home
about us
products & services
news events
case studies
case study 1 - 2 - 3 - 4 - 5 - 6
resources
contact us
* *
case study previous case studynext case study

National Engineering Group - security management programme

client
The client is a UK national engineering group.

client requirement and business drivers
The company had seen strong growth over the previous ten years; achieved though a combination of acquisition and organic expansion. The board was aware that they had reached a stage where they had a substantial information asset base that was known to be critical to their business, but the extent of it was unknown, largely undocumented, and the potential exposure to it and impact on the business not fully understood. In discussion with commissum, it was identified that a formal, phased security assurance programme was the most effective way to address this issue, also enabling the board to move aggressively forward with the next phase of the group's expansion.

The main business drivers were:

enabling
  • identification of information assets, their criticality to the business and understanding of the risks, enabling investment in security to be more accurately targeted and effective
  • a number of productivity enhancing initiatives involving technology investment would be able to proceed as a result of confidence instilled by the better understanding of the company's information risk environment
  • return on investment through more appropriately targeted investment in technology across the group
risk reduction
  • quick wins achieved through identification and close down of several potentially high risk vulnerabilities in the clients Internet facing infrastructure
  • working in partnership, established a phased short/medium term programme for improving security; including testing and lock down of key elements of the internal infrastructure, tightening up security policies and key internal processes, and the introduction of security awareness training enabled rapid introduction of risk reduction through layered security in the short to medium term
  • a longer term, roadmap with an aim to achieve compliance with BS7799 was drawn up to ensure that initial momentum is not lost through controlled maturation and evolution of the security management and infrastructure
commissum services provided
  • security healthcheck including first phase asset identification, risk assessment and gap analysis;
  • external penetration testing of client's security perimeter;
  • analysis and lockdown of key elements of the infrastructure identified as critical during healthcheck;
  • review and update to security policy and key associated company processes;
  • quick-fix updates and longer term revision of client's business continuity measures; and
  • assisted the newly appointed security manager in drawing up a detailed security roadmap for BS7799 compliance, and provided mentoring for achieving board level buy-in and implementation.
   
site map

slash

 terms & conditions © 2001-2008, commissum