Information Security Management

Service Overview

Implementing and operating an effective information security management framework can be a difficult undertaking for many companies. Industry standards such as ISO27001, while fully comprehensive, are also highly detailed and involved. The challenge is in applying the processes, practices and controls in a way that is both cost-effective and practical for your company’s specific needs.

Our cyber security consulting services will guide you through the process of establishing an information security management framework that is tailored for your specific needs. To achieve this, we work with you to define a cyber security roadmap. The roadmap prioritizes the critical security controls and therefore ensures the highest areas of risk are managed from the outset.

As you continue with the roadmap, we guide you through the planning process for future phases and assist in establishing the relevant controls at each step. For measuring the effectiveness of the framework, we can undertake a regular security health check that will provide immediate feedback on how the roll out of your security management practices are driving down the overall cyber security risk level.

Cyber Security Health Check

The health check provides a report on your organisation’s ability to manage security risks. The deliverable is a report that includes a “Security Dashboard”. The dashboard presents an at-a-glance summary of the effectiveness of your information security management framework. It serves as an excellent planning aid to ensure you are realising the necessary benefits from your investment in cyber security protection.

The health check includes:

  • A security risk heat-map, which highlights any uncontrolled risks Radar charts that map your progress towards implementing the necessary level of security controls
  • An itemised list of the controls needed to safeguard your business
  • An assessment of your security management practices as based on industry standards for information security

Finally, the health check provides you with a set of recommendations and immediate actions to address any gaps in your security framework or to control any unmitigated security threats.

Information Security Management Framework Implementation

Whether you are starting from scratch or already have operational security management practices, we can support you to ensure you have the structures in place to identify, protect and ultimately recover from the most prevalent forms of cyber attack.

This involves:

  • Working with you to define a cyber security strategy that is appropriate for your business
  • Undertaking an initial security health check as a gap analysis to determine the immediate threats and to establish a baseline capability level
  • Based on the identified capability level, defining and implementing the security policies, practices, standards and controls in alignment with standards such as CSC Top 20, ISO27001 and NIST 800-53

While ISO27001 is the recognised standard for information security management, we also encompass other frameworks and national guidance in defining the adopted practices to ensure compliance with in-country requirements and a tailored, best-fit solution for your business.

Some of the frameworks and standards include:

  • NIST 800-53
  • New Zealand Information Security Manual Australian Government Information Security Manual
  • NCSC 10 Steps To Cyber Security
  • CIS Top 20 Security Controls

As part of the process we can also provide both a risk mitigation plan and a roadmap for establishing the security management framework.

Security Documentation

Depending on the size of your business, a number of documents are typically produced to capture the policies, practices and controls underpinning the information security management framework.

These documents can include:

  • Security Policies
  • Security Risk Management Plan
  • System Risk Management Plans
  • Operating Procedures
  • Incident Response Plans

Fortunately, these can often be combined into a smaller set of documents (or document). We can assist in the authoring of these documents as well as providing templates to fast-track the process.

Monitoring

Once we have collectively agreed the framework and cyber security roadmap, we can continue to assist your implementation by conducting regular security health checks and providing guidance as necessary.