Nobu evaluates your current existing ICT enterprise from a security architecture perspective to ensure the business objectives can be met securely and in accordance with the array of security standards and legislations relevant to the sector your company operates within.
Reviewing the current ICT enterprise and its adherence to the security regulations, standards and procedures covered below
Providing ICT, Procedural and Physical Security with an understanding of the regulations, standards and procedures required to comply in a specific market sector. This will include but not be limited to: CESG Information Assurance Standards, Common Criteria, CESG Good Practice Guide, CESG Architectural Patterns, industry best practice, ISO27K, pertinent UK law and SOC 2 Trust Service Principles
Defining the business requirements of the ICT enterprise, identifying key business drivers for security and requirements for the short and long term.
Produce a gap analysis and threat assessment of the ICT Enterprise based on CESG Standards, utilising the CIA Triad
Recommend appropriate and proportionate security controls/countermeasures utilising People, Process and Technology. For example, improving authentication of remote users via a combination of user awareness training (people), robust password policies (process) and MFA (technology). Where technology controls are required Common Criteria and CESG Architectural Patterns shall be applied.
Recommendations provided in the form of a Security Technology Roadmap, providing the organisation with an understanding of the urgent high risk areas through to the quick wins and long term goals