For critical thought leadership and standardized, best practice advice
Our consultancy services build on our history of assessment and research as we
apply critical thought leadership in addition to best-practice guidelines.
Through consultation and collaboration we can help you can make informed
decisions on information security that support your business performance. We
provide a range of consultancy services that can be tailored to meet your
specific needs. These include:
- Architecture Review: Through our Security Architecture services we can
support you in securing your enterprise-wide business goals and objectives.
We can review your existing or planned architecture, or designs of
environments or systems. Employing a deep technical understanding of how to
best secure systems and their interactions, coupled with our infamous
threat-centric ability, we will ensure that a multi-layered, defence-in-depth
approach is applied. This will give you robust systems that are resistant to
- Configuration Review: Through our Configuration Reviews we will provide
you with additional insight into your target host's configuration, so that
you can identify and resolve additional exposures and configuration
weaknesses that may make your host more susceptible to compromise, or make a
successful compromise more effective. Our reviews can be performed separately
or in conjunction with our security assessments as both model threats from
- Secure Development Lifecycle (SDL): To strengthen your business offering
we provide a comprehensive SDL program, which includes workshops, threat
modelling, architecture reviews, code reviews and security assessments. This
way we can help you ensure that all your security weaknesses are identified
at the start of the development phase of the project and costly retrofits and
lengthy delays are avoided.
- Threat Modelling: Threat modeling provides you with a systematic way of
modelling your system or environment to enumerate and prioritise your risks.
Having a systematic approach helps to ensure that all your risks are
captured, rather than just the perceived ones. Through our Threat Modelling
services we can examine scenarios to find those that will most reduce risk;
guide testing plans and motivate activities to upper-management. This will
ensure that you have a clear, shared understanding of what can be achieved
and the benefits that can be brought to your organisation.
- PCI: As an Approved Scanning Vendor (ASV), we are ideally placed to help
you achieve and maintain your compliance in PCI. Through scanning and
penetration testing we will test against each of the controls and report on
the level of compliance you have achieved. Our detailed reports contain all
the non-compliant areas, plus other observations and recommendations.
- ISO27001: Having an ISO27001 accreditation gives assurance to your
customers that your business systems and information are secure. It
demonstrates a commitment to ensuring that they remain so too. Additionally
it can often reduce costs by significantly reducing the risk and severity of a
security breach. Through our ISO27001 services we can help you prepare for the
standard to guarantee compliance at audit.