Work with a major Financial Service company to mature their Cyber Security operations
The Situation
A major London based Financial Services company wanted to review and update their Information Security capabilities following a merger with another company.
The Task
Define an Information Security Risk Management Framework, and then implement by integrating the risk operations of the InfoSec team and IT infrastructure team.
Carry out a gap analysis of the security documentation set against ISO27001
Create key policies and procedures aligned with ISO27001 and Cyber Essentials
Set up functional teams to implement key security procedures
Define and set up an Information Governance forum for developing and maturing the organisation’s Information Security capability
The Action / Approach
Developed Risk Management Framework and defined supporting Policy and Procedure documentation. Also defined configuration changes to Risk Management tools and work-flows.
Conducted gap analysis of existing policy document set against ISO27001 and Cyber Essentials. Then wrote / updated key Information Security policy documentation.
Set up operations for: Vulnerability Management, Risk Management
Created Terms of Reference for Information Security Governance Board and set up and ran initial meetings.
The Result
Policy document set aligned with ISO27001 written / updated.
On-going Governance and Risk Management Framework implemented.
Following implementation, Risk Management Framework passed NIST Cyber Security Framework audit by 3rd party.