Evaluate your security service coverage, delivery roadmaps, future challenges, alongside your team’s capability.
Defining a sound cyber security strategy is without question one of the most challenging tasks for leaders in this space. To ensure business success difficult trade offs and compromises must be made. In these challenging financial climates, as budgets tighten, justification and prioritisation of investment must be demonstrated clearly aligned against business objectives.
Our methodology and approach to assessing your cyber security strategy reviews 12 strategic components. Core strategy areas and blind spots, often missed by even the most seasoned, have been incorporated into our continually updated methodology.
“Strategy without tactics is the slowest route to victory. Tactics without strategy is the noise before defeat.”
- Sun Tzu
The long-term key to success is execution which is why the cornerstone of our strategy review is assessing support for the function and its objectives. Service and project portfolio analysis considers existing services provisioned to the business and into the future.
Risk management, communication, and governance play pivotal roles in articulating the progress and success of the cyber security function. The ultimate goal is to be viewed as a business enabler rather than a compliance function with exponentially growing costs.
Our independent review provides transparency to your stakeholders and confidence these strategic decisions will deliver the best outcomes to your business.
- Key stakeholder engagement
- Cyber security investment financial data
- Talent and skills matrix
- Risk management approach
- Governance structure and risk reports
- Cyber security control framework
- Service catalogue
- Cyber security service and business risk alignment
- Capabilities assessment (In-house vs. Outsourced)
- Cyber security framework improvements
- Risk metric enhancement
- Justification and prioritisation of investment
- Talent roadmaps
Assess your cyber security maturity to obtain a rational view of your business risk with actionable insights.
Unfortunately a lot of businesses are learning the impacts of cyber incidents after the fact. Our risk assessment service articulates cyber risk in financial terms using business language that is easily understood. Cyber security services can be optimised leading to a cost-effective approach that is in line with business objectives and risk appetite. This enables decisions makers to determine the right balance between protecting an organisation and running a business. Roadmaps for control maturity improvements can also be more informed.
“It is no longer suitable for business leaders to ignore cyber risk treating this as an IT only problem. All business risks must be identified and managed appropriately.”
- Michael Woods CEO Tannhauser
Our Cyber Risk Quantification (CRQ) methodology leverages Cyber Value at Risk (VaR) and loss distribution modelling experience to give meaningful and actionable risk insights. The business impact of cyber security attacks can be rationalised and how much cyber risk the organisation is exposed to can be quantified and communicated. Decisions around investments, risk reduction, capital requirements, cyber insurance and security budgets can now speak the one common language.
Results of the risk assessment can feed into your risk management framework ensuring cyber risks are not considered in isolation but as an integral part of your organisation’s overall approach to risk management.
- Stakeholder workshops
- Top 5+ scenarios defending against
- Control Framework
- Historical and hypothetical risk scenarios
- Threat and Risk Assessment
- Detailed scenario impact analysis
- Cyber Value at Risk (VaR) for critical economic functions
- Actionable risk insights
Validate your trust in people, process and technology. Measure performance against compliance requirements and industry standards.
Having trust in the design and operating effectiveness of your cyber security controls is imperative. Our Assurance service provides an independent assessment of the cyber security control environment to validate your trust in your people, process and technology. Our approach considers confidentiality, integrity, availability, authentication, authorisation and non-repudiation requirements and the associated risks along the data life cycle.
Our approach is tailored to the business needs using our own methodology or can be measured against specific regulation, guidelines, frameworks, procedures, standards and policy requirements.
“The antiquity and general acceptance of an opinion is not assurance of its truth”
- Pierre Bayle
We utilise a number of methods to achieve assurance outcomes such as Red Team Exercises, Penetration Testing, Vulnerability Assessment, Behavioural Measurement Techniques, Security Configuration Reviews, Control Testing and Interviews.
We will assess your security controls to determine they are designed and implemented correctly, operating as intended and producing the desired outcomes. This confidence in your information security management system will assist in making context informed decisions.
Independent review is critical to ensure transparency to your stakeholders that your security controls are working.
- Clearly defined scope
- Control definition and objective from regulation, guideline, framework, procedure, standard and/or policy
- Access to key stakeholders and timely delivery of evidence.
- Concise cyber security observations and findings
- Quick wins and management action plans
- Assurance report for internal/external use as required
