Annual Test Programme & Security Partnership – Global Legal Firm

Client

Our client is a specialist global legal firm with offices in Europe, the Far East and the Americas. They provide a full range of legal services to their clients in their specific field of specialism.

Client Requirement and Business Drivers

In the early stages of our client’s rapid expansion, they recognised the importance of protecting their critical information assets. They understood that this was equally important for their own data for reasons of complying with data protection legislation, and maintaining competitive advantage; as it was for their customer’s data. Their customers, mostly large corporate enterprises, entrusted very sensitive information to our client as part of the work they undertake on their behalf.

The client had gone through a major upgrade to their infrastructure and LAN/WAN connectivity. This was undertaken by partnering with an international provider of technology based business services. The partner sensibly recommended that an independent expert security assessment was undertaken; commissum was selected through a competitive process to undertake the first assessment.

commissumServices Provided 

Initially commissum conducted an external infrastructure penetration test of the law firm’s Internet facing presence on the recommendation of the firm’s technology implementation partner. The initial selection was competitive, with commissum successfully demonstrating the quality of their services as well as excellent value for money. The recommendations from this initial round of testing fed back into the Business Solution Partner’s remedial action and project completion programme.

This experience of independent review of security and the issues uncovered and remedied acted as a catalyst for the establishment of a long term partnership between the Law Firm and commissum. Initially this included ongoing contracts for external infrastructure penetration testing and monthly vulnerability scanning, but over the years has included:

• Network security training for IT staff
• Incident response and forensic analysis
• Remote access project security design support
• Audit of Active Directory
• Corporate security Healthcheck
• System hardening review & advice

Most recently, commissum has facilitated introductions to the UK government's Centre for the Protection of National Infrastructure-(CPNI) for inclusion in the security information exchange that has been established among selected law firms. This is part of the UK Government’s initiative on Cyber Security and recognition of the criticality of the information exchanged with and held by large corporations’ legal advisers; and hence the potential risk posed by indirect attack on these organisations.

• Case Study 1 - Online Banking Project Assurance
• Case Study 2 - Government Data Handling, BCP & ISO27000 consultancy
• Case Study 3 - Oil & Gas Industry - Asset Tracking System Project Assurance
• Case Study 4 - Professional Institute - Strategic Security Review
• Case Study 5 - Government Agency - Business Continuity Exercise
• Case Study 6 - Government Agency - CLAS Services for Accreditation
• Case Study 7 - National Engineering Group - Security Programme
• Case Study 8 - Application Service Provider - Investor Due Diligence
• Case Study 9 – Global Legal Firm - Annual Test Programme & Security Partnership
• Case Study 10 - Investment Bank - Secure Application Development Training
• Case Study 11 - Manufacturing Company - Active Directory Review & ISO27001/27002 Gap Analysis