ISO Information Security Management Services (Lot 4)
|
|
- Magnus Nichols
- 8 years ago
- Views:
Transcription
1 ISO Information Security Management Services (Lot 4)
2 CONTENTS 1. WHY LEICESTERSHIRE HEALTH INFORMATICS SERVICE? LHIS TECHNICAL ASSURANCE SERVICES SERVICE OVERVIEW EXPERIENCE PRE ISO OUR PEOPLE ORDERING AND INVOICING PROCESS FURTHER INFORMATION... 8 Author: Colin Swift Product Manager colin.swift@leics-his.nhs.uk Prepared for: The Health Informatics Service is provided by Leicestershire Partnership NHS Trust on behalf of the Leicester, Leicestershire and Rutland Health Community Page 2 of 9
3 1. Why Leicestershire Health Informatics Service? Leicestershire Health Informatics Service (LHIS) is hosted by the Leicestershire Partnership NHS Trust. The Trust serves a population of one million people across Leicester, Leicestershire and Rutland and has a budget in excess of 250 million and employs over 5,000 staff in a wide variety of roles. This hosting arrangement provides LHIS with a sound financial and organisation platform from which to operate along sound business practices. LHIS provides a vast range of IT products, services and solutions to its clients. LHIS delivers these solutions nationwide to all sectors of the Healthcare market and beyond including primary care NHS Trusts, Clinical Commissioning Groups (CCG s), Commissioning Support Units (CSU), care homes, hospices and General Practices, Acute Hospital Trusts, arm s length bodies and Any Qualified Providers (AQP s). LHIS has approximately 130 highly qualified IT staff including dedicated teams of project managers, change managers, web developers, application developers, content editors, I.T trainers, service desk analysts, business intelligence and data warehousing staff, network engineers, desktop and enterprise support. As an NHS organisation LHIS has extensive experience of NHS standards, clinical systems security, NHS procedures, information governance and risk management. LHIS has passed its Health Informatics Standards Accreditation (HISA); this has been developed by the HSCIC to allow commissioners of IM&T services within the NHS to build this as a quality standard that they should look for when considering future supply. The LHIS client base has grown through word of mouth recommendations based on LHIS s excellent track record of service and delivery to include non NHS public sector organisations such as Councils, Charities, Schools and Colleges. 2. LHIS Technical Assurance Services LHIS Technical Assurance Services works with a wide range of public and private sector bodies including: Arm s Length Bodies Acute, Mental Health and Community NHS Trusts Blue light services Central Government e.g. The Cabinet Office Clinical Commissioning Groups (CCG s) Commissioning Support Units (CSU s) District and Borough Councils General Practices (GPs) Hospices and other 3 rd Sector organisations Universities, Schools & Academy chains LHIS is accredited under the Cyber Essentials and IASME schemes and is currently working towards CREST membership with a view to being members shortly after the framework commences. Page 3 of 9
4 3. Service overview LHIS ISO services enable organisations to comply with and if required gain ISO27001 certification. The standard has many benefits for organisations moving to Cloud based services or with Cloud services implemented. The controls contained within ISO address data availability, confidentiality, integrity and privacy all areas that need to be addressed with Cloud based services. The development of Risk Management allows the organisation to understand the level of risk to ensure the risk is consummate with the organisational tolerances. LHIS is used to working closely with public sector customers and colleagues to provide contextually appropriate advice and guidance. Our Technical Assurance Services routinely work on-site at customer locations and have regular contact with customers via phone and . In terms of onsite working and support LHIS is based in Leicester which is centrally located to provide support at any UK office location. 4. Experience LHIS has supported large public sector organisations with ISO accreditation. This includes some of the biggest and busiest NHS trusts and public sector organisations in the country. A recent example employs more than 12,000 staff providing a range of services primarily for over one million residents of Leicester, Leicestershire and Rutland. LHIS was selected by the outsourced ICT service provider to provide services to the organisation with its ISO accreditation. This support has been so successful that LHIS has been asked to increase the scope of its support to cover the full ISO framework. On a smaller scale LHIS also has experience of: Development of Information Security Management Systems (ISMS)* Feedback and validation on project deliverables to ensure they align with ISO On-site mini assignments and attendance at meetings as required Providing internal mock audits prior to certification The provision of advice based on previous successful ISO certification assignments Responding to ad-hoc and telephone requests to provide guidance and advice *ISMS are a systematic approach to managing sensitive company information so that it remains secure. It includes people, processes and IT systems by applying a risk management process. It can help small, medium and large businesses in any sector keep information assets secure. Page 4 of 9
5 Scope of the service Gap analysis This involves assessing current practice and identifying the gaps and areas of weakness that require attention in order to achieve ISO27001 compliance / certification. Risk assessment for ISO starts with identifying all the information assets within the environment to be certified. Each asset is assessed to determine the worst case impact of a loss of confidentiality. This prioritises the assets to focus the next step of the risk assessment. Risk assessment Threats and vulnerabilities associated with the assets are then identified and documented. The prioritisation form the previous step provides both an order to address the risks in and also provides a measure of the impact of each threat or vulnerability. The probability each threats or vulnerabilities materialising is then established to provide an overall risk score (impact and probability combined). Risk mitigation Once risk assessment is complete risks that are above the organisational tolerances level are then reviewed to establish controls to mitigate the possibility of a risk materialising as an issue. Policy development Organisation policies are a crucial tool for protecting data and systems. LHIS offers a review and development service. This typically includes the following stages: Thorough review of current policies and procedures Identification of gaps or weaknesses. Documentation of remedial action to align with best practice. Reporting of the review process. Staff awareness training LHIS is able to offer staff training to increase organisational understanding and awareness of the ISO standard. The workshops can be tailored to the audience and typically might cover the following areas: Best Practice. Regulations and Legalities. Page 5 of 9
6 Management of Incidents. Risks assessment and management. Security trends. Case studies. Management responsibility. Management briefings Similar to the staff training but aimed at different audience. This service offers briefings at a senior or executive level to provide an outline of the ISO standard and its associated benefits to an organisation. Statement of Applicability SOA Also known as an SOA the statement of applicability is a document which identifies the controls chosen for an environment. The document the goes on to explain how and why they are appropriate. Derived from the risk assessment and mitigation plans. The SOA relates back to the original risks to demonstrate that mitigations are in place to facilitate ISO compliance. LHIS is able to assist in the selection of controls. Routine internal audits of key controls As part of ISO27001 accreditation, there is a requirement to conduct routine internal audits of the key controls. Many organisations have a phased programme of audits over two/three years that cover all controls. LHIS can provide this service as a discrete entity in support of an organisation that has already acquired the accreditation. LHIS performs a ISO mock audit which provides the following benefits: Pre-certification audits to ISO27001 Provides a chance to establish any areas of weakness prior to the full audit. Allows the organisation to understand the audit processes for real. Ensure staff understand what is required in terms of documentation and evidence to support auditing. Page 6 of 9
7 5. Pre ISO LHIS has passed its Cyber essentials and IASME certification which is aimed at SME s. The Cyber Essentials scheme has been set up by the UK Government to help any organisation attain a level of security that should reduce the risk of a malicious attack from the internet. Whilst IASME is essentially a subset or bite sized version of the ISO/IEC standard aimed primarily at SMEs. These certifications are effective first steps towards demonstrating organisational cyber security and can form part of the journey to ISO/IEC certification. LHIS is working towards becoming qualified assessors for both schemes which will mean that LHIS will be authorised to carry out Cyber Essentials and IASME assessments nationwide to support SME customer organisations with their Security and Information Assurance Frameworks. 6. Our people Our ICT Security personnel have a range of qualifications including: ISO Lead Auditor Certified Forensic Investigation Analyst - Distinction NHS Local Security Management Specialist ISEB Information Security Management Distinction EC-Council Computer Hacking Forensic Investigator Prince 2 Foundation Tiger Scheme Qualified Security Team Certified Information Systems Auditor EC-Council Certified Ethical Hacker Microsoft Certified Professional Page 7 of 9
8 Certified Security Testing Professional Degrees in Computer Science Many are also members of professional bodies such as The British Computer Society (BCS). 7. Ordering and invoicing process Call us on option 7 crmteam@leics-his.nhs.uk LHIS will provide assistance with completing the G-Cloud call-off contract, which will include an order form. 8. Further Information If you have any queries, questions, wish to request further information please contact (quoting G-Cloud V enquiry ) as follows crmteam@leics-his.nhs.uk option 7 More LHIS information can also be found at: Page 8 of 9
9 Page 9 of 9
RAPTER Rapid Automated Pen TestER for web applications (Lot 4)
RAPTER Rapid Automated Pen TestER for web applications (Lot 4) CONTENTS 1. WHY LEICESTERSHIRE HEALTH INFORMATICS SERVICE?... 3 2. LHIS TECHNICAL ASSURANCE SERVICES... 3 3. SERVICE OVERVIEW... 4 4. OUR
More informationVulnerability/Penetration (PEN) Testing (Lot 4) Service: 5.G5.1414.003
Vulnerability/Penetration (PEN) Testing (Lot 4) Service: 5.G5.1414.003 CONTENTS 1. WHY LEICESTERSHIRE HEALTH INFORMATICS SERVICE?... 3 2. SERVICE OVERVIEW... 3 3. OUR PEOPLE... 6 4. ORDERING AND INVOICING
More informationEnterprise Cloud Infrastructure Support Services (Lot 4) Service: 5.G5.1414.038
Enterprise Cloud Infrastructure Support Services (Lot 4) Service: 5.G5.1414.038 CONTENTS 1. WHY LEICESTERSHIRE HEALTH INFORMATICS SERVICE?... 3 2. SERVICE OVERVIEW... 3 3. ON-BOARDING... 5 4. OFF-BOARDING
More informationData Warehousing, Systems Integration and Data Migrations (Lot 3)
Data Warehousing, Systems Integration and Data Migrations (Lot 3) CONTENTS 1. WHY LEICESTERSHIRE HEALTH INFORMATICS SERVICE?... 2 2. SERVICE OVERVIEW... 3 3. SERVICE FEATURES... 4 4. ON-BOARDING AND SERVICE
More informationService Desk Triage for Cloud Support (Lot 4) Service: 5.G5.1414.001
Service Desk Triage for Cloud Support (Lot 4) Service: 5.G5.1414.001 CONTENTS 1. WHY LEICESTERSHIRE HEALTH INFORMATICS SERVICE?... 3 2. SERVICE OVERVIEW... 3 3. ON-BOARDING... 8 4. OFF-BOARDING SERVICES/TERMINATION...
More informationHealth Informatics Service Accreditation Manual. Assessment Process. May 2013, Version 1
Health Informatics Service Accreditation Manual Assessment Process May 2013, Version 1 Contents 1. Contacts... 2 2. Introduction... 3 3. Assessment principles... 6 4. Assessment outcome... 7 5. Planning
More informationDIGITAL FORENSICS AND CYBER INCIDENT RESPONSE SERVICES
G Cloud IV Framework Lot 4 DIGITAL FORENSICS AND CYBER INCIDENT RESPONSE SERVICES Service Description - ANSEC IA Limited CONTENTS 1 Company Profile. 2 The ANSEC Effect 3 Qualifications 4 Service Description..
More informationDigital Forensics G-Cloud Service Definition
Digital Forensics G-Cloud Service Definition 2013 General Dynamics Information Technology Limited. All rights 1 GDIT Team Clients Metropolitan Police Service The General Dynamics Information Technology
More informationProcuring Penetration Testing Services
Procuring Penetration Testing Services Introduction Organisations like yours have the evolving task of securing complex IT environments whilst delivering their business and brand objectives. The threat
More informationInformation Governance Framework and Strategy. November 2014
November 2014 Authorship : Committee Approved : Chris Wallace Information Governance Manager CCG Senior Management Team and Joint Trade Union Partnership Forum Approved Date : November 2014 Review Date
More informationESKISP6055.01 Manage security testing
Overview This standard covers the competencies concerning with managing security testing activities. Including managing resources activities and deliverables. This includes planning, conducting and reporting
More informationCyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft
Cyber Security and Privacy Services Working in partnership with you to protect your organisation from cyber security threats and data theft 2 Cyber Security and Privacy Services What drives your security
More informationESKISP6054.01 Conduct security testing, under supervision
Overview This standard covers the competencies required to conduct security testing under supervision. In order to contribute to the determination of the level of resilience of an information system to
More informationCyber Essentials Scheme. Protect your business from cyber threats and gain valuable certification
Cyber Essentials Scheme Protect your business from cyber threats and gain valuable certification Why you need it Cybercrime appears in the news on an almost daily basis - but it s not just the large and
More informationInformation Governance Framework
Information Governance Framework Authorship: Chris Wallace, Information Governance Manager Committee Approved: Integrated Audit and Governance Committee Approved date: 11th March 2014 Review Date: March
More informationHow small and medium-sized enterprises can formulate an information security management system
How small and medium-sized enterprises can formulate an information security management system Royal Holloway Information Security Thesis Series Information security for SMEs Vadim Gordas, MSc (RHUL) and
More informationProcurement Policy Note Use of Cyber Essentials Scheme certification
Procurement Policy Note Use of Cyber Essentials Scheme certification Action Note 09/14 25 September 2014 Issue 1. Government is taking steps to further reduce the levels of cyber security risk in its supply
More informationApplication Guidance CCP Penetration Tester Role, Practitioner Level
August 2014 Issue No: 1.0 Application Guidance CCP Penetration Tester Role, Practitioner Level Application Guidance CCP Penetration Tester Role, Practitioner Level Issue No: 1.0 August 2014 This document
More informationCyber security. Cyber Security. Digital Employee Experience. Digital Customer Experience. Digital Insight. Payments. Internet of Things
Cyber security Digital Customer Experience Digital Employee Experience Digital Insight Internet of Things Payments IP Solutions Cyber Security Cloud 2015 CGI IT UK Ltd Contents... Securing organisations
More informationApril 2015 Issue No:1.0. Application Guidance - CCP Security and Information Risk Advisor Role, Practitioner Level
April 2015 Issue No:1.0 Application Guidance - CCP Security and Information Risk Advisor Role, Practitioner Level Application Guidance CCP Security and Information Risk Advisor Role, Practitioner Level
More informationHow To Ensure Information Security In Nhs.Org.Uk
Proforma: Information Policy Security & Corporate Policy Procedures Status: Approved Next Review Date: April 2017 Page 1 of 17 Issue Date: June 2014 Prepared by: Information Governance Senior Manager Status:
More informationPreparing yourself for ISO/IEC 27001 2013
Preparing yourself for ISO/IEC 27001 2013 2013 a Vintage Year for Security Prof. Edward (Ted) Humphreys (edwardj7@msn.com) [Chair of the ISO/IEC and UK BSI Group responsible for the family of ISMS standards,
More informationNSW Government Digital Information Security Policy
NSW Government Digital Information Security Policy Version: 2.0 Date: April 2015 CONTENTS PART 1 PRELIMINARY... 3 1.1 Scope... 3 1.2 Application... 3 1.3 Objectives... 3 PART 2 POLICY STATEMENT... 4 Core
More informationG Cloud III Framework Lot 4 (SCS) Project Management
G Cloud III Framework Lot 4 (SCS) Project Management Contents Executive Summary 3 Project Management 4 Why Deloitte? 6 SFIA Rate Card 7 Contact 8 Service Definition (a) to (p) 9 Executive Summary PROJECT
More informationCYBER SECURITY TRAINING SAFE AND SECURE
CYBER SECURITY TRAINING KEEPING YOU SAFE AND SECURE Experts in Cyber Security training. Hardly a day goes by without a cyber attack being reported. With this ever-increasing threat there is a growing need
More informationIT Professional Standards. Information Security Discipline. Sub-discipline 605 Information Security Testing and Information Assurance Methodologies
IT Professional Standards Information Security Discipline Sub-discipline 605 Information Security Testing and Information Assurance Methodologies December 2012 Draft Version 0.6 DOCUMENT REVIEW Document
More informationService Definition Document
Service Definition Document QinetiQ Secure Cloud Protective Monitoring Service (AWARE) QinetiQ Secure Cloud Protective Monitoring Service (DETER) Secure Multi-Tenant Protective Monitoring Service (AWARE)
More informationSafety by trust: British model of cyber security. David Wallace, First Secretary, Head of of the Policy Delivery Group British Embassy in Warsaw
Safety by trust: British model of cyber security David Wallace, First Secretary, Head of of the Policy Delivery Group British Embassy in Warsaw Strategy Structure Campaign Partnerships Strategy The UK
More informationIBM Hosted Application Scanning
IBM Hosted Application Scanning Service Definition IBM Hosted Application Scanning 1 1. Summary 1.1 Service Description IBM Hosted Application Security Services Production Application Scanning Service
More informationI.T. Security Specialists. Cyber Security Solutions and Services. Caretower Corporate Brochure 2015 1
I.T. Security Specialists Cyber Security Solutions and Services Caretower Corporate Brochure 2015 1 about us As an independent IT security specialist, with over 17 years experience, we provide tailored
More informationIRAP Policy and Procedures up to date as of 16 September 2014.
Australian Signals Directorate Cyber and Information Security Division Information Security Registered Assessors Program Policy and Procedures 09/2014 IRAP Policy and Procedures 09/2014 1 IRAP Policy and
More informationDCA metrics for the approval of Auditing Firms for Certifications Scheme VERSION 1.0
DCA metrics for the approval of Auditing Firms for Certifications Scheme VERSION 1.0 2013, Data Centre Alliance Limited (www.datacentrealliance.org). All rights reserved. This publication may not be reproduced
More informationWHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY?
WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY? Contents Introduction.... 3 What Types of Network Security Services are Available?... 4 Penetration Testing and Vulnerability Assessment... 4 Cyber
More informationFebruary 2015 Issue No: 5.2. CESG Certification for IA Professionals
February 2015 Issue No: 5.2 CESG Certification for IA Professionals Issue No: 5.2 February 2015 The copyright of this document is reserved and vested in the Crown. This document may not be reproduced or
More informationInformation Security Management System (ISMS) Policy
Information Security Management System (ISMS) Policy April 2015 Version 1.0 Version History Version Date Detail Author 0.1 18/02/2015 First draft Andy Turton 0.2 20/02/2015 Updated following feedback from
More informationNSW Government Digital Information Security Policy
NSW Government Digital Information Security Policy Version: 1.0 Date: November 2012 CONTENTS PART 1 PRELIMINARY... 3 1.1 Scope... 3 1.2 Application... 3 1.3 Objectives... 3 PART 2 CORE REQUIREMENTS...
More informationCyber Security Consultancy Standard. Version 0.2 Crown Copyright 2015 All Rights Reserved. Page 1 of 13
Cyber Security Consultancy Standard Version 0.2 Crown Copyright 2015 All Rights Reserved Page 1 of 13 Contents 1. Overview... 3 2. Assessment approach... 4 3. Requirements... 5 3.1 Service description...
More informationSecurity Consultants / Security Managed Services
Security Consultants / Security Managed Services Service Definition Document for G-Cloudv7 Services October 2015 Table of Contents Service Overview...3 Our Approach... 3 Features... 3 Benefits... 4 ON-BOARDING
More informationA Question of Balance
A Question of Balance Independent Assurance of Information Governance Returns Audit Requirement Sheets Contents Scope 4 How to use the audit requirement sheets 4 Evidence 5 Sources of assurance 5 What
More informationAddressing Cyber Risk Building robust cyber governance
Addressing Cyber Risk Building robust cyber governance Mike Maddison Partner Head of Cyber Risk Services The future of security The business environment is changing The IT environment is changing The cyber
More informationConsultants Alliance LLC. Professional Development Programs
Consultants Alliance LLC Professional Development Programs About CA: Consultants Alliance (CA) is a local organization dedicated to promote the culture of Service Excellence in public and private sectors.
More informationProtective Monitoring as a Service. Lot 4 - Specialist Cloud Services. Version: 2.1, Issue Date: 05/02/201405/02/2014. Classification: Open
Protective Monitoring as a Service Version: 2.1, Issue Date: 05/02/201405/02/2014 Classification: Open Classification: Open ii MDS Technologies Ltd 201416/12/2014. Other than for the sole purpose of evaluating
More informationDeloitte Service Code: D-G6-L4-543 December 2014
Managed Cyber Security Cyber Intelligence Centre Deloitte LLP Service Deloitte Service Code: D-G6-L4-543 December 2014 Contents 1 Service Overview 1 2 Detailed Service Definition 2 3 Pricing 6 4 Ordering
More informationediscovery G-Cloud V Service Definition Lot 4 SCS Contact us: Danielle Pratt Tel: 0207 444 4080 Email: G-Cloud@esynergy-solutions.co.
ediscovery G-Cloud V Service Definition Lot 4 SCS Tender Validity Period: 120 days from 10/04/14 Contact us: Danielle Pratt Email: G-Cloud@esynergy-solutions.co.uk Contents About... 1 Specialist Cloud
More informationProtective Monitoring as a Service. Lot 4 - Specialist Cloud Services. Version: 1.0, Issue Date: 05/02/201405/02/2014. Classification: Open
Protective Monitoring as a Service Version: 1.0, Issue Date: 05/02/201405/02/2014 Classification: Open Classification: Open ii MDS Technologies Ltd 2014. Other than for the sole purpose of evaluating this
More informationCYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility
CYBER SECURITY AND RISK MANAGEMENT An Executive level responsibility Cyberspace poses risks as well as opportunities Cyber security risks are a constantly evolving threat to an organisation s ability to
More informationHealthCare Information Security and Privacy Practitioner (HCISPP) Briefing Paper. Piloted by the Cyber Security Programme
HealthCare Information Security and Privacy Practitioner (HCISPP) Briefing Paper Piloted by the Cyber Security Programme Published August 2015 2 Copyright 2015, Health and Social Care Information Centre.
More informationManagement Systems Consultancy & Support Specialists
Consultancy Management Systems Continual Improvement Outsourcing Auditing Support Data Analysis Training Documentation Services to meet your business requirements specialise in ISO 9001 Quality Management
More informationOverview TECHIS60441. Carry out security testing activities
Overview Information, services and systems can be attacked in various ways. Understanding the technical and social perspectives, how attacks work, the technologies and approaches used are key to being
More informationCyber Security solutions
Cyber Security solutions The scenario IT security has become a highly critical issue for all businesses as a result of the growing pervasiveness and diffusion of ICT technology. Risks can arise both inside
More informationInformation Security ISO Standards. Feb 11, 2015. Glen Bruce Director, Enterprise Risk Security & Privacy
Information Security ISO Standards Feb 11, 2015 Glen Bruce Director, Enterprise Risk Security & Privacy Agenda 1. Introduction Information security risks and requirements 2. Information Security Management
More informationCyber Essentials Scheme. Summary
Cyber Essentials Scheme Summary June 2014 Introduction... 3 Background... 4 Scope... 4 Assurance Framework... 5 Next steps... 6 Questions about the scheme?... 7 2 Introduction The Cyber Essentials scheme
More informationEmbrace the G-Cloud. Ultra Secure Colocation Services for the Public Sector. thebunker.net Phone: 01304 814800 Fax: 01304 814899 info@thebunker.
Embrace the G-Cloud Ultra Secure Colocation Services for the Public Sector 1 Phone: 01304 814800 Fax: 01304 814899 info@ Contents Introduction What is G-Cloud? Types of accreditation: Business Impact Levels
More informationInformation Governance Strategy :
Item 11 Strategy Strategy : Date Issued: Date To Be Reviewed: VOY xx Annually 1 Policy Title: Strategy Supersedes: All previous Strategies 18/12/13: Initial draft Description of Amendments 19/12/13: Update
More informationGPG13 Protective Monitoring. Service Definition
GPG13 Protective Monitoring Service Definition Issue Number V1.3 Document Date 27 November 2014 Author: D.M.Woodcock Classification UNCLASSIFIED Version G-Cloud 6 2014 Copyright Assuria Limited. All rights
More informationPractitioner Certificate in Information Assurance Architecture (PCiIAA)
Practitioner Certificate in Information Assurance Architecture (PCiIAA) 15 th August, 2015 v2.1 Course Introduction 1.1. Overview A Security Architect (SA) is a senior-level enterprise architect role,
More informationA Guide to the Cyber Essentials Scheme
A Guide to the Cyber Essentials Scheme Published by: CREST Tel: 0845 686-5542 Email: admin@crest-approved.org Web: http://www.crest-approved.org/ Principal Author Jane Frankland, Managing Director, Jane
More informationJOB DESCRIPTION. Information Governance Manager
JOB DESCRIPTION POST TITLE: Information Governance Manager DIRECTORATE: ACCOUNTABLE TO: BAND: LOCATION: CSS Head of Information Governance 8a CSS Job Purpose The Information Governance Manager will ensure
More informationInformation Security Management Systems. Chief Operating Officer, Director of Strategy and Business Development, Chief Information Security Officer
Information Security Management Systems Chief Operating Officer, Director of Strategy and Business Development, Chief Information Security Officer atsec information security, 2013 ISO/IEC 27001 and related
More informationSmart Security. Smart Compliance.
Smart Security. Smart Compliance. SRM are dedicated to helping our clients stay safe in the information environment. With a wide range of knowledge and practical experience, our consultants are ready to
More informationPSN Protective Monitoring. Service Definition
PSN Protective Monitoring Service Definition Issue Number V3.0 Document Date 29 September 2015 Author: R.N. Connor Classification UNCLASSIFIED Version G-Cloud 7 2015 Copyright Tenian Limited. All rights
More informationThe new 27000 Family of Standards & ISO/IEC 27001
ISO/IEC 27000 Family of Standards by Dr. Angelika Plate 07-09 June 2011, Beirut, Lebanon June 2011 The new 27000 Family of Standards & ISO/IEC 27001 June 2011 ISO/IEC 27000 Family of Standards 2 The new
More informationESKISP6056.01 Direct security testing
Direct security testing Overview This standard covers the competencies concerning with directing security testing activities. It includes setting the strategy and policies for security testing, and being
More informationInformation Governance Policy
Information Governance Policy Version: 4 Bodies consulted: Caldicott Guardian, IM&T Directors Approved by: MT Date Approved: 27/10/2015 Lead Manager: Governance Manager Responsible Director: SIRO Date
More informationG-Cloud Service Definition. Atos Information Security Wireless Scanning Service
G-Cloud Service Definition Atos Information Security Wireless Scanning Service Keeping your wireless networks secure Atos Information Security Wireless Scanning Service The Atos Wireless Scanning Service
More informationISO27032 Guidelines for Cyber Security
ISO27032 Guidelines for Cyber Security Deloitte Point of View on analysing and implementing the guidelines Deloitte LLP Enterprise Risk Services Security & Resilience Contents Foreword 1 Cyber governance
More informationSpecialist Cloud Services. Acumin Cloud Security Resourcing
Specialist Cloud Services Acumin Cloud Security Resourcing DOCUMENT: FRAMEWORK: STATUS Cloud Security Resourcing Service Definition G-Cloud Released VERSION: 1.0 CLASSIFICATION: CloudStore Acumin Consulting
More informationHow To Help Your Business Succeed
G Cloud III Framework Lot 4 (SCS) CHECK Accredited Penetration Testing Services Contents Executive Summary 3 CHECK Accredited Penetration Testing Services 4 Why Deloitte? 5 Package Cost 7 Contact 9 Service
More informationAUSTRALIAN GOVERNMENT INFORMATION MANAGEMENT OFFICE CYBER SECURITY CAPABILITY FRAMEWORK & MAPPING OF ISM ROLES
AUSTRALIAN GOVERNMENT INFORMATION MANAGEMENT OFFICE CYBER SECURITY CAPABILITY FRAMEWORK & MAPPING OF ISM ROLES Final Report Prepared by Dr Janet Tweedie & Dr Julie West June 2010 Produced for AGIMO by
More information1 P a g e BUSINESS INTELLIGENCE STRATEGIC PLAN & ROADMAP
1 P a g e BUSINESS INTELLIGENCE STRATEGIC PLAN & ROADMAP Paper Issue Name Business Intelligence Strategic Plan & Roadmap DRAFT Issue Number 1.0 Issue Date January 2015 Version 1.0 Authors Approved by Nick
More informationCyber Essentials Scheme
Cyber Essentials Scheme Assurance Framework January 2015 December 2013 Contents Introduction... 3 Change from June 2014 version... 3 Overview... 4 Stage Definitions... 5 Stage 1 Cyber Essentials: verified
More informationGovernance. Information. Bulletin. Welcome to the nineteenth edition of the information governance bulletin
Welcome to the nineteenth edition of the information governance bulletin Our regular bulletin about information governance and the work of the IG transition programme Publication Gateway Reference: 02465
More informationCyber Security - What Would a Breach Really Mean for your Business?
Cyber Security - What Would a Breach Really Mean for your Business? August 2014 v1.0 As the internet has become increasingly important across every aspect of business, the risks posed by breaches to cyber
More informationInformation Governance Strategy Includes Information risk & incident management methodology
Version 2.0 LOGOLOGO Information Governance Strategy Includes Information risk & incident management methodology Approved by: Quality & Governance Committee Ratification date: May 2014 Review date: May
More informationDigital Leaders Survey
Contents 1. Key findings 3 2. Top three management issues 4 3. Top three IT topics or trends 5 4. Additional resources needed to address the issues prioritised 6 5. Skills gaps 7 6. Concerns about future
More informationRecent Researches in Electrical Engineering
The importance of introducing Information Security Management Systems for Service Providers Anel Tanovic*, Asmir Butkovic **, Fahrudin Orucevic***, Nikos Mastorakis**** * Faculty of Electrical Engineering
More informationJOB DESCRIPTION. Principal Duties and Responsibilities
JOB DESCRIPTION Job title: IS Service Desk Trainee Grade: Responsible to: IS Service Desk Team Leader Responsible for: None Liaises with: IS teams, Hanover Group colleagues, third party suppliers Role
More informationANNEX B. Terms of Reference. CTBTO Information Security Management System Support on Call-off Basis
ANNEX B Terms of Reference CTBTO Information Security Management System Support on Call-off Basis Table of Contents Acronyms 3 Introduction 4 Background 4 Objectives and Expected Results 5 Scope of Work
More informationSmart Meters Programme Schedule 2.5. (Security Management Plan) (CSP South version)
Smart Meters Programme Schedule 2.5 (Security Management Plan) (CSP South version) Schedule 2.5 (Security Management Plan) (CSP South version) Amendment History Version Date Author Status v.1 Signature
More informationINTELLIGENCE. RISK MITIGATION. RESPONSE. CONSULTANCY.
INTELLIGENCE. RISK MITIGATION. RESPONSE. CONSULTANCY. 23 Grafton Street London W1S 4EY UK Main Tel: +44 (0) 207 887 2699 ABOUT PGI PGI is a privately owned UK business offering integrated, intelligence-led
More informationSmall businesses: What you need to know about cyber security
Small businesses: What you need to know about cyber security March 2015 Contents page What you need to know about cyber security... 3 Why you need to know about cyber security... 4 Getting the basics right...
More informationPromote security system and service sales
Page 1 of 5 Promote security system and service sales Level 3 Credits 2 Purpose This unit standard is for people who work, or intend to work, as security system or service sales representatives, or in
More informationISO/IEC 20000: 2011 IT Service Management. Tying together all your IT processes Product Guide
ISO/IEC 20000: 2011 IT Service Management Tying together all your IT processes Product Guide What is ISO/IEC 20000 IT Service Management? ISO/IEC 20000 is the first internationally recognized standard
More informationHSCIC Audit of Data Sharing Activities:
Directorate / Programme Data Dissemination Services Project Data Sharing Audits Status Approved Director Terry Hill Version 1.0 Owner Rob Shaw Version issue date 20/04/2016 HSCIC Audit of Data Sharing
More informationThe enemies ashore Vulnerabilities & hackers: A relationship that works
The enemies ashore Vulnerabilities & hackers: A relationship that works Alexandros Charvalias, Manager CISSP, CISA, ACDA Assurance & Enterprise Risk Services Cyber security maturity model How effectively
More informationInternal Audit Progress Report Performance and Overview Committee (19 th August 2015) Cheshire Fire Authority
Internal Audit Progress Report (19 th August 2015) Contents 1. Introduction 2. Key Messages for Committee Attention 3. Work in progress Appendix A: Risk Classification and Assurance Levels Appendix B:
More informationG-Cloud Definition of Services Security Penetration Testing
G-Cloud Definition of Services Security Penetration Testing Commercial in Confidence G-Cloud Services An Overview Inner Security is a leading CREST registered information security services provider. We
More informationISO/IEC 20000 Part 1 the next edition. Lynda Cooper project editor for ISO20000 part 1
ISO/IEC 20000 Part 1 the next edition Lynda Cooper project editor for ISO20000 part 1 Agenda The ISO20000 series Why has it changed Changes ITIL3 impact New requirements Changed requirements How to prepare
More informationWhy compromise on the quality of your cyber security training? How APMG, CESG and QA accreditations ensure the highest possible training standards
Why compromise on the quality of your cyber security training? How APMG, CESG and QA accreditations ensure the highest possible training standards Cyber Security CESG Certified Training // 2 Contents 3
More informationCESG CIR SCHEME AND CREST CSIR SCHEME FREQUENTLY ASKED QUESTIONS
CESG CIR SCHEME AND CREST CSIR SCHEME FREQUENTLY ASKED QUESTIONS QUESTION General What is the Cyber Security Incident Response (CSIR) Scheme? What is the Cyber Incident Response (CIR) scheme? Why have
More informationJOB DESCRIPTION. Contract Management and Business Intelligence
JOB DESCRIPTION DIRECTORATE: DEPARTMENT: JOB TITLE: Contract Management and Business Intelligence Business Intelligence Business Insight Manager BAND: 7 BASE: REPORTS TO: Various Business Intelligence
More informationNeed to protect your information? Take action with BSI s ISO/IEC 27001.
Need to protect your information? Take action with BSI s ISO/IEC 27001. Put sensitive customer and company information in the safe hands of ISO/IEC 27001. You simply can t be too careful when it comes
More informationInformation Governance Strategy and Policy. OFFICIAL Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2.
Information Governance Strategy and Policy Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2.0 Status: Final Revision and Signoff Sheet Change Record Date Author Version Comments
More informationProtecting your business interests through intelligent IT security services, consultancy and training
Protecting your business interests through intelligent IT security services, consultancy and training The openness and connectivity of the digital economy today provides huge opportunities but also creates
More informationCBEST FAQ February 2015
CBEST Frequently Asked Questions: February 2015 At this time, the UK Financial Authorities have only made CBEST available to firms and FMIs which they consider to be core to the UK financial system. Those
More informationJOB DESCRIPTION. Organisation Chart. Customer BI Lead. Business Insight Lead. Business Insight Manager
JOB DESCRIPTION DIRECTORATE: DEPARTMENT: JOB TITLE: BAND: BASE: REPORTS TO: IT and Business Intelligence Business Intelligence Business Insight Lead 8a Various Customer BI Lead RESPONSIBLE FOR: Business
More informationSTL Microsoft SharePoint Consulting and Support Services
STL Microsoft SharePoint Consulting and Support Services STL Technologies Equis House Eastern Way Bury St Edmunds Suffolk IP32 7AB Service Description and Pricing Specialist Cloud Services www.stl.co.uk
More informationCompliance Services CONSULTING. Gap Analysis. Internal Audit
Compliance Services Gap Analysis The gap analysis is a fast track assessment to establish understanding on an organization s current capabilities. The purpose of this step is to evaluate the current capabilities
More informationG-Cloud IV Services Service Definition Accenture Cloud Security Services
G-Cloud IV Services Service Definition Accenture Cloud Security Services 1 Table of contents 1. Scope of our services... 3 2. Approach... 3 3. Assets and tools... 4 4. Capabilities... 5 5. Expected Outcomes...
More informationCitrix XenApp Design & Implementation Service
Citrix XenApp Design & Implementation Service G-Cloud 7 November 2015 Citrix XenApp Design and Implementation Service Service Overview RealServe IT s XenApp Design and Implementation Service aims to analyse
More information