Cyber security governance
An organisation’s board is responsible (and accountable to shareholders, regulators and customers) for the framework of standards, processes and activities that, together, secure the organisation against cyber risk.
We are the leading provider of information, books, products and services that help boards develop, implement and maintain a cyber security governance framework. In many cases, this involves deploying one or more cyber security management system standards.
All boards should be aware of the Cyber Threat Landscape and should understand what Advanced Persistent Threats are.
A Cyber Governance Health Check is a good starting point for identifying areas in which the board should act to improve its cyber risk management.
IT Governance is unique. Across all the key segments and domains of cyber security, we can usually offer a solution and approach that suits your own organisational budget and culture: we can provide cyber security consultancy services, we can deliver cyber security training (either through a public training course or on-site to a number of your staff), and we also have a comprehensive range of books and tools that will enable you to look after yourself. Whatever your preference, our unique mix of products and services means that we can serve you precisely.
Cyber Security Strategy
Getting cyber secure should be based on a risk assessment, and should address the key cyber security domains: people, process, technology and compliance.
Cyber security risk assessments are the starting point for a cyber security strategy. Our cyber security consultants can carry out such an assessment for you, or you can go on a certificated course to learn how to do this yourself, and/or you can purchase a cyber security risk management toolkit.
Enterprise and Security Architecture
Increasingly, organisations deploy enterprise architecture frameworks to design their IT and security infrastructures so that they are aligned with and support their business architecture.
Security Audit, Intrusion Testing
Our cyber security consultancy services include auditing for the existence and effectiveness of cyber security controls. These audits are usually carried out against audit frameworks such as the ISO27002 controls and the 20 Critical Security Controls. We also offer a CREST-accredited IT Health Check and Penetration Testing service.
Regulation and Certification Controls
Regulatory compliance is a key aspect of effective cyber governance. Regulators are paying more attention to cyber breaches, and fines are increasingly onerous. Reputational damage from regulatory breaches can also be significant. Organisations may also have to maintain compliance with Code of Connection requirements, whether these are G-Cloud, PSN, IG Toolkit/N3 or Gambling Commission requirements.
Recovery & Continuity Plans
Cyber resilience is a crucial underlying cyber security philosophy. Sooner or later any cyber defence will be breached. Organisations need to develop cyber resilience, a continuum of tested processes that enable it to respond appropriately to incidents of all sizes, including those which escalate and threaten the survival of the organisation itself.
Cyber security skills
Cyber security is an increasingly complex area. Organisations need either to employ staff who have adequate skills and knowledge or, recognising that there is a global shortage of such skills, ensure that security staff acquire and maintain appropriate skills. IT Governance is the leading provider of certificated cyber security training services and a unique cyber security learning pathway.
As an organisation, we also offer a growing range of security products and solutions for securing content, including both encryption technologies and Data Loss Prevention (DLP) technologies.