A common challenge across organisations is that annual security programs are mostly shaped by technology implementations and audit issues as opposed to a long term viewpoint based on strategic security growth targets, aligned to business objectives and driven by industry best practice.

Our cybersecurity advisors are experienced at guiding clients in strategy and governance – combining industry vertical perspectives, cybersecurity knowledge and business acumen. Our experts provide clear, actionable advice that helps set strategic direction, develop policy, define metrics, optimise compliance efforts and guide the establishment of agile governance structures.

  • Advisory, Governance & Quality Assurance

    Obtain strategic guidance with establishing or improving your security management system, governance practices or with oversight of key projects.
    Read more

  • Security Assessment & Strategic Planning

    Baseline your security capability maturity, understand the gaps and define a improvement plan with investment required to achieve maturity and compliance targets.
    Read more

  • Security Risk & Compliance

    Perform risk and impact assessments to profile risk of a specific area or identify crown jewels. Review and drive compliance for privacy (POPIA, GDPR) and other regulations.
    Read more

Advisory, Governance & Quality Assurance

Obtain strategic guidance with establishing or improving your security management system, governance practices or with oversight of key projects.

Output

  • Assistance with the setup of a security management or operational structure from organisational design through to recruitment and definition of roles and responsibilities
  • Review of existing policies, governance structures and control frameworks. Development of new governance mechanisms including metrics and performance reporting
  • Establishment of a security program with associated business cases, initiatives and resource planning to execute the strategic plan
  • Expert guidance and quality assurance providing technology independent assurance on complex IT or security projects
  • Security guidance on business projects (e.g. Digital Transformation, Core Banking platform)

Benefit

  • Tailored services that bring together practical experience with industry proven approaches to solving complex management problems
  • Practical assistance with navigating IT and security governance challenges
  • Assurance to project steering committees and executive stakeholders on the design and overall quality of strategic IT or security projects

Security Assessment & Strategic Planning

Baseline your security capability maturity, understand the gaps and define a prioritised improvement plan with investment required to achieve maturity and compliance targets.

Output

  • Broad review of all areas of information security across your enterprise. Our focus is beyond tooling and the techniques used identify real issues with existing capability or areas where capability is lacking
  • Assessment is based on widely accepted industry best practice aligned to ISO, NIST, SANS, COBIT, ISF and Gartner recommendations
  • Takes a point of view from an understanding of your business, your IT architecture and cyber risks that impact your environment
  • Recommendations of governance and technical mitigating solutions with quick-wins, to achieve the highest risk reduction in the shortest period of time
  • Recommendations of security architecture that minimises complexity, and effectively leverages existing tooling to meet the security objectives of your organisation
  • A security strategy and roadmap that defines how your organisation should achieve the “right” level of capability maturity (people, process and technology) while aligning to your business and IT strategies
  • Estimates of the investment (time, money and effort) required to execute the strategic plan

Benefit

  • Documented broad snap-shot of your current state information security posture providing a baseline for future measurement
  • Gap analysis which provides insight of your security, beyond your current audit and risk reviews
  • Recommendations based on deep experience with security governance and technology, highlighting areas of optimisation
  • Long-term improvement plan based on executive support of prioritised and phased capability enhancements with corresponding investments

Security Risk & Compliance

Perform risk and impact assessments to profile risk of a specific area or identify crown jewels. Review and drive compliance for privacy (POPIA, GDPR) and other regulations.

Output

  • Identification of what security related statutory, legislative and regulatory requirements apply to your organisation (e.g. GDPR. POPIA etc)
  • Assessment of your inventories and controls of your structured and unstructured data assets
  • Assessment of the impact to your organisation based on your handling of privacy information and existing protection capabilities
  • Identification of crown jewel assets, risks and maturity of controls
  • Development of security risk and compliance frameworks which define the methods, standards and processes to be applied within your organisation
  • Assistance with the implementation of privacy or other compliance initiatives

Benefit

  • Clarity on your organisation’s security compliance obligations
  • Guidance on the best strategic approach based on your compliance impact
  • Prioritisation of initiatives and resources based on your crown jewels
  • Detailed plans to execute risk and compliance initiatives