Information Security Management and Assurance

Information security is a top-down process. To be successful, it should be supported by a comprehensive information security strategy. Implementation of the IS strategy needs a comprehensive information security programme, that, inter alia, covers

• Comprehensive information security policies and standards

• Procedures on business and information technology processes and IT governance

• Comprehensive Risk Management with,

  • Periodic assessments of risks and impact analysis

  • Classification and assignment of ownership of information assets

• Segregation of Duty - Assignment of roles and responsibilities

• Adequate, effective and tested controls

• Integration of security in all organizational processes

• An effective controls development life cycle (CDLC) process comprising design, implementation, operational effectiveness and monitoring

• Hosting appropriate user awareness education and training for all levels, including the Board and Top Management

• Effective Business Continuity and Disaster Recovery Plans

• Use of security best practices guidance such as ISO/IEC 27002

Our information security management and assurance services cover all the aforesaid components.