Securing a Digital Economy

Similar documents
REPORT. Next steps in cyber security

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft

Cyber security Building confidence in your digital future

National Cyber Security Policy -2013

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist,

Cyber Security - What Would a Breach Really Mean for your Business?

A NEW APPROACH TO CYBER SECURITY

Procuring Penetration Testing Services

Cyber security. Cyber Security. Digital Employee Experience. Digital Customer Experience. Digital Insight. Payments. Internet of Things

Cyber security Building confidence in your digital future

Security Risk Management Strategy in a Mobile and Consumerised World

93% of large organisations and 76% of small businesses

CYBERSECURITY IN FINANCIAL SERVICES POINT OF VIEW CHALLENGE 1 REGULATORY COMPLIANCE ACROSS GEOGRAPHIES

Safety by trust: British model of cyber security. David Wallace, First Secretary, Head of of the Policy Delivery Group British Embassy in Warsaw

CYBER-ATLAS A COMPLETE CYBER RISK MANAGEMENT SOLUTION

Mitigating and managing cyber risk: ten issues to consider

Cyber Defence Capability Assessment Tool (CDCAT ) Improving cyber security preparedness through risk and vulnerability analysis

Close the security gap with a unified approach. Detect, block and remediate risks faster with end-to-end visibility of the security cycle

Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA. Cyber: The Catalyst to Transform the Security Program

Risk Considerations for Internal Audit

National Approach to Information Assurance

Cisco SAFE: A Security Reference Architecture

Committees Date: Subject: Public Report of: For Information Summary

CYBER SECURITY DASHBOARD: MONITOR, ANALYSE AND TAKE CONTROL OF CYBER SECURITY

Keeping sight of your business Hot topics facing Financial Services organisations in IT Internal Audit

Information security controls. Briefing for clients on Experian information security controls

Seamus Reilly Director EY Information Security Cyber Security

Confident in our Future, Risk Management Policy Statement and Strategy

How To Transform Insurance Through Digital Transformation

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility

IRM CERTIFICATE AND DIPLOMA OUTLINE SYLLABUS

International Diploma in Risk Management Syllabus

Cyber threat intelligence and the lessons from law enforcement. kpmg.com.au

Address C-level Cybersecurity issues to enable and secure Digital transformation

Assessing the strength of your security operating model

Nine Steps to Smart Security for Small Businesses

Vulnerability Risk Management 2.0. Best Practices for Managing Risk in the New Digital War

Business Continuity Management Governance. Frank Higgins Abu Dhabi March 2015

April 2015 Issue No:1.0. Application Guidance - CCP Security and Information Risk Advisor Role, Practitioner Level

Section A: Introduction, Definitions and Principles of Infrastructure Resilience

INFORMATION SECURITY TESTING

HMG Security Policy Framework

RSA ARCHER BUSINESS CONTINUITY MANAGEMENT AND OPERATIONS Solution Brief

Protecting against cyber threats and security breaches

IT Security Testing Services

Rogers Insurance Client Presentation

Cyber Security Evolved

The Business Case for Information Security. White Paper

WHITE PAPER. PCI Compliance: Are UK Businesses Ready?

Lot 1 Service Specification MANAGED SECURITY SERVICES

CYBER SECURITY SERVICES PWNED

A Guide to the Cyber Essentials Scheme

Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model

Risks and uncertainties

Developing National Frameworks & Engaging the Private Sector

CYBER RISK SECURITY, NETWORK & PRIVACY

BUILDING THE CASE FOR CLOUD: HOW BUSINESS FUNCTIONS IN UK MANUFACTURERS ARE DRIVING PUBLIC CLOUD ADOPTION

How To Manage Risk On A Scada System

CYBERSTRAT IS PART OF GMTL LLP, 26 YORK STREET, LONDON, W1U 6PZ, UNITED KINGDOM

Government Procurement Service

Information Security and Risk Management

Italy. EY s Global Information Security Survey 2013

Cyber Security Strategy

London Business Interruption Association Technology new risks and opportunities for the Insurance industry

The UK cyber security strategy: Landscape review. Cross-government

Cyber Security Consultancy Standard. Version 0.2 Crown Copyright 2015 All Rights Reserved. Page 1 of 13

Information Security Services

The Cyber Threat Profiler

The webinar will begin shortly

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

Cyber, Social Media and IT Risks. David Canham (BA) Hons, MIRM

Smart Security. Smart Compliance.

3rd Party Assurance & Information Governance outlook IIA Ireland Annual Conference Straightforward Security and Compliance

2015 INFORMATION SECURITY BREACHES SURVEY

TEASER INVESTOR DECK 500k SEIS+EIS ROUND. In partnership with

Accreditation Application Forms

CASSIDIAN CYBERSECURITY SECURITY OPERATIONS CENTRE SERVICES

Reputation, Brand & Communications

Best value security report

Aon Risk Solutions Aon Crisis Management. Crisis Management Consulting Terrorism Probable Maximum Loss (PML) Studies

The Education Fellowship Finance Centralisation IT Security Strategy

Transcription:

Securing a Digital Economy

HQ Cheltenham Spa 1998 Founded by Charles White and David Cazalet INDEPENDENT We always recommend what is best for your business SIMPLICITY We deliver confidence, not complexity VISIBILITY We make risks visible and measurable to the right people, at the right time MATURITY We enable Board-led and business-as-usual risk management SC MAGAZINE Information Security Consultancy of the Year SECURITY PRIVACY TRUST The nature of our business

About Information Risk Management Plc (IRM) Digital Innovators Founded in 1998, IRM is an award winning and independent cyber security consultancy. The company s vision is to align proportionate and innovative cyber security with the strategic direction of our clients. IRM works with a diverse range of organisations, including FTSE 100 companies, central Government departments and many international Blue Chip clients operating in EMEA. Our mission is to help our clients make distinctive, lasting and substantial improvements to their cyber security posture in times of growing threat and to build a great company which through its thought leadership and innovative solutions attracts, excites, and retains both exceptional people and its customers. IRM believe that we will be successful if we dare to think about what we do differently and how we deliver cyber security in an innovative way. Security Specialists As one of the largest cyber security consultancies in the country, IRM s outstanding reputation is based above all on the professionalism, ability and integrity of our people. We employ professionals with a natural flair for problem solving, commercial awareness and practical experience. Our consultants are regularly invited to present at security conferences and play key roles in industry bodies and working groups, such as CREST. Whilst working for IRM, consultants are able to participate in company funded research into emerging and evolving security threats, such as Cloud Computing, Mobile Devices, the Internet of Things (IoT), Biometrics and Voice over IP (VoIP). This research supports the development of our industry leading testing tools and methodologies, training courses and cyber security services. Cyber Credentials IRM has a long established relationship with the National Technical Authority for Information Assurance, CESG and is a member of the CESG, CHECK Scheme with Green light status. CHECK is a partnership between the UK Government and Industry that allows third parties to conduct security tests on Government networks. We are also a member of the Cyber Security Information Sharing Partnership (CiSP), a real time cyber threat information exchange, and receive insights from a number of wellrespected sources, such as the Information Security Forum (ISF). IRM is proud to be a thought leader in the payment security space, having co-authored the award winning Barclaycard Risk Reduction Programme (BRRP) a cost effective and risk-based approach maintaining PCI DSS compliance. The BRRP won Compliance Project of the Year at the 2013 FStech Awards. Client Collaboration IRM builds long-term relationships - working with clients to bring the best of our abilities to every project and achieve success. We understand the specific business challenges facing the companies we work with as well as their cyber risk posture relative to that of the wider industry. IRM prides itself on implementing managed security services and solutions that support, as oppose to adversely impact, our client s ability to innovate, invest in new technologies and confidently compete in the Digital Age. In light of our research, cyber security testing and cyber incident response engagements, we take a proactive approach to ensure that the organisations we work with are prepared with actionable threat intelligence and can reduce their risk exposure.

Human Behaviour Only amateurs attack machines, professionals target people - Bruce Schneier, American cryptographer, Human behaviour is often the weakest link in the cyber security chain. Last year, 31% of the worst security breaches were caused by human error and a further 20% by deliberate misuses of systems 1. Employee s interaction with new technology is amplifying their propensity to make mistakes (in the very worst cases, automating stupidity ) and circumvent security measures. At IRM, we have the ability to test, measure, train and increase awareness via bespoke campaigns in order to ultimately reduce your behavioural risks. IT Infrastructure There is a huge need and a huge opportunity to help transform society for the future. The scale of the technology and infrastructure that must be built is unprecedented. - Mark Zuckerberg, CEO, Facebook Almost a quarter of large organisations detected that outsiders have penetrated their networks in the last year. Furthermore, around 70-80% of system attacks are actually conducted from within an organisation s internal network 2. If the increasing risk to IT infrastructure is going to be managed the design and implementation of defences must be multi-layered and not undermined by the weakest link. At IRM we help our clients implement effective security policies, processes, procedures and products to give them a multi-layered and coordinated defence strategy. Regulatory Requirements If you have ten thousand regulations you destroy all respect for the law - Winston Churchill, Prime Minster of the United Kingdom from 1940 1945 and 1951 1955 The Digital Age has brought forth a number of regulatory requirements, standards, guidelines and certifications. This landscape is highly complex, with domestic and international Government and industry-led standards in existence and development. It is no wonder that complying with laws and regulations is the 4th main driver for information security expenditure 3. IRM identify gaps and common controls across compliance initiatives, helping our clients comply with, and invest in, standards that drive the most business benefit and effectively protect customer information and data integrity. IT Infrastructure Requirements Regulatory New Technology People who think they are crazy enough to change the world are the ones that do. - Steve Jobs, Co-founder, Chairman and CEO, Apple Inc. Human Behaviour Supply Chain New Technology Underpinning our clients COMPETITIVENESS with CYBER SECURITY Supply Chain Change the name. The name has been poisoned. - Don Draper, Mad Men, after being asked what a client should do when its popular brand of dog food is found to contain horsemeat Involving cyber security at a project s outset and being able to calculate the attendant cyber risk of a digital decision enables businesses to confidently (and quickly!) capitalise on new technology and remain competitive. Worryingly, less than 25% of companies currently involve cyber security at the beginning of a digital project 5. IRM sit on a number of innovation teams aligning business and cyber security objectives to dramatically increase the probability of successful digital change. Incident Response & Forensic Readiness Reputation Business Resilience In the event of a data breach, your business will be held accountable for the actions of vendors and suppliers their risk is your own. More than 80% of companies are concerned about the resilience of their digital supply chain 4. Organisations now require a process for defining the cyber risks of sharing data with suppliers, customers and partners outside of traditional audit regimes. IRM categorises suppliers according to cyber criticality via a risk management framework that is flexible enough to cope with the changing nature of these relationships. Reputation It takes 20 years to build a reputation and five minutes to ruin it. If you think about that, you ll do things differently. - Warren Buffett, American business magnate, investor and philanthropist The Digital Age has re-written the rule book on customer behaviour and communication. Customers will no longer passively invest in your brand; they expect service on social media and will actively research your company s digital footprint. At IRM, we ensure that our clients have tailored and tested plans to prevent a cyber-incident from spiralling into a reputational crisis. We test resilience to high likelihood and high risk events from an organisation s network monitoring and forensics maturity through to the preparedness of their communications team. Business Resilience Resilience is all about being able to overcome the unexpected. Sustainability is about survival. The goal of resilience is to thrive. - Jamais Cascio, writer and futurist Online attacks now cost the UK around 27 billion a year 6. Digital interdependencies associated with the rise of technology have become indispensible to businesses, and demand the same resilient strategies and disaster recovery plans necessary to prepare for a natural disaster, political uprising and world economic or health crisis. IRM help our clients build cyber resilience strategies and programmes - acting as an extension of existing security and IT teams. We define business risks based on threat-led outcomes, develop policies for the people, processes and technology that access key assets before implementing and testing a recovery plan. Incident Response & Forensic Readiness There cannot be a crisis next week. My schedule is already full. - Henry A.Kissinger, American diplomat and political scientist Expect the unexpected this applies to any type of incident. In cyberspace, the well-known phrase assume you have been breached is illustrative of a total shift in perception fatalism that corporate networks are already infiltrated. 73% of large organisations suffered from infection by viruses or malicious software in the past year (up from 59% a year ago 7 ). IRM is able to inform organisations if they are being actively targeted, identify any changes to information systems, implement processes that identify whether forensic investigation is required and quickly deploy an incident response team to conduct complex investigations. 1. Information Security Breaches Survey, Department for Business, Innovation and Skills, 2014 2. IT Infrastructure Security-Step by Step, SANS, 2013 3. Information Security Breaches Survey, Department for Business, Innovation and Skills, 2014 4. Building Resilience in Supply Chains, World Economic Forum, 2013 5. The Global State of Information Security Survey, PwC, 2013 6. The UK Cyber Security Strategy: Protecting and promoting the UK in a digital world, Cabinet Office, 2011 7. Information Security Breaches Survey, Department for Business, Innovation and Skills, 2014

How we DELIVER IRM s Governance, Risk and Compliance (GRC) platform, Synergy GRC, has been developed to provide our clients with an essential tool to unify and manage their cyber security strategy in an era of virtual volatility and change. IRM s Governance, Risk and Compliance (GRC) platform, Synergy GRC, has been developed to provide our clients with an essential tool in which to unify and manage their cyber security strategy in an era of virtual volatility and change. Key Benefits: Demonstrates the value of business intelligence driven by cyber security KPIs. Understands and models cyber and information risk in future business ventures. Reports on cyber threats, risk and compliance. Centrally assesses third parties against a common set of criteria. Assigns users to specific security roles via role based access control. Includes all major standards, such as ISO 27001, PCI DSS, Cyber Essentials and PAS 555. Allows you to manage cyber as a business risk not an issue isolated to the IT Department. Modules: Governance Management: Proportionally governs information integrity for a strategic advantage. Risk Management: Manages information asset risk relative to business change and objectives. Compliance Management: Achieves an integrated and accurate view of your regulatory landscape. Third Party Assurance: Provides assurance that suppliers are following best practices and are assessed proportionally to the cyber risk they carry on your behalf. Incident Management: Allows you to manage incidents from detection through to response, analysis, resolution and lessons learnt.

Some of our clients At IRM, we take pride in delivering a collaborative and exceptional service to every organisation we work with. Some of the UK s biggest brands and industries rely on us to help them build and realise the value in an effective cyber risk management strategy. +44 (0) 1242 225 200 www.info@irmplc.com @IRM_tweet linkedin.com/company/irm-plc irmplc.com

Cheltenham Spa 1st Floor Cheltenham House Clarence Street Cheltenham GL50 3JR London 8th Floor Westminster City Hall 64 Victoria Street London SW1E 6QP

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information