Our consulting practice is based on the three main principle dimensions of securing the information namely Confidentiality, Availability & Integrity.
Confidentiality: It is to make sure that information is reachable only to those authorised to have access on a need basis
Availability: It is to ensure that authorised users only have access to information and associated assets whenever required
Integrity: Protecting the accurateness and totality of information and processing methods
Thus, it is highly important to consider the relative significance of each of the above dimensions when executing an information security system.
The primary aim of our practice is to make sure that information is safeguarded from all threats in order to ensure business continuity, lessen any possibility of business damage and enhance return on investment. Every enterprise has a different set of requirements in terms of control and also in the level of confidentiality, availability and integrity.
We are also involved in creation of the IT policy document that is to define the organisational objectives for information security and makes these objectives perceptible to the entire enterprise. Acting as a medium in general and ensuring that the senior management is responsible for setting up and communicating guiding principles, various expectations and direction for the organisation.
Our consulting practice comprises a number of factors contributing to the successful execution of an information security management system. The key deliverable of our consulting practice includes the following:
- Perceptible commitment and support from senior management and definition of the security policies of their role
- Arrangement of the Security Policy with the business goals of the enterprise
- Executing the security system in such a manner that is consistent with the culture of the enterprise
- Making sure that the enterprise has a good understanding of their security needs and are aware of the related risks
- Building an organisation wide understanding of the security management system; not just restricted to the mangers and higher ups in the management
- Providing the knowledge guidance on the information security policy and ensuring that standards has been distributed to all contractors and employees
- Training all contractors and employees in appropriate manner
Recognizing the key measurement parameters that would be used to assess the efficiency or competence of the information security management system