Governance Risk Compliance
Appropriately managing an organisation's Information Security Risk requires the selection and deployment of appropriate controls in the context of the risk attitude and culture of your business.
Mitigation measures or controls should work cohesively, taking account of cross-functional business requirements to create a system of integrated controls, technologies and processes, all implemented, monitored and managed to maintain effectiveness. The controls and risk mitigation activities selected may need to address specific requirements to meet financial, operational, legal, compliance and business risk obligations.
With over 20 years of experience, commissum is adept at offering practical advice and recommending cost-effective solutions, to deliver a joined-up, coherent approach to protecting an organisation's information assets.
Whether it involves the traditional approach of measuring an organisation against best practice using an ISO27001 Gap Analysis, formal assessments against government frameworks such as the HMG Security Policy Framework (SPF), or a more radical review focused on cost optimisation, commissum has a track record that holds its own with the best.
Many organisations, faced with the challenge of getting to grips with information security risks choose to adopt best practice and perhaps certify to the ISO27001 Code of Practice for Information Security Management (indeed, commissum would usually recommend doing so). This ISO standard sets out, in practical terms, how the implementation of an Information Security Management System (ISMS) can enable information risk to be managed to a level acceptable to the business. In essence it states that an effective ISMS will have the following characteristics:
- Executive support.
- Embedded into the organisational culture.
- Business risk-driven and proactive.
- Aligned to a strategic framework.
- Delivering legal and regulatory compliance.
- Set into a robust policy environment.
- Supported by active training and awareness.
- Solid technical controls.
commissum fully endorses such an approach and works with organisations to maximise the benefits that arise, while minimising the costs of implementation.
Get in touch with one of our security consultants today
- No obligation
- Expert advice
- Tailored solutions
"commissum provided us with a high quality service. We found the project team helpful and flexible in responding to changes in requirement; the technical staff in particular were excellent. All commitments including deliverable timescales were met and I would have no hesitation in recommending commissum.”
Mr A Moretti, Executive Director for IT Security Risk Management, Global Investment Bank
Latest News
Alleged Chinese Government Hacking Department back in action
Allegedly the Chinese state sponsored cyber division named as Unit 61398 are back in action after a lull in their activities. This group that allegedly specialises in governmental and industrial espionage was very active and successful up until February this year. The targets of Unit 61398, also known as APT1, have ...Tue 21 May, 2013 //
Leading USA military contractor QinetiQ hacked and ransacked by Chinese hackers for three years
A new report from Bloomberg, the business information provider (www.bloomberg.com/news/2013-05-01/china-cyberspies-outwit-u-s-stealing-military-secrets.html) outlines how hackers from China stealthily infiltrated the computer systems of QinetiQ North America, a leading espionage and military contractor to the US government, and the US branch of the British defence technology company QinetiQ. A vast range of highly ...Wed 08 May, 2013 //
Suspected hacker arrested after “biggest-ever DDoS attack”
Police in Spain have arrested a Dutch national on suspicion of launching the largest-ever “Distributed Denial of Service” (DDoS) attack. Sven Olaf Kamphuis, 35, was arrested on April 25th near Barcelona, Spain. At the time, he was in possession of a specially-equipped van set up as a mobile computing and ...Tue 30 Apr, 2013 //
