This risk assessment process will enable you to –

• Identify security risks within your organisation.
• Determine your risk remediation strategy.
• Track progress of the risk remediation actions.
• Allocate accountability for remediation
• Improve your organisational risk posture

What’s included:

At the start of the process, we review your existing Risk Management Policy and align both our risk assessment methodology and the Risk Register with your policy. Alternatively, we can create a Risk Register which aligns with ISO 27005, ISO 31000 & NIST SP 800-30 risk management standards. The end result is a comprehensive Risk Register, detailing the vulnerability, risk, impact including worst-case assessment, actions, ownership and resolution dates across your business.

No industry sector is immune from attack, which is why it’s imperative you consider a vulnerability assessment. Undertaken regularly, this process identifies, quantifies and prioritises the vulnerabilities in your system, application or network component, and can be used to demonstrate security compliance by your organisation.

Quarterly vulnerability assessments are a requirement for obtaining and maintaining PCI DSS Compliance certification – a basic precondition for companies accepting credit and debit payments. A Vulnerability Assessment can also be performed in preparation for a penetration test, in order to identify the weaknesses to be exploited by the test.

What’s included:

• Scan – Our team can identify vulnerabilities associated with a range of IT assets, including operating systems, network devices, databases and applications.
• Report – we provide a detailed report outlining each vulnerability, including vulnerable host(s), operating system weaknesses, level of security risk for and our recommendation for remediation.
• Action – while the Vulnerability Assessment does not itself fix any found vulnerabilities, we can then work with you to take the most appropriate course of action.

People represent one of the biggest risks to your organisation’s security. To ensure high levels of protection, your people need to be regularly informed about their roles and responsibilities with regards to security. Our skilled team can deliver a security training based on your existing security controls, with a specific focus on your security gaps or pain areas. We communicate with your people and get them up to speed on security hygiene and best practices for protecting classified data, using strong passwords, as well as avoiding sophisticated phishing and social engineering attacks. We also provide security presentations to specific staff members, tailored to your needs.

What’s included:

• A fully customised training program
• A security awareness training presentation.
• A follow-up quiz to help measure training effectiveness
• Training compliance report

To stay protected, and compliant, your organisation needs to continually update your documented information security policies. However, most organisations struggle to consistently allocate the resources or skill-sets to effectively prepare and maintain these policies internally. Brennan IT can help by working with you to determine your requirements, evaluate your current policies, and prepare new, updated documentation.

What’s included:

A comprehensively updated set of security documentation covering:

• Information Security Policy
• Risk Management Procedure
• Information Security Management System (ISMS) Policy
• Statement of Applicability
• Security incidents and actions procedure
• Vulnerability management procedure
• Password standards

A comprehensive Security Governance framework provides the leadership, drive and oversight for implementing and enhancing security within the organisation, by guiding management to make the appropriate resources available to drive information security. This is the foundation to ensure security tasks are performed at planned intervals, incidents are managed effectively and resources remain available to operate the ISMS.

Brennan IT manage the complete Security Governance process, by:

• Establishing your Security Governance structure
• Identifying membership and formulating your Security Committee
•  Creating security monitoring documentation
• Developing Security Metrics and Measurements against your security objectives
• Conducting Management Reviews to track the effectiveness of your ISMS
• Develop your Security Calendar document to identify recurring security tasks and actions

Brennan IT can work closely with your business to achieve ISO 27001:2013 certification. This valuable certification can help your business ensure you are meeting all stakeholders’ security expectations, enhance your business prospects and strengthen your supplier security relations. It can also help you improve your overall security posture and reduce ongoing security incidents. Plus, it can protect the confidentiality, integrity and availability of your data. Brennan IT’s expert security team can work with you from start to finish to ensure you have everything you need to attain this certification.

What’s included:

• A new security governance structure
• Development of security policies and supporting procedures
• An in-depth risk assessment and creation of risk registers
• A detailed security audit
• Review of your Business Continuity Plan