A security assurance function should be fully integrated into wider business assurance to be effective in providing confidence to management about the current exposure to cyber risk.
Operational security assurance
We aim to leverage existing assurance processes including local management and internal audit to ensure assurance over the state of security is obtained for all business activity. We can help with: management reporting, assurance engagement with operational teams, internal audit support, policy compliance monitoring, assurance in change management, business process and information system audits.
New developments introduce new security risks into the business. Effective security assurance for new and ongoing projects can give confidence that the risk being added to the business is being kept to a minimum. To achieve this, security risk should be managed throughout the project lifecycle. We can help with: initial project risk assessments, operational risk identification, design reviews, security architecture, requirements definition and validation, integration of security and business requirements, penetration testing.
Third party assurance
Addressing security risk in the supply chain is time consuming for all parties and, as a result, is often treated as a checklist review. We can design third party cyber security programmes, execute on assurance programmes and, where appropriate, provide tooling to introduce ease of use, non-duplication of work and improved return on investment.