ISO Information Security Management Services (Lot 4)

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "ISO 27001 Information Security Management Services (Lot 4)"

Transcription

1 ISO Information Security Management Services (Lot 4)

2 CONTENTS 1. WHY LEICESTERSHIRE HEALTH INFORMATICS SERVICE? LHIS TECHNICAL ASSURANCE SERVICES SERVICE OVERVIEW EXPERIENCE PRE ISO OUR PEOPLE ORDERING AND INVOICING PROCESS FURTHER INFORMATION... 8 Author: Colin Swift Product Manager Prepared for: The Health Informatics Service is provided by Leicestershire Partnership NHS Trust on behalf of the Leicester, Leicestershire and Rutland Health Community Page 2 of 9

3 1. Why Leicestershire Health Informatics Service? Leicestershire Health Informatics Service (LHIS) is hosted by the Leicestershire Partnership NHS Trust. The Trust serves a population of one million people across Leicester, Leicestershire and Rutland and has a budget in excess of 250 million and employs over 5,000 staff in a wide variety of roles. This hosting arrangement provides LHIS with a sound financial and organisation platform from which to operate along sound business practices. LHIS provides a vast range of IT products, services and solutions to its clients. LHIS delivers these solutions nationwide to all sectors of the Healthcare market and beyond including primary care NHS Trusts, Clinical Commissioning Groups (CCG s), Commissioning Support Units (CSU), care homes, hospices and General Practices, Acute Hospital Trusts, arm s length bodies and Any Qualified Providers (AQP s). LHIS has approximately 130 highly qualified IT staff including dedicated teams of project managers, change managers, web developers, application developers, content editors, I.T trainers, service desk analysts, business intelligence and data warehousing staff, network engineers, desktop and enterprise support. As an NHS organisation LHIS has extensive experience of NHS standards, clinical systems security, NHS procedures, information governance and risk management. LHIS has passed its Health Informatics Standards Accreditation (HISA); this has been developed by the HSCIC to allow commissioners of IM&T services within the NHS to build this as a quality standard that they should look for when considering future supply. The LHIS client base has grown through word of mouth recommendations based on LHIS s excellent track record of service and delivery to include non NHS public sector organisations such as Councils, Charities, Schools and Colleges. 2. LHIS Technical Assurance Services LHIS Technical Assurance Services works with a wide range of public and private sector bodies including: Arm s Length Bodies Acute, Mental Health and Community NHS Trusts Blue light services Central Government e.g. The Cabinet Office Clinical Commissioning Groups (CCG s) Commissioning Support Units (CSU s) District and Borough Councils General Practices (GPs) Hospices and other 3 rd Sector organisations Universities, Schools & Academy chains LHIS is accredited under the Cyber Essentials and IASME schemes and is currently working towards CREST membership with a view to being members shortly after the framework commences. Page 3 of 9

4 3. Service overview LHIS ISO services enable organisations to comply with and if required gain ISO27001 certification. The standard has many benefits for organisations moving to Cloud based services or with Cloud services implemented. The controls contained within ISO address data availability, confidentiality, integrity and privacy all areas that need to be addressed with Cloud based services. The development of Risk Management allows the organisation to understand the level of risk to ensure the risk is consummate with the organisational tolerances. LHIS is used to working closely with public sector customers and colleagues to provide contextually appropriate advice and guidance. Our Technical Assurance Services routinely work on-site at customer locations and have regular contact with customers via phone and . In terms of onsite working and support LHIS is based in Leicester which is centrally located to provide support at any UK office location. 4. Experience LHIS has supported large public sector organisations with ISO accreditation. This includes some of the biggest and busiest NHS trusts and public sector organisations in the country. A recent example employs more than 12,000 staff providing a range of services primarily for over one million residents of Leicester, Leicestershire and Rutland. LHIS was selected by the outsourced ICT service provider to provide services to the organisation with its ISO accreditation. This support has been so successful that LHIS has been asked to increase the scope of its support to cover the full ISO framework. On a smaller scale LHIS also has experience of: Development of Information Security Management Systems (ISMS)* Feedback and validation on project deliverables to ensure they align with ISO On-site mini assignments and attendance at meetings as required Providing internal mock audits prior to certification The provision of advice based on previous successful ISO certification assignments Responding to ad-hoc and telephone requests to provide guidance and advice *ISMS are a systematic approach to managing sensitive company information so that it remains secure. It includes people, processes and IT systems by applying a risk management process. It can help small, medium and large businesses in any sector keep information assets secure. Page 4 of 9

5 Scope of the service Gap analysis This involves assessing current practice and identifying the gaps and areas of weakness that require attention in order to achieve ISO27001 compliance / certification. Risk assessment for ISO starts with identifying all the information assets within the environment to be certified. Each asset is assessed to determine the worst case impact of a loss of confidentiality. This prioritises the assets to focus the next step of the risk assessment. Risk assessment Threats and vulnerabilities associated with the assets are then identified and documented. The prioritisation form the previous step provides both an order to address the risks in and also provides a measure of the impact of each threat or vulnerability. The probability each threats or vulnerabilities materialising is then established to provide an overall risk score (impact and probability combined). Risk mitigation Once risk assessment is complete risks that are above the organisational tolerances level are then reviewed to establish controls to mitigate the possibility of a risk materialising as an issue. Policy development Organisation policies are a crucial tool for protecting data and systems. LHIS offers a review and development service. This typically includes the following stages: Thorough review of current policies and procedures Identification of gaps or weaknesses. Documentation of remedial action to align with best practice. Reporting of the review process. Staff awareness training LHIS is able to offer staff training to increase organisational understanding and awareness of the ISO standard. The workshops can be tailored to the audience and typically might cover the following areas: Best Practice. Regulations and Legalities. Page 5 of 9

6 Management of Incidents. Risks assessment and management. Security trends. Case studies. Management responsibility. Management briefings Similar to the staff training but aimed at different audience. This service offers briefings at a senior or executive level to provide an outline of the ISO standard and its associated benefits to an organisation. Statement of Applicability SOA Also known as an SOA the statement of applicability is a document which identifies the controls chosen for an environment. The document the goes on to explain how and why they are appropriate. Derived from the risk assessment and mitigation plans. The SOA relates back to the original risks to demonstrate that mitigations are in place to facilitate ISO compliance. LHIS is able to assist in the selection of controls. Routine internal audits of key controls As part of ISO27001 accreditation, there is a requirement to conduct routine internal audits of the key controls. Many organisations have a phased programme of audits over two/three years that cover all controls. LHIS can provide this service as a discrete entity in support of an organisation that has already acquired the accreditation. LHIS performs a ISO mock audit which provides the following benefits: Pre-certification audits to ISO27001 Provides a chance to establish any areas of weakness prior to the full audit. Allows the organisation to understand the audit processes for real. Ensure staff understand what is required in terms of documentation and evidence to support auditing. Page 6 of 9

7 5. Pre ISO LHIS has passed its Cyber essentials and IASME certification which is aimed at SME s. The Cyber Essentials scheme has been set up by the UK Government to help any organisation attain a level of security that should reduce the risk of a malicious attack from the internet. Whilst IASME is essentially a subset or bite sized version of the ISO/IEC standard aimed primarily at SMEs. These certifications are effective first steps towards demonstrating organisational cyber security and can form part of the journey to ISO/IEC certification. LHIS is working towards becoming qualified assessors for both schemes which will mean that LHIS will be authorised to carry out Cyber Essentials and IASME assessments nationwide to support SME customer organisations with their Security and Information Assurance Frameworks. 6. Our people Our ICT Security personnel have a range of qualifications including: ISO Lead Auditor Certified Forensic Investigation Analyst - Distinction NHS Local Security Management Specialist ISEB Information Security Management Distinction EC-Council Computer Hacking Forensic Investigator Prince 2 Foundation Tiger Scheme Qualified Security Team Certified Information Systems Auditor EC-Council Certified Ethical Hacker Microsoft Certified Professional Page 7 of 9

8 Certified Security Testing Professional Degrees in Computer Science Many are also members of professional bodies such as The British Computer Society (BCS). 7. Ordering and invoicing process Call us on option 7 LHIS will provide assistance with completing the G-Cloud call-off contract, which will include an order form. 8. Further Information If you have any queries, questions, wish to request further information please contact (quoting G-Cloud V enquiry ) as follows option 7 More LHIS information can also be found at: Page 8 of 9

9 Page 9 of 9

RAPTER Rapid Automated Pen TestER for web applications (Lot 4)

RAPTER Rapid Automated Pen TestER for web applications (Lot 4) RAPTER Rapid Automated Pen TestER for web applications (Lot 4) CONTENTS 1. WHY LEICESTERSHIRE HEALTH INFORMATICS SERVICE?... 3 2. LHIS TECHNICAL ASSURANCE SERVICES... 3 3. SERVICE OVERVIEW... 4 4. OUR

More information

Vulnerability/Penetration (PEN) Testing (Lot 4) Service: 5.G5.1414.003

Vulnerability/Penetration (PEN) Testing (Lot 4) Service: 5.G5.1414.003 Vulnerability/Penetration (PEN) Testing (Lot 4) Service: 5.G5.1414.003 CONTENTS 1. WHY LEICESTERSHIRE HEALTH INFORMATICS SERVICE?... 3 2. SERVICE OVERVIEW... 3 3. OUR PEOPLE... 6 4. ORDERING AND INVOICING

More information

Enterprise Cloud Infrastructure Support Services (Lot 4) Service: 5.G5.1414.038

Enterprise Cloud Infrastructure Support Services (Lot 4) Service: 5.G5.1414.038 Enterprise Cloud Infrastructure Support Services (Lot 4) Service: 5.G5.1414.038 CONTENTS 1. WHY LEICESTERSHIRE HEALTH INFORMATICS SERVICE?... 3 2. SERVICE OVERVIEW... 3 3. ON-BOARDING... 5 4. OFF-BOARDING

More information

Data Warehousing, Systems Integration and Data Migrations (Lot 3)

Data Warehousing, Systems Integration and Data Migrations (Lot 3) Data Warehousing, Systems Integration and Data Migrations (Lot 3) CONTENTS 1. WHY LEICESTERSHIRE HEALTH INFORMATICS SERVICE?... 2 2. SERVICE OVERVIEW... 3 3. SERVICE FEATURES... 4 4. ON-BOARDING AND SERVICE

More information

Service Desk Triage for Cloud Support (Lot 4) Service: 5.G5.1414.001

Service Desk Triage for Cloud Support (Lot 4) Service: 5.G5.1414.001 Service Desk Triage for Cloud Support (Lot 4) Service: 5.G5.1414.001 CONTENTS 1. WHY LEICESTERSHIRE HEALTH INFORMATICS SERVICE?... 3 2. SERVICE OVERVIEW... 3 3. ON-BOARDING... 8 4. OFF-BOARDING SERVICES/TERMINATION...

More information

Health Informatics Service Accreditation Manual. Assessment Process. May 2013, Version 1

Health Informatics Service Accreditation Manual. Assessment Process. May 2013, Version 1 Health Informatics Service Accreditation Manual Assessment Process May 2013, Version 1 Contents 1. Contacts... 2 2. Introduction... 3 3. Assessment principles... 6 4. Assessment outcome... 7 5. Planning

More information

DIGITAL FORENSICS AND CYBER INCIDENT RESPONSE SERVICES

DIGITAL FORENSICS AND CYBER INCIDENT RESPONSE SERVICES G Cloud IV Framework Lot 4 DIGITAL FORENSICS AND CYBER INCIDENT RESPONSE SERVICES Service Description - ANSEC IA Limited CONTENTS 1 Company Profile. 2 The ANSEC Effect 3 Qualifications 4 Service Description..

More information

Digital Forensics G-Cloud Service Definition

Digital Forensics G-Cloud Service Definition Digital Forensics G-Cloud Service Definition 2013 General Dynamics Information Technology Limited. All rights 1 GDIT Team Clients Metropolitan Police Service The General Dynamics Information Technology

More information

Procuring Penetration Testing Services

Procuring Penetration Testing Services Procuring Penetration Testing Services Introduction Organisations like yours have the evolving task of securing complex IT environments whilst delivering their business and brand objectives. The threat

More information

Information Governance Framework and Strategy. November 2014

Information Governance Framework and Strategy. November 2014 November 2014 Authorship : Committee Approved : Chris Wallace Information Governance Manager CCG Senior Management Team and Joint Trade Union Partnership Forum Approved Date : November 2014 Review Date

More information

ESKISP6054.01 Conduct security testing, under supervision

ESKISP6054.01 Conduct security testing, under supervision Overview This standard covers the competencies required to conduct security testing under supervision. In order to contribute to the determination of the level of resilience of an information system to

More information

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft Cyber Security and Privacy Services Working in partnership with you to protect your organisation from cyber security threats and data theft 2 Cyber Security and Privacy Services What drives your security

More information

Cyber Essentials Scheme. Protect your business from cyber threats and gain valuable certification

Cyber Essentials Scheme. Protect your business from cyber threats and gain valuable certification Cyber Essentials Scheme Protect your business from cyber threats and gain valuable certification Why you need it Cybercrime appears in the news on an almost daily basis - but it s not just the large and

More information

ESKISP6055.01 Manage security testing

ESKISP6055.01 Manage security testing Overview This standard covers the competencies concerning with managing security testing activities. Including managing resources activities and deliverables. This includes planning, conducting and reporting

More information

Procurement Policy Note Use of Cyber Essentials Scheme certification

Procurement Policy Note Use of Cyber Essentials Scheme certification Procurement Policy Note Use of Cyber Essentials Scheme certification Action Note 09/14 25 September 2014 Issue 1. Government is taking steps to further reduce the levels of cyber security risk in its supply

More information

Information Governance Framework

Information Governance Framework Information Governance Framework Authorship: Chris Wallace, Information Governance Manager Committee Approved: Integrated Audit and Governance Committee Approved date: 11th March 2014 Review Date: March

More information

How small and medium-sized enterprises can formulate an information security management system

How small and medium-sized enterprises can formulate an information security management system How small and medium-sized enterprises can formulate an information security management system Royal Holloway Information Security Thesis Series Information security for SMEs Vadim Gordas, MSc (RHUL) and

More information

NSW Government Digital Information Security Policy

NSW Government Digital Information Security Policy NSW Government Digital Information Security Policy Version: 2.0 Date: April 2015 CONTENTS PART 1 PRELIMINARY... 3 1.1 Scope... 3 1.2 Application... 3 1.3 Objectives... 3 PART 2 POLICY STATEMENT... 4 Core

More information

Application Guidance CCP Penetration Tester Role, Practitioner Level

Application Guidance CCP Penetration Tester Role, Practitioner Level August 2014 Issue No: 1.0 Application Guidance CCP Penetration Tester Role, Practitioner Level Application Guidance CCP Penetration Tester Role, Practitioner Level Issue No: 1.0 August 2014 This document

More information

Preparing yourself for ISO/IEC 27001 2013

Preparing yourself for ISO/IEC 27001 2013 Preparing yourself for ISO/IEC 27001 2013 2013 a Vintage Year for Security Prof. Edward (Ted) Humphreys (edwardj7@msn.com) [Chair of the ISO/IEC and UK BSI Group responsible for the family of ISMS standards,

More information

April 2015 Issue No:1.0. Application Guidance - CCP Security and Information Risk Advisor Role, Practitioner Level

April 2015 Issue No:1.0. Application Guidance - CCP Security and Information Risk Advisor Role, Practitioner Level April 2015 Issue No:1.0 Application Guidance - CCP Security and Information Risk Advisor Role, Practitioner Level Application Guidance CCP Security and Information Risk Advisor Role, Practitioner Level

More information

Cyber security. Cyber Security. Digital Employee Experience. Digital Customer Experience. Digital Insight. Payments. Internet of Things

Cyber security. Cyber Security. Digital Employee Experience. Digital Customer Experience. Digital Insight. Payments. Internet of Things Cyber security Digital Customer Experience Digital Employee Experience Digital Insight Internet of Things Payments IP Solutions Cyber Security Cloud 2015 CGI IT UK Ltd Contents... Securing organisations

More information

IT Professional Standards. Information Security Discipline. Sub-discipline 605 Information Security Testing and Information Assurance Methodologies

IT Professional Standards. Information Security Discipline. Sub-discipline 605 Information Security Testing and Information Assurance Methodologies IT Professional Standards Information Security Discipline Sub-discipline 605 Information Security Testing and Information Assurance Methodologies December 2012 Draft Version 0.6 DOCUMENT REVIEW Document

More information

Procedures. Issue Date: June 2014 Version Number: 2.0. Document Number: POL_1009. Status: Approved Next Review Date: April 2017 Page 1 of 17

Procedures. Issue Date: June 2014 Version Number: 2.0. Document Number: POL_1009. Status: Approved Next Review Date: April 2017 Page 1 of 17 Proforma: Information Policy Security & Corporate Policy Procedures Status: Approved Next Review Date: April 2017 Page 1 of 17 Issue Date: June 2014 Prepared by: Information Governance Senior Manager Status:

More information

CYBER SECURITY TRAINING SAFE AND SECURE

CYBER SECURITY TRAINING SAFE AND SECURE CYBER SECURITY TRAINING KEEPING YOU SAFE AND SECURE Experts in Cyber Security training. Hardly a day goes by without a cyber attack being reported. With this ever-increasing threat there is a growing need

More information

Safety by trust: British model of cyber security. David Wallace, First Secretary, Head of of the Policy Delivery Group British Embassy in Warsaw

Safety by trust: British model of cyber security. David Wallace, First Secretary, Head of of the Policy Delivery Group British Embassy in Warsaw Safety by trust: British model of cyber security David Wallace, First Secretary, Head of of the Policy Delivery Group British Embassy in Warsaw Strategy Structure Campaign Partnerships Strategy The UK

More information

G Cloud III Framework Lot 4 (SCS) Project Management

G Cloud III Framework Lot 4 (SCS) Project Management G Cloud III Framework Lot 4 (SCS) Project Management Contents Executive Summary 3 Project Management 4 Why Deloitte? 6 SFIA Rate Card 7 Contact 8 Service Definition (a) to (p) 9 Executive Summary PROJECT

More information

IRAP Policy and Procedures up to date as of 16 September 2014.

IRAP Policy and Procedures up to date as of 16 September 2014. Australian Signals Directorate Cyber and Information Security Division Information Security Registered Assessors Program Policy and Procedures 09/2014 IRAP Policy and Procedures 09/2014 1 IRAP Policy and

More information

Service Definition Document

Service Definition Document Service Definition Document QinetiQ Secure Cloud Protective Monitoring Service (AWARE) QinetiQ Secure Cloud Protective Monitoring Service (DETER) Secure Multi-Tenant Protective Monitoring Service (AWARE)

More information

IBM Hosted Application Scanning

IBM Hosted Application Scanning IBM Hosted Application Scanning Service Definition IBM Hosted Application Scanning 1 1. Summary 1.1 Service Description IBM Hosted Application Security Services Production Application Scanning Service

More information

Security Consultants / Security Managed Services

Security Consultants / Security Managed Services Security Consultants / Security Managed Services Service Definition Document for G-Cloudv7 Services October 2015 Table of Contents Service Overview...3 Our Approach... 3 Features... 3 Benefits... 4 ON-BOARDING

More information

NSW Government Digital Information Security Policy

NSW Government Digital Information Security Policy NSW Government Digital Information Security Policy Version: 1.0 Date: November 2012 CONTENTS PART 1 PRELIMINARY... 3 1.1 Scope... 3 1.2 Application... 3 1.3 Objectives... 3 PART 2 CORE REQUIREMENTS...

More information

Overview TECHIS60441. Carry out security testing activities

Overview TECHIS60441. Carry out security testing activities Overview Information, services and systems can be attacked in various ways. Understanding the technical and social perspectives, how attacks work, the technologies and approaches used are key to being

More information

Information Security Management System (ISMS) Policy

Information Security Management System (ISMS) Policy Information Security Management System (ISMS) Policy April 2015 Version 1.0 Version History Version Date Detail Author 0.1 18/02/2015 First draft Andy Turton 0.2 20/02/2015 Updated following feedback from

More information

Cyber Security Consultancy Standard. Version 0.2 Crown Copyright 2015 All Rights Reserved. Page 1 of 13

Cyber Security Consultancy Standard. Version 0.2 Crown Copyright 2015 All Rights Reserved. Page 1 of 13 Cyber Security Consultancy Standard Version 0.2 Crown Copyright 2015 All Rights Reserved Page 1 of 13 Contents 1. Overview... 3 2. Assessment approach... 4 3. Requirements... 5 3.1 Service description...

More information

I.T. Security Specialists. Cyber Security Solutions and Services. Caretower Corporate Brochure 2015 1

I.T. Security Specialists. Cyber Security Solutions and Services. Caretower Corporate Brochure 2015 1 I.T. Security Specialists Cyber Security Solutions and Services Caretower Corporate Brochure 2015 1 about us As an independent IT security specialist, with over 17 years experience, we provide tailored

More information

February 2015 Issue No: 5.2. CESG Certification for IA Professionals

February 2015 Issue No: 5.2. CESG Certification for IA Professionals February 2015 Issue No: 5.2 CESG Certification for IA Professionals Issue No: 5.2 February 2015 The copyright of this document is reserved and vested in the Crown. This document may not be reproduced or

More information

Addressing Cyber Risk Building robust cyber governance

Addressing Cyber Risk Building robust cyber governance Addressing Cyber Risk Building robust cyber governance Mike Maddison Partner Head of Cyber Risk Services The future of security The business environment is changing The IT environment is changing The cyber

More information

DCA metrics for the approval of Auditing Firms for Certifications Scheme VERSION 1.0

DCA metrics for the approval of Auditing Firms for Certifications Scheme VERSION 1.0 DCA metrics for the approval of Auditing Firms for Certifications Scheme VERSION 1.0 2013, Data Centre Alliance Limited (www.datacentrealliance.org). All rights reserved. This publication may not be reproduced

More information

Protective Monitoring as a Service. Lot 4 - Specialist Cloud Services. Version: 2.1, Issue Date: 05/02/201405/02/2014. Classification: Open

Protective Monitoring as a Service. Lot 4 - Specialist Cloud Services. Version: 2.1, Issue Date: 05/02/201405/02/2014. Classification: Open Protective Monitoring as a Service Version: 2.1, Issue Date: 05/02/201405/02/2014 Classification: Open Classification: Open ii MDS Technologies Ltd 201416/12/2014. Other than for the sole purpose of evaluating

More information

Protective Monitoring as a Service. Lot 4 - Specialist Cloud Services. Version: 1.0, Issue Date: 05/02/201405/02/2014. Classification: Open

Protective Monitoring as a Service. Lot 4 - Specialist Cloud Services. Version: 1.0, Issue Date: 05/02/201405/02/2014. Classification: Open Protective Monitoring as a Service Version: 1.0, Issue Date: 05/02/201405/02/2014 Classification: Open Classification: Open ii MDS Technologies Ltd 2014. Other than for the sole purpose of evaluating this

More information

ESKISP6056.01 Direct security testing

ESKISP6056.01 Direct security testing Direct security testing Overview This standard covers the competencies concerning with directing security testing activities. It includes setting the strategy and policies for security testing, and being

More information

WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY?

WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY? WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY? Contents Introduction.... 3 What Types of Network Security Services are Available?... 4 Penetration Testing and Vulnerability Assessment... 4 Cyber

More information

GPG13 Protective Monitoring. Service Definition

GPG13 Protective Monitoring. Service Definition GPG13 Protective Monitoring Service Definition Issue Number V1.3 Document Date 27 November 2014 Author: D.M.Woodcock Classification UNCLASSIFIED Version G-Cloud 6 2014 Copyright Assuria Limited. All rights

More information

Deloitte Service Code: D-G6-L4-543 December 2014

Deloitte Service Code: D-G6-L4-543 December 2014 Managed Cyber Security Cyber Intelligence Centre Deloitte LLP Service Deloitte Service Code: D-G6-L4-543 December 2014 Contents 1 Service Overview 1 2 Detailed Service Definition 2 3 Pricing 6 4 Ordering

More information

Cyber Essentials Scheme. Summary

Cyber Essentials Scheme. Summary Cyber Essentials Scheme Summary June 2014 Introduction... 3 Background... 4 Scope... 4 Assurance Framework... 5 Next steps... 6 Questions about the scheme?... 7 2 Introduction The Cyber Essentials scheme

More information

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility CYBER SECURITY AND RISK MANAGEMENT An Executive level responsibility Cyberspace poses risks as well as opportunities Cyber security risks are a constantly evolving threat to an organisation s ability to

More information

Embrace the G-Cloud. Ultra Secure Colocation Services for the Public Sector. thebunker.net Phone: 01304 814800 Fax: 01304 814899 info@thebunker.

Embrace the G-Cloud. Ultra Secure Colocation Services for the Public Sector. thebunker.net Phone: 01304 814800 Fax: 01304 814899 info@thebunker. Embrace the G-Cloud Ultra Secure Colocation Services for the Public Sector 1 Phone: 01304 814800 Fax: 01304 814899 info@ Contents Introduction What is G-Cloud? Types of accreditation: Business Impact Levels

More information

Practitioner Certificate in Information Assurance Architecture (PCiIAA)

Practitioner Certificate in Information Assurance Architecture (PCiIAA) Practitioner Certificate in Information Assurance Architecture (PCiIAA) 15 th August, 2015 v2.1 Course Introduction 1.1. Overview A Security Architect (SA) is a senior-level enterprise architect role,

More information

PSN Protective Monitoring. Service Definition

PSN Protective Monitoring. Service Definition PSN Protective Monitoring Service Definition Issue Number V3.0 Document Date 29 September 2015 Author: R.N. Connor Classification UNCLASSIFIED Version G-Cloud 7 2015 Copyright Tenian Limited. All rights

More information

Information Governance Strategy :

Information Governance Strategy : Item 11 Strategy Strategy : Date Issued: Date To Be Reviewed: VOY xx Annually 1 Policy Title: Strategy Supersedes: All previous Strategies 18/12/13: Initial draft Description of Amendments 19/12/13: Update

More information

Smart Meters Programme Schedule 2.5. (Security Management Plan) (CSP South version)

Smart Meters Programme Schedule 2.5. (Security Management Plan) (CSP South version) Smart Meters Programme Schedule 2.5 (Security Management Plan) (CSP South version) Schedule 2.5 (Security Management Plan) (CSP South version) Amendment History Version Date Author Status v.1 Signature

More information

A Guide to the Cyber Essentials Scheme

A Guide to the Cyber Essentials Scheme A Guide to the Cyber Essentials Scheme Published by: CREST Tel: 0845 686-5542 Email: admin@crest-approved.org Web: http://www.crest-approved.org/ Principal Author Jane Frankland, Managing Director, Jane

More information

Cyber Essentials Scheme

Cyber Essentials Scheme Cyber Essentials Scheme Assurance Framework January 2015 December 2013 Contents Introduction... 3 Change from June 2014 version... 3 Overview... 4 Stage Definitions... 5 Stage 1 Cyber Essentials: verified

More information

Promote security system and service sales

Promote security system and service sales Page 1 of 5 Promote security system and service sales Level 3 Credits 2 Purpose This unit standard is for people who work, or intend to work, as security system or service sales representatives, or in

More information

A Question of Balance

A Question of Balance A Question of Balance Independent Assurance of Information Governance Returns Audit Requirement Sheets Contents Scope 4 How to use the audit requirement sheets 4 Evidence 5 Sources of assurance 5 What

More information

Smart Security. Smart Compliance.

Smart Security. Smart Compliance. Smart Security. Smart Compliance. SRM are dedicated to helping our clients stay safe in the information environment. With a wide range of knowledge and practical experience, our consultants are ready to

More information

Specialist Cloud Services. Acumin Cloud Security Resourcing

Specialist Cloud Services. Acumin Cloud Security Resourcing Specialist Cloud Services Acumin Cloud Security Resourcing DOCUMENT: FRAMEWORK: STATUS Cloud Security Resourcing Service Definition G-Cloud Released VERSION: 1.0 CLASSIFICATION: CloudStore Acumin Consulting

More information

JOB DESCRIPTION. Information Governance Manager

JOB DESCRIPTION. Information Governance Manager JOB DESCRIPTION POST TITLE: Information Governance Manager DIRECTORATE: ACCOUNTABLE TO: BAND: LOCATION: CSS Head of Information Governance 8a CSS Job Purpose The Information Governance Manager will ensure

More information

ISO27032 Guidelines for Cyber Security

ISO27032 Guidelines for Cyber Security ISO27032 Guidelines for Cyber Security Deloitte Point of View on analysing and implementing the guidelines Deloitte LLP Enterprise Risk Services Security & Resilience Contents Foreword 1 Cyber governance

More information

ediscovery G-Cloud V Service Definition Lot 4 SCS Contact us: Danielle Pratt Tel: 0207 444 4080 Email: G-Cloud@esynergy-solutions.co.

ediscovery G-Cloud V Service Definition Lot 4 SCS Contact us: Danielle Pratt Tel: 0207 444 4080 Email: G-Cloud@esynergy-solutions.co. ediscovery G-Cloud V Service Definition Lot 4 SCS Tender Validity Period: 120 days from 10/04/14 Contact us: Danielle Pratt Email: G-Cloud@esynergy-solutions.co.uk Contents About... 1 Specialist Cloud

More information

Cyber Security - What Would a Breach Really Mean for your Business?

Cyber Security - What Would a Breach Really Mean for your Business? Cyber Security - What Would a Breach Really Mean for your Business? August 2014 v1.0 As the internet has become increasingly important across every aspect of business, the risks posed by breaches to cyber

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Version: 4 Bodies consulted: Caldicott Guardian, IM&T Directors Approved by: MT Date Approved: 27/10/2015 Lead Manager: Governance Manager Responsible Director: SIRO Date

More information

G Cloud III Framework Lot 4 (SCS) CHECK Accredited Penetration Testing Services

G Cloud III Framework Lot 4 (SCS) CHECK Accredited Penetration Testing Services G Cloud III Framework Lot 4 (SCS) CHECK Accredited Penetration Testing Services Contents Executive Summary 3 CHECK Accredited Penetration Testing Services 4 Why Deloitte? 5 Package Cost 7 Contact 9 Service

More information

AUSTRALIAN GOVERNMENT INFORMATION MANAGEMENT OFFICE CYBER SECURITY CAPABILITY FRAMEWORK & MAPPING OF ISM ROLES

AUSTRALIAN GOVERNMENT INFORMATION MANAGEMENT OFFICE CYBER SECURITY CAPABILITY FRAMEWORK & MAPPING OF ISM ROLES AUSTRALIAN GOVERNMENT INFORMATION MANAGEMENT OFFICE CYBER SECURITY CAPABILITY FRAMEWORK & MAPPING OF ISM ROLES Final Report Prepared by Dr Janet Tweedie & Dr Julie West June 2010 Produced for AGIMO by

More information

Management Systems Consultancy & Support Specialists

Management Systems Consultancy & Support Specialists Consultancy Management Systems Continual Improvement Outsourcing Auditing Support Data Analysis Training Documentation Services to meet your business requirements specialise in ISO 9001 Quality Management

More information

Consultants Alliance LLC. Professional Development Programs

Consultants Alliance LLC. Professional Development Programs Consultants Alliance LLC Professional Development Programs About CA: Consultants Alliance (CA) is a local organization dedicated to promote the culture of Service Excellence in public and private sectors.

More information

HealthCare Information Security and Privacy Practitioner (HCISPP) Briefing Paper. Piloted by the Cyber Security Programme

HealthCare Information Security and Privacy Practitioner (HCISPP) Briefing Paper. Piloted by the Cyber Security Programme HealthCare Information Security and Privacy Practitioner (HCISPP) Briefing Paper Piloted by the Cyber Security Programme Published August 2015 2 Copyright 2015, Health and Social Care Information Centre.

More information

Governance. Information. Bulletin. Welcome to the nineteenth edition of the information governance bulletin

Governance. Information. Bulletin. Welcome to the nineteenth edition of the information governance bulletin Welcome to the nineteenth edition of the information governance bulletin Our regular bulletin about information governance and the work of the IG transition programme Publication Gateway Reference: 02465

More information

1 P a g e BUSINESS INTELLIGENCE STRATEGIC PLAN & ROADMAP

1 P a g e BUSINESS INTELLIGENCE STRATEGIC PLAN & ROADMAP 1 P a g e BUSINESS INTELLIGENCE STRATEGIC PLAN & ROADMAP Paper Issue Name Business Intelligence Strategic Plan & Roadmap DRAFT Issue Number 1.0 Issue Date January 2015 Version 1.0 Authors Approved by Nick

More information

Information Governance Strategy Includes Information risk & incident management methodology

Information Governance Strategy Includes Information risk & incident management methodology Version 2.0 LOGOLOGO Information Governance Strategy Includes Information risk & incident management methodology Approved by: Quality & Governance Committee Ratification date: May 2014 Review date: May

More information

INTELLIGENCE. RISK MITIGATION. RESPONSE. CONSULTANCY.

INTELLIGENCE. RISK MITIGATION. RESPONSE. CONSULTANCY. INTELLIGENCE. RISK MITIGATION. RESPONSE. CONSULTANCY. 23 Grafton Street London W1S 4EY UK Main Tel: +44 (0) 207 887 2699 ABOUT PGI PGI is a privately owned UK business offering integrated, intelligence-led

More information

Cyber Security solutions

Cyber Security solutions Cyber Security solutions The scenario IT security has become a highly critical issue for all businesses as a result of the growing pervasiveness and diffusion of ICT technology. Risks can arise both inside

More information

The enemies ashore Vulnerabilities & hackers: A relationship that works

The enemies ashore Vulnerabilities & hackers: A relationship that works The enemies ashore Vulnerabilities & hackers: A relationship that works Alexandros Charvalias, Manager CISSP, CISA, ACDA Assurance & Enterprise Risk Services Cyber security maturity model How effectively

More information

HSCIC Audit of Data Sharing Activities:

HSCIC Audit of Data Sharing Activities: Directorate / Programme Data Dissemination Services Project Data Sharing Audits Status Approved Director Terry Hill Version 1.0 Owner Rob Shaw Version issue date 20/04/2016 HSCIC Audit of Data Sharing

More information

ANNEX B. Terms of Reference. CTBTO Information Security Management System Support on Call-off Basis

ANNEX B. Terms of Reference. CTBTO Information Security Management System Support on Call-off Basis ANNEX B Terms of Reference CTBTO Information Security Management System Support on Call-off Basis Table of Contents Acronyms 3 Introduction 4 Background 4 Objectives and Expected Results 5 Scope of Work

More information

Small businesses: What you need to know about cyber security

Small businesses: What you need to know about cyber security Small businesses: What you need to know about cyber security March 2015 Contents page What you need to know about cyber security... 3 Why you need to know about cyber security... 4 Getting the basics right...

More information

Paul Vlissidis Group Technical Director NCC Group plc paulv@nccgroup.com

Paul Vlissidis Group Technical Director NCC Group plc paulv@nccgroup.com Managing IT Fraud Using Ethical Hacking Paul Vlissidis Group Technical Director NCC Group plc paulv@nccgroup.com Agenda Introductions Context for Ethical Hacking Effective use of ethical hacking in fraud

More information

G-Cloud Definition of Services Security Penetration Testing

G-Cloud Definition of Services Security Penetration Testing G-Cloud Definition of Services Security Penetration Testing Commercial in Confidence G-Cloud Services An Overview Inner Security is a leading CREST registered information security services provider. We

More information

National Approach to Information Assurance 2014-2017

National Approach to Information Assurance 2014-2017 Document Name File Name National Approach to Information Assurance 2014-2017 National Approach to Information Assurance v1.doc Author David Critchley, Dave Jamieson Authorisation PIAB and IMBA Signed version

More information

Information Governance Strategy and Policy. OFFICIAL Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2.

Information Governance Strategy and Policy. OFFICIAL Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2. Information Governance Strategy and Policy Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2.0 Status: Final Revision and Signoff Sheet Change Record Date Author Version Comments

More information

The new 27000 Family of Standards & ISO/IEC 27001

The new 27000 Family of Standards & ISO/IEC 27001 ISO/IEC 27000 Family of Standards by Dr. Angelika Plate 07-09 June 2011, Beirut, Lebanon June 2011 The new 27000 Family of Standards & ISO/IEC 27001 June 2011 ISO/IEC 27000 Family of Standards 2 The new

More information

Information Security Management Systems. Chief Operating Officer, Director of Strategy and Business Development, Chief Information Security Officer

Information Security Management Systems. Chief Operating Officer, Director of Strategy and Business Development, Chief Information Security Officer Information Security Management Systems Chief Operating Officer, Director of Strategy and Business Development, Chief Information Security Officer atsec information security, 2013 ISO/IEC 27001 and related

More information

Internal Audit Progress Report Performance and Overview Committee (19 th August 2015) Cheshire Fire Authority

Internal Audit Progress Report Performance and Overview Committee (19 th August 2015) Cheshire Fire Authority Internal Audit Progress Report (19 th August 2015) Contents 1. Introduction 2. Key Messages for Committee Attention 3. Work in progress Appendix A: Risk Classification and Assurance Levels Appendix B:

More information

Why compromise on the quality of your cyber security training? How APMG, CESG and QA accreditations ensure the highest possible training standards

Why compromise on the quality of your cyber security training? How APMG, CESG and QA accreditations ensure the highest possible training standards Why compromise on the quality of your cyber security training? How APMG, CESG and QA accreditations ensure the highest possible training standards Cyber Security CESG Certified Training // 2 Contents 3

More information

G-Cloud Service Definition. Atos Information Security Wireless Scanning Service

G-Cloud Service Definition. Atos Information Security Wireless Scanning Service G-Cloud Service Definition Atos Information Security Wireless Scanning Service Keeping your wireless networks secure Atos Information Security Wireless Scanning Service The Atos Wireless Scanning Service

More information

CBEST FAQ February 2015

CBEST FAQ February 2015 CBEST Frequently Asked Questions: February 2015 At this time, the UK Financial Authorities have only made CBEST available to firms and FMIs which they consider to be core to the UK financial system. Those

More information

Digital Leaders Survey

Digital Leaders Survey Contents 1. Key findings 3 2. Top three management issues 4 3. Top three IT topics or trends 5 4. Additional resources needed to address the issues prioritised 6 5. Skills gaps 7 6. Concerns about future

More information

Committees Date: Subject: Public Report of: For Information Summary

Committees Date: Subject: Public Report of: For Information Summary Committees Audit & Risk Management Committee Finance Committee Subject: Cyber Security Risks Report of: Chamberlain Date: 17 September 2015 22 September 2015 Public For Information Summary Cyber security

More information

Compliance Services CONSULTING. Gap Analysis. Internal Audit

Compliance Services CONSULTING. Gap Analysis. Internal Audit Compliance Services Gap Analysis The gap analysis is a fast track assessment to establish understanding on an organization s current capabilities. The purpose of this step is to evaluate the current capabilities

More information

G-Cloud IV Services Service Definition Accenture Cloud Security Services

G-Cloud IV Services Service Definition Accenture Cloud Security Services G-Cloud IV Services Service Definition Accenture Cloud Security Services 1 Table of contents 1. Scope of our services... 3 2. Approach... 3 3. Assets and tools... 4 4. Capabilities... 5 5. Expected Outcomes...

More information

The Software Experts. Software Asset Management Services & Solutions

The Software Experts. Software Asset Management Services & Solutions The Software Experts Software Asset Management Services & Solutions one WORLD CLASS SOFTWARE ASSET MANAGEMENT Make Optimised IT Simple Simplify the management of IT assets and minimise financial, legal

More information

Information Security ISO Standards. Feb 11, 2015. Glen Bruce Director, Enterprise Risk Security & Privacy

Information Security ISO Standards. Feb 11, 2015. Glen Bruce Director, Enterprise Risk Security & Privacy Information Security ISO Standards Feb 11, 2015 Glen Bruce Director, Enterprise Risk Security & Privacy Agenda 1. Introduction Information security risks and requirements 2. Information Security Management

More information

Citrix XenApp Design & Implementation Service

Citrix XenApp Design & Implementation Service Citrix XenApp Design & Implementation Service G-Cloud 7 November 2015 Citrix XenApp Design and Implementation Service Service Overview RealServe IT s XenApp Design and Implementation Service aims to analyse

More information

Internal Audit Strategic and Annual Plans 2015/16

Internal Audit Strategic and Annual Plans 2015/16 Internal Audit Strategic and Annual Plans 2015/16 Financial Scrutiny and Audit Committee 10 February 2015 Agenda Item No 8 Summary: This report provides an overview of the stages followed prior to the

More information

JOB DESCRIPTION. Organisation Chart. Customer BI Lead. Business Insight Lead. Business Insight Manager

JOB DESCRIPTION. Organisation Chart. Customer BI Lead. Business Insight Lead. Business Insight Manager JOB DESCRIPTION DIRECTORATE: DEPARTMENT: JOB TITLE: BAND: BASE: REPORTS TO: IT and Business Intelligence Business Intelligence Business Insight Lead 8a Various Customer BI Lead RESPONSIBLE FOR: Business

More information

JOB DESCRIPTION. Contract Management and Business Intelligence

JOB DESCRIPTION. Contract Management and Business Intelligence JOB DESCRIPTION DIRECTORATE: DEPARTMENT: JOB TITLE: Contract Management and Business Intelligence Business Intelligence Business Insight Manager BAND: 7 BASE: REPORTS TO: Various Business Intelligence

More information

Supplier Assurance Framework Good Practice Guide

Supplier Assurance Framework Good Practice Guide Supplier Assurance Framework Good Practice Guide Version 2.0 February 2015 1 P a g e V e r s i o n 2. 0 F e b 1 5 Contents INTRODUCTION... 3 SUPPLIER ASSURANCE FRAMEWORK OVERVIEW... 4 USING THE STATEMENT

More information

Protecting Malaysia in the Connected world

Protecting Malaysia in the Connected world Protecting Malaysia in the Connected world cyber Security Company of the Year (Cybersecurity Malaysia, 2014) Most innovative information security company in Malaysia (Cybersecurity Malaysia, 2012) BAE

More information

ISO/IEC 27001 Information Security Management. Securing your information assets Product Guide

ISO/IEC 27001 Information Security Management. Securing your information assets Product Guide ISO/IEC 27001 Information Security Management Securing your information assets Product Guide What is ISO/IEC 27001? ISO/IEC 27001 is the international standard for information security management and details

More information