We provide advice, consultancy and support on the operational security management effectiveness of your systems and facilities.
TrustedIA will provide interim management skills or alternatively assist with in-depth support in implementing appropriate and effective procedures, and producing relevant documentation.
The 2013 Information Security Breaches Survey found that 84% of large organisations (those employing >250) had a staff-related security incident in the previous 12 months. Whilst the majority constituted the misuse of email access such incidents can still have serious repercussions (think ‘reply all’). Beyond email and web access misuse (including social networking sites) the list of abuse categories still showed a high proportion of delinquent behaviour in terms of losing or leaking confidential information, breaching data protection laws and unauthorised data access (e.g. using someone else’s ID).
The report went on to summarise that there was a strong correlation between the extent to which staff understood their employer’s security policy and the likelihood of staff-related breaches. That’s if there was a security policy; whilst they are almost ubiquitous in large organisations, almost 50% of small business didn’t have a security policy at all.
TrustedIA can help you develop a security culture; from advice on badging and physical access control to recommendations in terms of staff training and familiarisation. And we look at any outsourced contracts too - all to ensure that you can trust all the engaged resources in protecting your business, your market share, your reputation and your brand.
TrustedIA work with you, your HR team and other relevant business function heads to create and maximise the effectiveness of a fully documented security policy.
We offer a number of standard training courses for different aspects of IA, including:- Risk Assessments and HMG IA Standards.
We are also able to deliver bespoke training courses to meet your specific internal training requirements.
Where necessary we will provide mentoring for your permanent staff to help them achieve the level of skill and competence required of a security practitioner.
Malicious security breaches are on the rise; no industry sector or geographic region is immune. Sadly there is no justification for optimism.
TrustedIA’s breach investigation service enables your business to successfully contain and recover from a potential breach. We will investigate the occurrence, manage stakeholders and work with your internal communications department (in marketing or HR) and any PR agency to ensure subsequent messages are timely and accurate.
If you detect a breach, through internal monitoring or (not uncommonly) simply by accident, the way you respond is absolutely critical to a successful outcome. Your approach in terms of the processes and procedures for containing the incident and the supporting investigation must maintain the integrity of any gathered evidence. Efficient recovery is critical to ensure disruptions are minimised and ‘business as usual’ operations are reinstated.
TrustedIA believe that prior planning is key to preventing or detecting a breach and to help ensure a considered and effective response to successfully manage outcomes.
We can help any organisation which has detected a potential misuse of ICT assets (which needs further investigation) or is suffering from, or likely to suffer from, cyber-attacks. We can help create a recovery plan to ensure that the subsequent impact on operations, customers and business partners is minimised. And we can advise on who needs to be notified that the organisation’s security has been compromised.
TrustedIA have a wealth of experience in planning and conducting investigations for public and private sector organisations. We can provide suitably skilled and experienced experts who can help you manage a breach and restore operations, reputation and confidence.
The increasing digitization of business, economic and financial institutions and the constant growth in communication networks (and our dependencies on them) carries a commensurately growth in risk. Protecting against cyber-attacks is no longer a priority for governments, transportation and critical infrastructure; it’s a priority for all organisations.
Whether it’s by a criminal, a disgruntled employee, a competitor or even an aggrieved client, malicious targeting can affect almost any business. The reasons may be varied; extortion, theft (including identity theft), fraud, sabotage, to cover a physical trail or espionage - it may even be an innocent human error. But the corollary remains constant; cost - to trust, to reputation, to productivity, to the P&L.
Our Digital Investigation service enables your business to understand if, and to what degree, any of its digital assets have been compromised. Remember it may not be someone ‘breaking in’ but quite easily information ‘breaking out’ (an employee sending information from their work email account to their personal account, or downloading sensitive data to a removable storage device). TrustedIA can gather evidence that could be fundamental to any subsequent legal proceedings.
On your behalf we can also review the security policies of any third parties to ensure there are proper audit rights in place and, if required, undertake penetration testing.
This is just part of the overall service form TrustedIA, a service which can include:
As we’ve said elsewhere, prevention is better than cure. We can undertake diligence, assist in the preparation of security policies and undertake staff training to help you bring about positive and successful changes in IT usage cultures.
We are here to help and can respond to requests for any or all of these modules of service with experts on-site within 24 hours.
We will supply you with experienced consultants for both short and long term engagements in order to support the effective delivery of your programmes and projects.
Integrating Security into the Business requires a fully Enterprise view. Our Enterprise Architects can help you
design and develop fully integrated Enterprise Security regimes which
encompass all the Security disciplines; Physical Security, Personnel Security,
Information Security and Business Continuity: