All our services are custom-designed to suit client requirements. The following examples illustrate the kinds of activities we have performed previously ... and we relish novel challenges:
- AI risk and security - identifying, evaluating and treating information risks associated with LLM and other AI-based systems, applications and processes, specifying, documenting and testing controls, providing expert content for expert systems.
- Arbitration - independent, unbiased expert assistance to review, understand, challenge and respond appropriately to IT audit reports, nonconformities, supplier assessments etc. (this is NOT legal advice!).
- Audit and assurance such as: security strategy reviews; data centre & site/installation audits; software development projects audits; cloud supplier assessments/audits; ISO27001 pre-certification audits (readiness checks, gap analyses) ...
- Budgeting - assisting clients to prepare, negotiate, review and approve sensible budgets for risk, security and assurance-related operations, management, projects, initiatives etc.
- Business continuity management - are your organisation’s arrangements adequate to get you through a major incident or disaster? Is that just a wishful thinking or do you know things will be OK, for sure?
- Change - being a credible, independent, convincing agent of change, helping clients create and exploit business opportunities to change-for-the-better, developing pragmatic strategies and plans, promoting and guiding execution, measuring success.
- CISO coaching and mentoring - a knowledgeable, trusted friend lending you an ear and offering expert guidance based on decades of experience.
- Information risk and security management - strategy, policy and governance; identifying, evaluating and addressing information risks; benchmarking; assurance; business continuity management and resilience.
- Information risk assessment - assistance to identify, evaluate, prioritise and decide how to address information risks.
- Information security controls assessment - tell us which standards, requirements or guidance you’d like to be reviewed or audited against - Cyber Essentials, perhaps, or ISO/IEC 27001/27701, PCI DSS, HIPAA or CSA or your own corporate standards?
- IT installation review - check your physical security arrangements, essential supplies, data centre access and so forth.
- Interim management - a safe pair of hands to hold the reins, stabilise the situation and perhaps assist with the recruitment of a permanent replacement CISO or ISM.
- ISO27k consulting - achieve and maintain ISO/IEC 27001 certification with our expert guidance, from initial planning through implementation support, ISMS management reviews and internal audits, leading to continuous improvement and maturity.
- ISO27k support tools - help to determine your requirements, then survey the market, evaluate, select and negotiate prices for the most appropriate tools/systems* for your organisation.
- Policies and procedures - preparing pragmatic policies and procedures plus creative awareness and training content for staff, managers and professionals.
- Post-incident reviews - dispassionately, competently and independently drawing out and evaluating relevant details, developing and elaborating on responses, providing forward-thinking management reports and initiating improvement activities.
- Privacy impact assessments - need some help to review your privacy requirements and controls, dispassionately? Call us!
- Product specifications and evaluations - determining the quality and suitability of commercial goods and services in relation to objectives and requirements in the risk and security domain.
- Professional services security - identifying, evaluating and treating information risks associated with the provision and acquisition of professional services such as accountancy, tax and legal advice, consulting ...
- Proposals - researching, preparing and reviewing proposals for information risk and security-related functions, roles, products, systems, apps, projects, initiatives, mergers and acquisitions, changes, investments etc.
- Resilience engineering - establishing requirements, reviewing current capabilities, planning improvements and demonstrating genuine progress in areas such as resilient technology, people and infrastructure, plus the broader business and strategy aspects.
- Risk and security strategy - developing, critiquing and contributing to strategies, approaches and plans relating to information and cyber risk and security.
- Security maturity - benchmarking i.e. reviewing an organisation’s information risk and security situation relative to good practices in the field, recommending and justifying improvements where appropriate.
- Security metrics - developing measurement strategy and designing a suite of metrics to manage information risk and security systematically, effectively and efficiently; auditing, reviewing, evaluating and improving existing metrics.
- Stress relief - need some help though a difficult busy period, or to take a break for an actual holiday (not on-call)? Call us before it all gets too much.
- Technical documentation - preparation and updating of readable documentation describing IT systems, services, software apps, processes etc., plus training materials, launch packs, technical support guides and more.
* We neither supply third-party ISO27k support tools nor earn sales commission from the suppliers. Call on IsecT for competent, independent guidance and dispassionate advice: let us help you figure out your requirements and find tools to suit - if any - drawing on our market knowledge and decades of experience.
Copyright © IsecT Ltd. 2023
Information risk and