ISRC Consultants Ltd have consultants which have been deployed in various Information Security programs and projects. Below are some of the cases where we have helped businesses & organisations to improve their security risk posture.
Top US Multinational Bank
Information Security Risk Assessment (ISRA) Program
Our consultants were deployed as part of a global drive to implement a newly developed annual Information Security Risk Assessment (ISRA) programme. This required business engagement and deep diving with business managers to identify all business processes and inventorise all the information assets that were used by each business process: Users, Applications, EUC (End User Computings, Third Parties, Tranportable, Media, Process Documentation. All information assets including Applications were risk rated & reviewed against the bank's information policy standards to identify all non-compliancy. Based on these results vulnerabilities for each process were formualted and threat analysis performed which when aggregated across all departments, divisions & regions gave the CISO a global view of non-compliance at each level. Risks were either accepted or remeditation plans were agreed for implementation.
Leading UK Bank
Identify & Access Management (IAM)
Our consultants were deployed by a leading UK bank provide Project Management & Business Analysis services for the on-boarding of nearly 600 applications onto their Roles Cased Access Control (RBAC) entitlement review system. The entitlement review system allowed line managers to review staff access to systems to identify unauthorised access.
The project required the review of each application to identify whether it met the criteria for on-boarding. This required identifying and engaging the Application Manager and/or Business Managers. For those applications which met the criteria, each app developer was required to develop and deliver a feed file which contained all the users and their permissions. For those applications with deep & complex permissions roles and groups had to be defined and agreed.
The project was delivered on budget and in time. Processes and procedures were developed to ensure newly developed applications were easily identified for on boarding. Project closure documentation was also provided which included lessons learnt and recommendations to reduce risk and increase efficiency.
Top UK Bank
Data Loss Prevention (DLP)
Our client decided to retain our services for business analysis on the banks selected Data Loss Prevention (DLP) project which had been ongoing for over a year. Our remit was threefold:
1. Engage with Data Privacy champions in department to articulate their DLP policy requirements and use that information to develop and test DLP policies.
2. Engage the vendor to tailor the selected DLP tool (Orchestria) to meet the business's requirements.
3. Integrate the working solution into the production environment.
4. Develop and document the various processes to create a service which could be handed over to Security Operations Delivery team.
UK Bluechip Company
EU GDPR Data Protection Impact Assessment (DPIA) Onsite Workshop
One of our GDPR certified Data Privacy experts recently led a workshop at the request of a leading UK business. The 1 day training provided an overview of the new Regulation, but more importantly our expert provided the tools and used every day examples on how to use them. The class of 26 was extremely impressed with the hands on knowledge they gained and the tools they received. The client has since then contacted requested us to provide further consultancy work on GDPR.