Strategic Security Review - Professional Institute
The Institute acts as the country’s governing body for a distinguished professional services sector and as such its reputation for information assurance and service delivery is always under public scrutiny.
Client Requirement and Business Drivers
As the Institute continues to increase its reliance upon IT to deliver an expanding set of services in accordance with its own business objectives, it was imperative that the latest IT strategy focused on the real priorities and resulted in making the correct high-level technical decisions.
The client therefore decided that it was essential to engage with an independent, expert advisor to analyse the three strategic initiatives that were crucial to the continued success of the Institute.
The business drivers for this engagement can be summarised as follows:
- The client’s IT strategy focused on interpreting the business objectives and aligning to it. The client sought assurance that the alignment of the proposed IT strategy was justifiable and appropriate
- The client had identified a significant infrastructure upgrade project. A high level of confidence had to be established within the business, to ensure that the project would meet the tight business driven timescales, budget constraints and agreed deliverables.
- Server virtualisation was considered as part of the infrastructure project as the Institute recognised the many advantages to be gained. The client wished to establish that the proposition from the potential vendor would deliver projected benefits.
- The client recognised the potentially disastrous impact on brand and reputation that would arise from any security related incident; in the context of the business plans, advice was sought on updating of the Institute’s policies, procedures and technical safeguards to protect their reputation.
Recognising the importance of the right specialist expertise, together with the need for objectivity and independence commissum was engaged to meet the strategic, business and technical security related objectives of the project within tight timescales set by the business.
The assignment delivered services in three areas:
IT strategy & business alignment
commissumthoroughly reviewed the existing IT strategy and related documents, such as business plans, policy and procedure handbooks, and current budget plans.
Interviews were conducted with business sponsors and keyIT staff to establish objectives, both explicit and underlying, of the IT service delivery and the alignment of the IT strategy to the business strategy.
A thorough management and technical evaluation of the proposed strategy was undertaken which challenged some of the assumptions and directions that were being proposed.
A report was written that encompassed a review on all management and technical aspects of the IT strategy, making recommendations for improvement in the context of the broader challenge of maximising the value of the IT function to the business.
Advise on virtualised architecture
commissum technical consultants reviewed both the rationale for the new virtualised architecture and the 3rd party proposal for installation and commissioning of the virtualised architecture.
Potential risks identified from the proposal were highlighted to the Institute along with steps to mitigate them to a level appropriate.
Review of policies & procedures
The existing documentation set was reviewed and many of the policy statements challenged and a more structured policy framework recommended along with the delivery of improved policy templates.
commissumcontinues to provide security assurance services to the Institute as a trusted security partner.
- Case Study 1 - Online Banking Project Assurance
- Case Study 2 - Government Data Handling, BCP & ISO27000 consultancy
- Case Study 3 - Oil & Gas Industry - Asset Tracking System Project Assurance
- Case Study 4 - Professional Institute - Strategic Security Review
- Case Study 5 - Government Agency - Business Continuity Exercise
- Case Study 6 - Government Agency - CLAS Services for Accreditation
- Case Study 7 - National Engineering Group - Security Programme
- Case Study 8 - Application Service Provider - Investor Due Diligence
- Case Study 9 – Global Legal Firm - Annual Test Programme & Security Partnership
- Case Study 10 - Investment Bank - Secure Application Development Training
- Case Study 11 - Manufacturing Company - Active Directory Review & ISO27001/27002 Gap Analysis
Get in touch with one of our security consultants today
- No obligation
- Expert advice
- Tailored solutions
"commissum recently provided invaluable advice and support, ensuring the success of our secure remote access project, and has provided us with annual penetration testing and managed service scanning for several years. I would happily recommend commissum to others for their professionalism and quality of service.”
Mr Tim R, IT Director, International Law Firm
"We are extremely pleased with the work carried out by the commissum team. All of the commissum staff were a pleasure to work with and maintained a high level of professionalism at all times. They were able to provide us with sound advice and guidance to make sure that we got the best value for money from our test and provided excellent communication and recommendations before, during and after the tests. I would strongly recommend commissum to other companies that are looking for peace of mind in relation to their IT security and I can say that we will use commissum again for future testing.”
Chris S, IT Officer - UK Housing Association