25 July 2008
Search the site
Home
About Us
Contact Us
Sitemap
 
 
  News & Events Room News & Events Room
  Defence Defence
  Homeland Security Homeland Security
  Civil Aviation Civil Aviation
  Products And Services Products And Services
  Reference Library Reference Library
 
 

Consultancy Work Experience


Please find below snapshots of recent projects delivered by Our Information Security Consultants:

  • Delivery of an ISO 27001 (BS 7799) / ISO 17799 training course for a utility organisation. The course was tailored to address recent changes to the Standards and to prepare the customer for ISO 27001 re-certification.
  • Delivery of multiple pen tests to a major UK FTSE 100 household product manufacturer encompassing infrastructure and web application layers.  
  • CLAS consultancy delivering wireless security consultancy for a central government body. The assignment identified key threats, necessary countermeasures and infrastructure designs for secure internal and remote access via wireless technology. It also addressed relevant government policy including Residual Risk Assessment.
  • Provision of Vulnerability Assessments to a major UK utility company testing multiple critical internal and external applications running on multiple platforms. 
  • CLAS consultancy implementing a Risk Management and Accreditation Document Set (RMADS) for a central government agency handling protectively marked information. This addressed a new technical solution to allow home workers and remote workers access to the agency’s central systems, and considered risks and protective measures for laptops, home based PCs, and different connections such as PSTN, ISDN, DSL and Internet, and use of MPLS, VPN and SecurID tokens technology. Government standards and guidelines were applied.
  • Information security consultancy for a local authority creating a flexible (mobile) computing policy, embracing all remote access requirements including home workers and remote workers based at any location e.g. hotels or third party offices. The policy considered all forms of client based technology e.g. PCs, laptops, PDAs, media devices, mobile telephones as well as all forms of remote network connectivity e.g. PSTN, ISDN, DSL, Internet and third party connections. The policy took into account the council’s existing and predicted business requirements.
  • Security consultancy for a university conducting a BS 7799 Gap Analysis of organisation-wide information systems, policy, controls, processes and procedures. This involved a review of existing information security policy and documentation, and interviews with key stakeholders i.e. senior management, strategy and policy committees, and implementers. A Gap Analysis report was delivered, acknowledging existing controls, highlighting significant gaps and recommending solutions. The project culminated in a formal presentation to key stakeholders.
  • Consultancy for a local authority developing an Information Security Policy document set: a Policy Statement, User, Management & IT Services Policies and Standards, and supporting sub-policies.  In addition, this project involved a Gap Analysis of existing security measures. BS 7799 and relevant e-Government Strategy Framework Policies were used as a framework.
  • CLAS consultancy for a local authority, assisting with implementation measures to meet the GSi Code of Connection requirements, including ISCJIS criminal courts connectivity. This entailed review and amendment of existing Information Security Policy documentation and the identification of further measures to meet connectivity requirements.  GSi knowledge was required, including familiarity with the Recommended Architecture for GSX.
  • Information security consultancy for a local authority. The council was in the process of undertaking a programme to implement a Customer Contact Centre.  To ensure the council had an appropriate, efficient, secure and cost effective IT environment to support the programme and all other electronic information requirements, it required review of its infrastructure and information security strategy.  Consultancy delivered included the production of a BS 7799 security best practice gap analysis, an information security risk assessment (impacts and probabilities) and a security improvement plan to mitigate unacceptable risks.
  • Risk Assessment and Risk Management consultancy for a local authority.  This project involved a risk assessment of the council’s payroll operations and has provided the following: an impact assessment of Payroll information and assets based on losses of confidentiality, integrity and availability, identification of key interdependencies, an assessment of the threats and vulnerabilities which apply to this area of work, an assessment of the level of protective and enabling security factors (technical, physical, personnel and procedural), which support and facilitate payroll operations, recommendations of further security countermeasures to mitigate unacceptable risk based on impacts and probabilities, delivery of training and documentation that has provided a framework for the council to conduct any subsequent work in a consistent way.
  • Security consultancy for a local authority, conducting an Information Security Gap Analysis, using BS 7799 guidelines.  This involved Information Security Policy review, technical and procedural reviews, a series of interviews and presentations with management and technicians, and the production of a Gap Analysis report, highlighting existing strengths as well as security gaps, and providing prioritised recommendations for improvement.
  • Information security consultancy for a local authority.  This entailed Information Security Reviews, Risk / Threat Assessment, updating the Security Improvement Programme, project management, and took into account e-Government requirements. It culminated in a presentation to senior management to acquire support for the recommendations.
    Autumn 2003 to Early 2004
  • BS 7799 consultancy for a local authority.  Consultancy entailed the strategic selection of an Information Security Management System (ISMS), formal documentation of an ISMS Statement of Scope, delivery of a Project Initiation Document and preparation for the next stages i.e. BS 7799 Gap Analysis and BS 7799 Risk Assessment, which the council wished to undertake in-house.  Key drivers for the project were to raise assurance levels, image and reputation with e-Government partners and the public.
  • Risk Assessment and Risk Management consultancy for a commercial organisation.  This project had the following objectives: wireless LAN risk assessments, third party access risk assessments, creating a (BS 7799 compliant) risk assessment method for on-going use by the customer, and training customer staff in the risk assessment method.  The assignment included: creating a Project Initiation Document, information gathering via customer documentation and staff interviews, producing an Information Asset Register, documenting Threat, Vulnerability and Risk Assessment reports, deriving a Risk Management approach to managing identified risks, selecting cost-effective countermeasures, workshop based customer staff training and formal presentations to senior management.

Further Information

Please Contact Us with your questions
 
 
© Boldon James Ltd. All Rights reserved. Terms of use | Privacy Policy