruption in the event of a breach. Security Breach, Incident Management & Containment Support (On-site & Remote) Breaches happen. But having the right team on hand to identify, analyse, correct and report on incidents saves money and reputation while reducing future risk and freeing you to continue to trade. e-discovery and Data Cleansing including Consultancy supported Remediation Services SRM has the complete solution for the identification, remediation and monitoring of sensitive personal data across your entire network. We work with you to reduce the risk of a data breach by containing the valuable customer, employee and payment information hackers are after, and simplify the processes required to make security a business-as-usual practice for your organisation. Emergency? Call our incident response team on 03450 21 21 51 Don t hesitate to call our team if you have a problem. We re available 24 hours a day, 7 days a week. To find out more... Call us on 03450 21 21 51 Visit us at srm.solutions.com Email us info@srm-solutions.com Copyright Security Risk Management Limited 6

Smart Security. Smart Compliance. srm-solutions.com T. 03450 21 21 51 F. 0191 247 5755 E. info@srm-solutions.com Cyber Security Suppliers to Copyright Security Risk Management Limited. All rights reserved. Company registration number: 3950239 Newcastle upon Tyne The Grainger Suite, Dobson House Regent Centre Gosforth Newcastle upon Tyne NE3 3PF Midlands Sir Frank Whittle Business Centre Great Central Way Rugby Warwickshire CV21 3XH London Portland House Bressenden Place London SW1E 5RS

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback