Risk and Protection
We would like to see your business operating safely and reliably. Let us shield your business from threats, create public trust and give you control of security matters.
We understand that security can mean many different things. Charlie Brown puts it very poignantly:
We work with you to identify your most valuable assets and activities, then we map the related threats and vulnerabilities. Finally, we select controls for people, process and technology that will achieve your chosen confidence level.
Our practice prefers to work within established management frameworks such as ISO 27000 (Information Security Management), ISO 31000 (Risk Management) and good-practice guides such as the Australian Government's Information Security Manual (ISM).
We have developed planning, management and reporting schemes to satisfy these standards. We recommend embedding the key indicators in your service contracts to ensure that the providers satisfy your and improves security .
If you have unusual assets or exposures we will locate and apply appropriate standards and resources, such as IEC 62443 or IEC 61508 for an industrial process control environment.
We can support your security Governance and Control processes by conducting authorised tests or auditing your controls for effectiveness.
Our Advice and Awareness services can keep you informed regarding legal liabilities, tools and tactics, and emerging threats