Viewdeck

Information Assurance for Cloud Based Solutions

Expert advice to provide

  • Information Security & Risk Management consultancy service that delivers quality outcomes to Cloud Services
  • Strategic Cyber Security services and advice to enable assured architecture and implementation of Cloud based services
  • Information Security Management compliant with appropriate standards/policies e.g. ISO27000, SPF, Cyber Essentials

Features

i

Senior consultants with many years of experience (former CISOs, SIRAs)

l

Experience of building and running Cyber Security practices in HMG

Consultants cleared to highest level

Highly qualified consultants (IISP, CISSP, CLAS and CCP)

GDS aligned enterprise level security architectural principles and patterns

v

Vulnerability Assessment, IT Health Check ITHC and Penetration Testing

Defining comprehensive security requirements utilising risk assessment models IS1

Information Assurance Maturity Model (IAMM) assessments and action plans

Production of Risk Management and Accreditation Document Sets (RMADS)

Security Awareness Training - communications and educational campaigns/materials

Benefits

  • Providing confidence to board level stakeholders that risks are controlled
  • Delivery of security change appropriate to business strategy and need
  • Development of architectures that fit business requirements for security
  • Effective mitigation of risks and conformance to relevant security policies
  • A balance of information risk against the cost of counter measures

Viewdeck provide business driven advice on the management of security and information risk consistent with HMG IA policy and other sector specific guidance:

  • To provide a focal point for resolution of security and information risk matters
  • To identify, analyse and evaluate information risks
  • To explain to risk owners and other stakeholders the causes, likelihood and potential business impacts of information risks throughout the information system life-cycle
  • To assist checking compliance with applicable regulations, standards, policies and guidance on information risk management
  • To present risk management options to the business
  • To support the development of appropriate and proportionate documentation to inform risk management decisions, ensuring these are expressed in terms meaningful to the business
  • To investigate security incidents
  • To promote security awareness
  • To provide threat guidance

Viewdeck’s approach is to identify information risks which are systemic across the programme or business by selecting appropriate risk assessment techniques. Through experience and investigation we will develop understanding on the specific threat environment, and communicate and provide guidance to the client. . We will recommend implementation of security controls across the programme or enterprise to provide cost effective risk mitigation; we will ensures these are directly traceable to risks so that ongoing management of risks can be tuned to changing threats over time. The Viewdeck approach ensures the development of IA strategies, policies, guidance and awareness that aligns with local risk management practices and integrates information risk management into programme risk management .

Sample projects undertaken

40809210_s

  • Designing, recruiting and establishing an Information Security Practice in a new organisation. Leading security requirements development for the complete range of security controls required by, including identity management, SOC and penetration testing services. Championing Information Assurance within the organisation, forging close relationship with the SIRO and other senior stakeholders, and engaging with the wider sector security community. Delivering a ‘Building a Secure Organisation’ concept, ensuring that Information Security is aligned with wider business and security requirements. Scoping ISMS and developing corporate and system specific security policies
  • Feasibility study into Two Factor Authentication; working with ICT and security stakeholders evaluated candidate technologies (e.g. OTP, PKI, SmartCard), developed business risk model, aligned options with ICT strategy, facilitated implementation decisions for diverse ICT infrastructure
  • Performed turnaround on a stalled project to implement security audit & SIEM capability. Led technical and security architects to resolve disagreement over approach, mediated technical and UAT resource conflicts and project managed through to successful accreditation and roll out
  • Project Managed a secure Information Management Systems development and business change project from inception, including stakeholder engagement, initial business analysis and requirements capture, scoping and visioning, multi-agency and industry collaboration and project team building. Developed risk model in conjunction with operational and technical security specialists, developed outline design options, assessed candidate technologies (Enterprise Information Management (e.g. OpenText, Alfresco), Thin and Thick Client options, networking requirements (including VPN), PKI solutions and key management options, assured development and deployment processes etc.)
  • Performed turnaround on a stalled project to implement network security controls. Mediated resource conflicts and completed transition. Developed and co-ordinated communications to cover multi agency user implications. Project managed through to successful accreditation and roll out
  • Feasibility study and design for improving Patch Management processes and integrating more effectively within an ITIL v3 ICT service management regime. Delivered a new patch acquisition and distribution mechanism (including Windows, UNIX RHL, WSUS, Patch acquisition and verification). Defined pilot central patch management team and sourced qualified contractors

Key Areas

  • Highly experienced security cleared individuals
  • Proven delivery from start up situations through to problem projects
  • Proven track record with board level stakeholders
  • Making the business case for security
  • Up to date knowledge of IA standards and methods

Tag Cloud: MSP, PRINCE2, Rational Unified Process, Unified Modelling Language, Managing Successful Programmes. Quality Assurance, Quality Gate, Project Assurance, Requirements Traceability, Strategic Outline Case (SOC), Outline Business Case (OBC), Full Business Case (FBC), SC, DV, ISO 15504, Six Sigma, BPR, ISO 9001

Key Processes: RUP/UML, COBIT, MSP, PRINCE2, ITILv3