Given the multitude of differing requirements for which solutions have been successfully implemented to date, the case studies below provide some measure of the breadth of services that can be provided to your organisation.
CYBER CONSULTANCY - INTERNATIONAL ORGANISATION
Planning and implementation of a number of activities was required to improve security for several remote sites outside the organisation which regularly communicated with a UK main office.
Following asset identification, a plan to update, patch and monitor these information assets was implemented, in addition to provision and subsequent implementation of best-practice advice in terms of backup management, use of data encryption tools, password management and security awareness for employees.
Following implementation of the recommended best-practice advice, using the CIS 20 Critical Security Controls as a baseline control reference document , the organisation was able to both secure its information assets and ensure that its employees were aware of the potential security risks relating to use of IT.
SECURITY TESTING - PUBLIC SECTOR
As part of a large complex IT programme being delivered into a large UK public sector client, a number of vulnerability assessments and CHECK penetration tests were required for multiple infrastructure environments, requiring scoping, managing and remediation activities.
During the testing phase, vendor activities were coordinated and regular progress updates were provided to relevant stakeholders. Following completion of testing activities, identified vulnerabilities were prioiritised as per the standard CVSS scoring system and successfully resolved, resulting in minimal impact to the overall delivery timeline of the programme to the customer.
DATA LOSS PREVENTION - FINANCIAL SECTOR
Given the risk from unauthorised release of information from the organisation, the requirement existed for of a data loss prevention (DLP) solution to be implemented.
This could ensure that highly sensitive proprietary information was released via email or USB without sufficient business justification, or through unauthorised upload to an un-managed cloud storage provider.
Following documented agreement of the solution requirements and subsequent configuration and extensive testing, the solution was successfully deployed to the organisation.
“Despite a challenging environment due to the security situation in Afghanistan, climate and the necessity to work with multiple nations and their very different working practices, Andy maintained a can-do attitude. Excellent in managing client expectations and establishing excellent relationships with suppliers. A man who understands project management in the real world rather than via the latest fad in methodologies."
Mike Whitfield, ISAF