We advise chief information officers, information security officers, boards of directors, and IT and risk management departments.

Our work is grounded in a wealth of experience in security and compliance for companies and governments at the highest levels. We tailor our approach to each project in close consultation with our clients and avoid a one-size-fits-all solution.


RELEVANT EXPERTISE

Our team have a diverse set of skills from varied industries. From former Chief Information Security Officers of multinationals to former system administrators and governance specialists, we ensure that each project has the right team with relevant and in-depth industry expertise.


ACCESSIBLE REPORTING, CLEAR ANALYSIS

Our reporting is accessible to employees at all levels of organisations. We clearly explain security issues by utilising language that is appropriate for the intended audience. We avoid jargon and contextualise security issues by benchmarking against industry peers.


GLOBAL RESPONSE, CLIENT FOCUS

We leverage our global network and adapt our responses in line with clients’ needs. Wherever possible, we work with clients’ existing security infrastructure and avoid re-inventing the wheel to provide practical advice that assists our clients in improving their security as quickly and efficiently as possible.


TECHNOLOGY

Together with market-leading partners, we provide easy-to-use platforms that simplify and consolidate security processes.

Our consultants work with leading organisations to assess their people, processes and technology against industry leading standards and regulations.

We use proven methodologies and easy-to-read reporting to provide a clear assessment of compliance with regulations and other security requirements.
We provide actionable recommendations and roadmaps to reduce our clients’ cyber risks and align them with leading governance standards.


Security

We provide security risk assessment services to businesses of all sizes, ranging from small family offices to large corporations. We serve a wide variety of industries, some of which include oil and gas, financial services, legal services, professional services and critical national infrastructure.

We strive to provide quality reporting, client focus and a combination of strong technical and governance expertise to help our clients improve their security posture.

 

Level 1: Cyber Essentials
  • Guidance through the UK government-backed Cyber Essentials certification process
  • Full Cyber Essentials certification upon completion
Level 2: Information Security Controls Gap Assessment
  • Identifies high-level security gaps in your organisation’s security controls based on applicable best practices
  • Benchmarks your cyber security profile against your peers
  • Breaks down the key vulnerabilities associated with the identified gaps
  • Provides recommendations for resolving identified issues
Level 3: Information Security Risk Assessments
  • Identifies the critical information assets within your organisation
  • Evaluates the threat profile of your organisation
  • Evaluates your cyber security posture against industry best practices
  • Benchmarks your cyber security profile against your peers
  • Identifies vulnerabilities in your cyber security strategy
  • Assesses the likelihood and impact of identified threats
  • Identifies risks in the context of your risk appetite
  • Provides recommendations to improve your security
  • Provides a management report and risk register for tracking remediation efforts.

Regulations & Standards

Our assessment services extend to security and data privacy regulations and security standards, enabling our clients to understand their readiness in preparing for and meeting the requirements associated with:

  • The EU General Data Protection Regulation (GDPR)
  • The New York Department of Financial Services Cyber Security Regulation (NYDFS)
  • ISO27001
  • NIST 800-53/Cyber Security Framework (CSF)

We support clients in driving their remediation programmes and effectively implementing the controls required by regulations and security standards.


POST-ASSESSMENT REMEDIATION SUPPORT

We provide technical support, security awareness training and staff augmentation to help organisations implement risk mitigation strategies. These services include:

  • Vulnerability scanning & patch management
  • Social engineering testing (Phishing; Vishing)
  • Policy and procedure development
  • Vendor risk management
  • Device hardening
  • Privacy advisory

Regulatory & compliance support

We provide the additional resources and knowledge required to implement the changes needed to achieve compliance with security standards and regulations.