Cyber Risk & Information Security
(ISO 27001, NIST, Cyber Threats, Penetration Testing)
What We Provide:
- ISO 27001 Audit & Readiness Assessments:Support through the full ISO lifecycle: scoping, gap analysis, SoA reviews, internal audits, and audit remediation. Alignment with ISO 27002, 27005, and 27701.
- Penetration Testing & Vulnerability Scanning:Partnering with certified CREST and CHECK-accredited testers. Simulated attacks across network, application, and physical layers. Remediation guidance based on CVSS scores.
- Third-Party & Vendor Cyber Risk Assessments:Due diligence reviews and risk scoring of critical vendors. Informed by frameworks like SIG Lite, NIST SP 800-161, and CSA STAR.
- Security Architecture & Policy Development:Customised security policy suites including:
- Data classification and encryption
- Identity & access management
- Incident response playbooks
- Bring Your Own Device (BYOD) guidelines
- Secure software development practices (DevSecOps)
- Cyber Incident Response Simulation (Tabletop Exercises):Simulation of ransomware, insider threat, and supply chain attacks. Real-time scenario planning for execs and IT teams to test readiness.
- Cyber Risk Register Creation:Risk register aligning to NIST CSF domains (Identify, Protect, Detect, Respond, Recover) and mapped to organisational assets and threats.
Business Impact:
- Minimises the likelihood and impact of breaches, such as the 2023 Marks & Spencer customer data exposure incident, where poor third-party controls led to public data leaks and reputational harm.
- Improves cyber resilience, enabling faster incident response and recovery.
- Demonstrates duty of care and due diligence to partners, insurers, and regulators.
- Facilitates ongoing compliance with data protection laws and enhances digital trust with clients.
