Many people believe information security is a technical problem that can be resolved by implementing the latest security products. This is simply not true as information security is, at its most fundamental level, about managing risk.
It is impossible to properly manage the risks introduced through the use of ICT by treating security as a purely technical issue, as information systems are comprised of people, processes and technology.
Taking a risk based approach enables you to identify the factors that introduce uncertainty to your business operations and specify the controls required to manage them.
Our Risk Services
Risk Management Framework
A Risk Management Framework provides the foundation of effective management of risk throughout your organisation by ensuring that risks are assessed and managed in a consistent manner so that they remain within your risk appetite.
We can develop and help implement an effective Risk Management Framework that will deliver a high-level of assurance that your information security and privacy risks are identified, evaluated, assessed and appropriately managed throughout their lifecycle.
If you have an existing Risk Management Framework, we can review its implementation to identify any weaknesses and provide recommendations to address them to improve its performance.
Performing a risk assessment is only the first step in the effective management of risks. In order to gain an appropriate level of assurance that the identified risks will not compromise the achievement of your business goals and objectives you must ensure that they are managed throughout their lifecycle.
We can work with you to develop and implement a risk management plan to effective manage you identified risks. This includes working with the risk owner and other stakeholders to evaluate and prioritise the risks, select and agree their risk treatment options and develop a plan to implement them.
Effective information security is dependent on the identification and evaluation of the risks that may positively or negatively impact your information assets. And the selection of the controls to effectively manage those risks.
A Risk Assessment of your new or existing business process or information system will help you identify and assess the associated information security risks and determine the controls required to manage them.
Privacy Impact Assessment
The collection, storage and use of personal information introduces significant risks for any organisation. Ensuring that privacy risks are managed are identified and managed is critical to meeting your obligations to comply with the Privacy Act 1993.
A Privacy Impact Assessment (PIA) will help you identify and assess the privacy risks associated with a new or existing business process or information system, and determine the privacy enhancing techniques and controls required to appropriately manage them.
Many organisations are looking to take advantage of the opportunities presented by cloud computing but are unsure how to cut through the fear, uncertainty and doubt to identify, to assess and successfully manage the associated information security and privacy risks.
Our award winning cloud assurance service will provide your organisation with the confidence that it is effectively managing the risks associated with its use of cloud services. We have extensive experience of helping organisations identify, assess and manage the risks associated with their adoption of cloud computing across the different service and deployment models.
Business Continuity Planning
Business continuity planning is critical if your organisation is reliant on information assets to successfully deliver its products and services. Establishing the business requirements, dependencies and priorities will enable you to determine the people, processes and technology needed to successfully recover from a catastrophic event.
Developing a business continuity plan will enable you make informed decisions about how to respond to and recover from interruptions to your business operations. This will ensure that you are able to preserve or restore your critical business processes and minimise the business impact. It will also allow you develop a cost-effective disaster recovery strategy that actually supports your business continuity plans.