By partnering with Net Defence, we will make your Information Security Assurance journey simple, straightforward and efficient governing and executing the process from start to end. You receive access to our Information Security, IT and Cyber expertise as we implement your Information Security Framework that will continue to grow with your organisation. Helping to mature your organisation through training and knowledge sharing.
The world continues to turn and swirl and “cyber” continue to be a hot topic. More and more the word cyber is put in front of other words without any meaning for example; cyber security, cybercrime, cyber threat, cyber-attack and so on.
Yet the definition Cyber; relating to or characteristic of the culture of computers, information technology, and virtual reality is very vague. Causing more noise and swirl in a world that is complex enough already.
What does it really mean, and what should you care about. Taking the “CYBER” out of the equation let’s take a step back.
Information Security; the practice of protecting information by mitigating risks. Still vague and lacking context.
At Net-Defence we are taking that one step further with our Information Security Assurance program.
Information Security Assurance; the mechanisms, processes and certifications needed to provide certainty, confidence and trust that IT infrastructure is secure, reliable and protected!
This can be simplified even further; to RISK. Risk can either be; accepted, mitigated or transferred.
We all manage risk this was in our everyday life, most likely subconsciously.
Protecting our homes, door locks and alarms to CCTV and 24/7 security. We decide what we need based on risk and how much we can live with so we can enjoy life without worry.
Protecting our children, we teach them from day one about safe behaviours, how to cross the road and so on. Again, we decide this based on risk factors.
Every organisation also operates with risk, some are more familiar than others such as health and safety and financial risk. In a world where data is king, and protecting it is critical to your ability to continue to operate IT and Information Security risk cannot be ignored
Organisations are still resistant to address Information Security Risk. We hear similar messages from our customers; it too expensive, too time consuming and too complex.
So, what is the potential cost of doing nothing?
Loss of ability to operate; average downtime after an attack or hack is reported as around 21 hours. If this is a result of ransomware this is more likely to be days not hours.
Loss of reputation; something that can be lost in seconds with the click of a button, and can be potentially unrecoverable. 85% of data breaches involved a human element.
Financial Penalties; the ICO has issued fines just short of £40 million in the last 8 months for failure to protect customer information. This can also lead to private claims by the customers or employees’ who’s data was not protected.
Failure to win new business; more and more organisations are required to hold accreditations and certifications and without these can be excluded entirely for tendering and bidding.
Wasted effort; digitise the process and be 50% more efficient, and be in full control.
So, what is cost and benefit of doing something?
Fast Track
focusing on attaining the relevant certifications for your organisation; to remediate risk, reduce vulnerabilities and improve your overall security posture.
Information Security Beginner Bundle; £995
- Cyber Essentials
- IASME Governance Basic
- Counter Fraud Fundamentals
- Info Sec Assurance Check (PRIMED)
- Basic Policies
Beginner Bolt On; £1,250
Basic vulnerability testing; identification of technical vulnerabilities across your infrastructure and network.
Information Security Advanced Bundle; £2,750
- Cyber Essentials
- IASME Governance Basic
- Cyber Essentials Plus
- IASME Governance Audited
- Basic Vulnerability Testing
- Counter Fraud Fundamentals
- Basic Policies
Advanced Bolt On; £1,005
Phishing testing (regular email testing) and Information Security Assurance training (+800 courses) for up to 50 users, 12-month subscription.
Information Security Assurance Program
a blended and tailored approached to identify and meet the immediate priorities of the organisation, remediating any unacceptable risk and achieving the most appropriate accreditations from the start. We bring to life an integrated platform that directs how people across the organisation manage governance and compliance activities, embedding this in to the everyday. While simultaneously building a wider Information Security Framework and Strategy that considers the business needs and investment priorities to guide the business through an evolution over time to meet the comprehensive requirements of the ISO S27001 Standard for Information Security
Value and Benefits
Whichever option you chose; we will enable and guide you to undertake detailed discovery and develop a simple structured plan with a clear set of success measures, matching capability with accreditation as you go to define your information security assurance levels. With each step on your Security Assurance journey providing the organisation with internal and external assurance and the milestones required to meet each level of maturity.
We will provide you with a bespoke detailed inventory of requirements, self-service to-do lists, policies and processes within a dashboard based real-time monitoring and reporting platform, we can help you identify and take any immediate necessary steps and achieve the most relevant viable accreditation. At the same time define, orchestrate and track your evolution to Information Security Assurance Standards of Excellence through independent, internationally recognised accreditations.
