Security Consultancy

For critical thought leadership and standardized, best practice advice

Our consultancy services build on our history of assessment and research as we apply critical thought leadership in addition to best-practice guidelines. Through consultation and collaboration we can help you can make informed decisions on information security that support your business performance. We provide a range of consultancy services that can be tailored to meet your specific needs. These include:

  • Architecture Review: Through our Security Architecture services we can support you in securing your enterprise-wide business goals and objectives. We can review your existing or planned architecture, or designs of environments or systems. Employing a deep technical understanding of how to best secure systems and their interactions, coupled with our infamous threat-centric ability, we will ensure that a multi-layered, defence-in-depth approach is applied. This will give you robust systems that are resistant to intrusion.

  • Configuration Review: Through our Configuration Reviews we will provide you with additional insight into your target host's configuration, so that you can identify and resolve additional exposures and configuration weaknesses that may make your host more susceptible to compromise, or make a successful compromise more effective. Our reviews can be performed separately or in conjunction with our security assessments as both model threats from different perspectives.

  • Secure Development Lifecycle (SDL): To strengthen your business offering we provide a comprehensive SDL program, which includes workshops, threat modelling, architecture reviews, code reviews and security assessments. This way we can help you ensure that all your security weaknesses are identified at the start of the development phase of the project and costly retrofits and lengthy delays are avoided.

  • Threat Modelling: Threat modeling provides you with a systematic way of modelling your system or environment to enumerate and prioritise your risks. Having a systematic approach helps to ensure that all your risks are captured, rather than just the perceived ones. Through our Threat Modelling services we can examine scenarios to find those that will most reduce risk; guide testing plans and motivate activities to upper-management. This will ensure that you have a clear, shared understanding of what can be achieved and the benefits that can be brought to your organisation.

  • PCI: As an Approved Scanning Vendor (ASV), we are ideally placed to help you achieve and maintain your compliance in PCI. Through scanning and penetration testing we will test against each of the controls and report on the level of compliance you have achieved. Our detailed reports contain all the non-compliant areas, plus other observations and recommendations.

  • ISO27001: Having an ISO27001 accreditation gives assurance to your customers that your business systems and information are secure. It demonstrates a commitment to ensuring that they remain so too. Additionally it can often reduce costs by significantly reducing the risk and severity of a security breach. Through our ISO27001 services we can help you prepare for the standard to guarantee compliance at audit.