ITC believes you have to take a risk-based approach to deliver appropriate security. Our Information Security Risk Management consultants can help you through the full lifecycle of risk management stages to ensure you know what the right things to do for your business are, how to implement them and also how to run them effectively.
One of the most common questions in security. ITC can take the output from audits and health checks and compare the results against a large data set of other organisations. This can be further filtered to industry vertical or control area to give you the most relevant view.
In an exciting development, ITC has now added a benchmarking capability to its Audit and Health Check activities. Using industry recognised tools and processes, ITC can now provide detailed benchmarking of your control environment against ISO 27001, PCI-DSS and SANS Top 20 frameworks. You can choose to have ITC benchmark your entire environment, or select particular sections of interest. You will have the confidence that ITCs experts have performed the analysis and the comparison is from a significant range of industries and company sizes.
ITC’s Security Benchmarking Service will:
Detailed reports are available to use to present the findings, and of course we can give expert advice on how to assess the risks related gaps and how best to close them.
Depending on your starting point, ITC can take a high level approach to help you understand key risks quickly, or go straight into defining and delivering customised risk management frameworks. Our end-to-end approach will help you understand underlying risks in terms of threats, impact areas and levels and also your real world exposure to the threats.
We use a wide range of techniques to test the effectiveness of controls, from infrastructure & application penetration testing to highly customised phishing tests.
Thankfully more attention is spent in this area as its importance is better understood. Sadly, much of the effort does not deliver the expected results due to the way it is delivered. We use leading edge methods to deliver customised, relevant and consumable messages to your workforce. These include interactive websites, smartphone apps and short video flashes. The metrics for comprehension speak for themselves.
We encourage all of our clients to consider the inevitability of a security issue. We will help you focus on realistic scenarios and develop integrated business responses to the incidents – combining the incident investigation phases with effective internal and external communications.
ITC’s consultants work with clients to develop detailed policies, procedures and control frameworks based on industry best practice tailored to your risks and regulatory requirements. Once these are established we can then manage subsequent deployment stages.
Clients can select from the above as individual consulting engagements, or they can be delivered as an integrated information security improvement programme.
This service augments an organisations incident response capability by providing access to ITC’s most experienced engineers and consultants to provide effective triage and remediation advice for security incidents. Where required, this can include the coordination of forensic and investigation activities using specialist resources.
We provide visibility of potential threats to clients by using detailed risk based profiling and bespoke tools to search the Surface, Deep and Dark Web for relevant intelligence. ITC then provide advice on mitigating any threats identified.
There are an increasing number of guides available to assist customers in specific areas of cloud deployment and usage – Microsoft and Amazon’s guides are a good starting point. What we at ITC have noted is that they don’t cover the full scope of design and management which is needed to address potential risks. The delegates at our CloudBurst security conference will recall the range of issues we discussed and debated. Seeing the same issues, several clients have come to us for additional support in writing customised guides for them.
ITC’s Cloud Best Practices
We write best practice guides for organisations to use to shape their adoption and management of their cloud computing usage.
The output is tailored to your environment and predicted use of cloud services, being specific where solid plans exists and generic to guide future planning. If you want to talk to us about this service, please contact 020 7517 3900 or email us at [email protected].
As a provider of SOC Services to our customers, through years of experience ITC recognise the challenge and skill it takes to operate a SOC delivering real and measurable business value through continuous improvement.
ITC have developed a unique set of skills for our customers who have already invested in a SOC, its people, technology, tools and processes. Our teams of experienced resources from Board Advisors, CISO’s, Business Analysts, Security Architects, Security Engineers, Service Managers and Project Managers deliver a modular set of services to help get your SOC performing to an optimal and sustainable standard.
Internally, some at ITC have called this service ‘The SOC Hospital’ but we specialise in getting our patients back up and running in the quickest possible time focusing on a “Crown Jewel – less is more approach” and then follow our engagements with monthly health checks as well as providing access to ITC’s BI Tooling delivering data visualisation and reporting that really allows our customers to ‘Police the Outsourcer’.
ITC’s Information Security Consulting Journey
Impact is “easy” – think about it and you can give sensible answers
Likelihood is “not easy” – is something bad going to happen, if so would it succeed?
ITC provide senior & board level advisory services using our industry recognised Chief Information Security Officers. This approach can be an effective way of providing security leadership into organisations who are developing their capabilities or where the challenge of attracting and retaining those skills is prohibitive.
Our CISO service can be tailored to the client’s needs, but as an example including:
ITC’s Information Security Consulting Journey
Engineering excellence by design
Our fully accredited security & network consultants are committed to helping you address your key business challenges, harnessing new opportunities and performance from technology developments, improving existing process and adapting to an increasingly insecure ‘cloud’ based world. Over the last two decades our security, network & design consultants have built and secured domestic, European and global IT networks for some of the UK’s best known organisations,
Our experience is broad and delivered by seasoned accredited individuals – with senior blue-chip managers with front-line industry knowledge, some with personal achievements ranging from world firsts to the delivery of 160,000-user network integrations. In addition to advisory and design consultancy, our experts can work in conjunction with in-house teams; complementing your existing skill set; boost resource availability during peak times or key projects or indeed manage the entire process through managed services.
To learn more about the enterprise infrastructures we have designed, delivered and are entrusted to manage, please take a brief tour of our customers.
There are few organisations that can match our engineering knowledge and experience.
Some of the UK’s largest organisations utilise and can endorse our network engineering security services across the spectrum. At the top end, we are professional trouble-shooters, often solving networking problems where others have failed. By contrast we can provide simple and cost effective engineering “feet on the street” or work in conjunction with in-house teams; complementing your existing skill set; boost resource availability during peak times or key projects or indeed manage the entire process through managed services.
Looking at our customer projects, you’ll see just a snapshot of our engineering pedigree and experience.
ITC successfully and consistently deliver projects on time and within budget to high profile customers, large and small. Our seasonal delivery teams are entrusted to manage engagements ranging from global transformation deployments across 100 countries, to the relocation of critical live data centre environments, whilst assuring business continuity throughout.
As you would expect, a standards-driven enterprise model is core across service deployment, service delivery and change control. Through our high touch engagement, we ensure efficient, process driven, scalable delivery and timely management following ISO framework methodology, ITIL best practice processes and PRINCE2 project management.
ITC adopts the same security best practices in our own live environments as we do for customers, including the use of structured information security frameworks, proper exercise of controls, and risk assessment of assets.
The new EU General Data Protection Regulation (GDPR) sets the foundation for how organisations protect, and derive value from, sensitive customer information.
Complying with the GDPR is a critical concern for business leaders worldwide. From May 2018, organisations will be bound by law to secure and protect the data of their customers and also demonstrate that they are compliant in the way this data is used.
By complying with GDPR regulations, businesses can guard against risk that manifests itself in the form of lost customer confidence and sales, security breaches, fines, sanctions, and potential lawsuits. By gaining greater control of customer data based on the principles of GDPR, businesses can also gain greater insight into customer needs and enhance overall productivity.
Current approaches to addressing GDPR are largely ineffective. The articles are complex and open to interpretation, businesses have found it difficult to determine specific requirements and map technology to them. Many organisations are struggling with data discovery, others have completed this audit, but are not sure what to do next.
At ITC Secure, we have the people, tools and services to support you through the complexities of GDPR, we can simplify the complex, recommend the right solutions and implement services to ensure your business is compliant in good time for the May deadline.
The journey doesn’t need to be complicated, let the ITC experts help your organisation reach compliance without taking focus off your true core business goals. We’ll guide you through the 4 GDPR steps;
Watch our Webinar hosted by our Director Cyber Risk, Gareth Lindahl-Wise, on how to build trust, and use that trust as a differentiator in a competitive environment, in addition to providing insight and relevant guidance to identify, regulate and protect your data.