What was the challenge?
The newly appointed COO (Chief Operating Officer) of our client commissioned a security assurance review which identified a significant number of fundamental security weaknesses across their state. As a regulated organisation they needed support to improve their security posture, however they lacked the internal capacity and capabilities to define and execute a risk-based remediation plan.
What was our role?
We supported our client in initially undertaking an assessment of the design and operating effectiveness of security controls across their organisation. Based on the conclusions of that assessment, we helped them develop a prioritised remediation plan which would allow them to improve both their technical controls and their broader risk monitoring, assessment and management framework.
We supported the client in developing an understanding of their operating architecture, mapping key business services to technical solutions and identifying risks and dependencies across the estate. We enhanced policies and established technical security standards across their environment. We worked collaboratively to ensure knowledge was shared with internal teams and their skill levels uplifted.
Following on from their Security Improvement Programme, we helped them scope some scenario-based security testing to provide technical security assurance over some of the key risk areas.
What was the outcome?
Not only has the client materially improved their security posture, they also recognised the benefit of their teams internal capability from working closely with our security and risk specialists. The client has recently attained ISO 27001 certification.