© 2015 | Informed Risk Decisions
Helping enterprises make reasoned cyber risk decisions
Informed Risk Decisions
Cyber and Payment Security Strategy Formulation
A strategy gives direction and purpose to your security and protection initiatives. It is essential to have a strategy if you want to transition your enterprise from simply addressing compliance to being risk aware and sufficiently secure against your threats.
Regulatory Impact Assessments
Government regulation and private regulation such as PCI has always had a role in setting out what you need to secure and now it is increasingly telling you how you need to protect it and what you need to do. Is your business ready, and what impacts will it have upon you?
Tailored Cyber Threat Assessments
All risk assessments start with a consideration of the threat. Yes cyber threats are real, but are all threat actors and their attack strategies going to target you? Are some threats more likely than others given your business? A threat assessment allows you to make a reasoned decisions which threats you certainly need to be concerned about.
Post Data Breach Consultancy
Data breaches and compromise events can be harrowing and costly. You most probably will need expert forensics analysis to determine exactly what happened and what was damaged or lost. But are you prepared to manage the consequences of these forensic findings. You may well need support to assess and prioritise the resolution of any findings. However, most of all you may also need support in managing the impact and consequences of the incident with those external and internal parties who were relying upon you to be secure.
All relationships have rocky patches. Nowhere is this truer than with your external providers who you pay to assess you; it is their job to be challenging and they do have standards to maintain. Experience has shown that it is often useful to have a third party to help broker resolution of issues and to help achieve a balanced risk decision.
Payment Security Product Applicability Assessments
If you are vendor you may have a wonderful new solution, but do you really understand sufficient about the arcane world of payments to ensure that you are promoting your product to the correct community, for the correct purpose and where they have a genuine business need. Equally there may well be ways your product might have value for the Payments community but which you have never realized.
CISO/CTO/Head of Security Mentoring
Technology and securing it is now a board level concern. Enterprises big and small are increasingly employing technologists and security specialists in senior positions. Given the rapidity in career progression for these individuals they may well lack the breadth of experience they need. Mentoring and supporting them can reduce these risks.
Third Party Cyber Security Consultancy and Assessments
How do you know that the third parties and vendors that provide you products and services are secure? Is that piece of paper or certificate they show you really sufficient to understand the level of risk they represent to you? You can never delegate or abrogate risk to these third parties it is always your risk. Everyone should therefore be conducting risk assessments of those they buy products or services from.
Cyber and Payment Security Assurance Management Readiness Assessments
There are tried and tested playbooks for managing a project to conduct an external assessment on your enterprise. However all of this experience and practice may well be moot if the scope of the assessment project is not well thought through. Are you covering sufficient or not enough? Equally as much as you may think the technology and processes are ready to be assessed, how much of the management and decision making behind this is ready to be assessed?Type your paragraph here.