NETCB

Strategic business information risk management

We can assist you to determine how well your organisation is preventing the loss of sensitive intellectual property, confidential information and data.

And, were this loss to happen, to understand the significant business risks and impact to your organisation's reputation, financial performance, or shareholder confidence. This would enable executive management to plan for business-critical risk scenarios.

In addition, to gauge how your organisation will know if it has been attacked, acknowledging that even with multiple IT security layers, many organisations will not be aware of, or be able to detect sophisticated attacks.

And, to determine how effectively your organisation adopts an information security Threat Map - one which is on the executive team’s agenda.

Lastly, to advise how the executive team would use this Threat Map to inform business-critical decision making and enterprise risk management.

Emerging threats

There are specific emerging threats and vulnerabilities which your organisation should plan to address in the next 6 to 18 months.

For example: 

• Social Media
  Social media services are becoming the gateway for breaking the security defences in organisations.

• Malware
  Attackers are increasingly flooding the market with complex malware which inhibits the security vendors' capabilities for detection and response times.

• Targeted Attacks
  Targeted, well funded attacks are here to stay. Advanced persistent threats (“APT”) from sophisticated attackers has the intent of intellectual property theft, which can be used to “reverse engineer” for commercial gain in these foreign economies.

• Source of Attacks
  Attacks are mostly originating from Russia, USA, and China, and often aimed at web browsers, email, phishing, and web site interfaces for financial gain or intelligence gathering.

• Zero Days
  There is a significant increase in zero day vulnerabilities (vulnerabilities with no fix or patch).

• Testing
  Organisations will need to increasingly test their security defences through ethical white hat assessments.

• New Technologies
  Smartphones and PC tablets for example, may become ideal targets for identity theft and personal information gathering.

• Security Monitoring
  The scope for security monitoring is increasing, though regulatory pressure for protecting privacy should not be ignored.

• Compliance
  Compliance is over-arching as information risk management takes centre stage in information security, and risk-informed decision making.

Information security GAP analysis

We can help by conducting an information security GAP analysis based on our global information security management experience so that your organisation can steer a path through the above challenges by:

• Understanding how you classify what information and data needs to be specially protected using which specific controls and tools

• Designing the key information security dashboard/metrics to be monitored and managed

• Understanding the key challenges and options in your Threat Map based on known and advanced persistent threats to your organisation

• Advising on your information security gaps and priority Security Initiatives, and the incremental plan to address these gaps

• Reviewing how you are delivering on your organisation’s Information Security Strategy and security programme

• Advising on how to continuously raise your information security posture to intelligently manage your threat landscape

• Advising on the core component in a robust security event and incident response capabilities

• Understanding how to optimise your security technology choices, and security programme investment that provides assurance on controls and strengthens your information security governance processes

In our GAP analysis we assist your organisation to apply a robust, proven global information security management framework based on SANS, ISO27000, NIST, CobiT. See our approach below.