SECURITY STANDARDS
ENSURE BEST PRACTICE AND AVOID PENALTIES
GOVERNANCE, RISK AND COMPLIANCE (GRC)
STANDARDS COMPLIANCE
Over recent years, there has been significant growth in the number and severity of cyber attacks around the world. The heightened risk of a cyber attack is recognised as a regulatory concern across a range of international organisations. There are various approaches being adopted globally, some legislative driven and some voluntary. Businesses face a range of cyber risks, both external threats and internal vulnerabilities that continue to evolve over time.
​
​
Case for Cyber Resilience
It is not possible to protect against all cyber risks. As cyber attacks continue to increase in complexity and sophistication, invariably you may be subject to an attack. However, business can seek to improve the overall cyber resilience so it can survive and recover from an attack as quickly as possible.
We encourage every business to take responsibility for improving their cyber resilience. Businesses are connected in various ways—in the online world, through the financial system or through business dealings. Cyber resilience improvements in one organisation have flow-on effects—it is a small step in improving the whole system.
​
We help businesses to implement industries relevant cyber security management frameworks in order to minimise risk, regulatory penalty exposure. The improved cyber-resilience posture will install confidence in customers, partners and staff.
Compliant Frameworks and Methodologies
Our experienced professionals are qualified to perform consulting around assessments, deployments and managed compliance services leveraging the following methodologies:
International Organisation for Standardisation (ISO) 27000 Series
National Institute of Standards (NIST) SP 800 Series
Australian Signals Directorate - Information Security Manual (ISM)
Payment Card Industry Data Security Standard (PCI DSS)
Open Web Application Security Project (OWASP)
Open Source Security Testing Methodology Manual (OSSTMM)
Control Objectives for Information and Related Technologies (COBIT)
Information Technology Infrastructure Library (ITIL 20000)
Sysadmin, Audit, Network, Security (SANS) Security Policy Resource
The EU General Data Protection Regulation (GDPR)
ISO-27000 Series Recommendation
We encourage businesses—particularly where their exposure to a cyber attack may have a significant impact on financial consumers, investors or on market integrity—to consider using the ISO-27000 Framework to assess and mitigate their cyber risks or to stocktake their cyber risk management practices.
The ISO-27000 Cybersecurity Framework enables business to apply or complement existing methodologies and standards. It does not introduce new standards or concepts but integrates existing industry-leading standards on global security and IT governance—that is, those that have widespread adoption and demonstrable successes. It is flexible enough to map onto other standards.
The core functions can provide a strategic view of your cybersecurity risk management lifecycle—for example, how to:
​
(a) identify your most critical intellectual property and assets;
(b) develop and implement procedures to protect them;
(c) put in place technology, procedures and resources to detect a cybersecurity breach;
(d) put in place procedures to both respond to and recover from a breach, if and when one occurs.