Risk Management & Supplier Assurance
Modern enterprises have many more points of connection with the outside world than previously. And there’s more data flowing through those connections than ever before. That provides essential business agility and speed. But it massively increases the risk profile, both in the size of the potential cybersecurity attack surface, and in the flow of information outside the corporate logical perimeter. An effective Risk Management regime is essential in today’s business world, but can be challenging to implement. Risk processes operate in silos at many companies, creating a multiplicity of frameworks and systems. Risk assessments must be completed prior to contract agreement covering all aspects of the lifecycle of the information assets involved in the transaction.
As supply chains become more complex and more connected, supply chain security is becoming a bigger and bigger issue for enterprises. As many as four in ten cyberattacks are now thought to originate in the extended supply chain, not the enterprise itself. PROTECT IT provides practical recommendations for improving supply chain security and enhancing visibility across the entire supply chain network.
Our Supplier Assurance Team will provide an indication of risk posed by external suppliers by conducting tests for design and operational effectiveness.
- Our teams will identify, articulate and assess any risk associated with the confidentiality, integrity, and availability of the critical assets in your organisation.
- Any remedial actions identified by PROTECT IT will be communicated to stakeholders before that commencement of any remedial action.
- All risks will be evaluated and managed through good practice risk management process especially in the situation hereby remediation cannot be achieved prior to engagement.
ISO 27001 Auditing
The need for Internal Audit to continue to challenge management and provide advice on the optimal balance between adequacy of control, risk exposure and cyber risk appetite against business needs, will be paramount in 2021 and beyond.
ISO27001 has become the de-facto standard in information security. Our experienced ISO27001 auditors would examine documentation and the evidence of controls in order to give you an unbiased view of the current status of security controls using ISO27001 as a benchmark. Protect your organisation with recommendations advice from security experts who would ensure that policies and procedures are maintained. Gain information security strategy guidance on best practice.
Enhance the cybersecurity controls of your organisation with advice from security experts at PROTECT IT. We would ensure that policies and procedures are maintained. Gain information security strategy guidance on best practice. Information security compliance is both an operational and a legal concern for organizations in many industries today.
Due to the increased reliance on information technology (IT), the value of information assets has increased significantly and maintaining repeatable, standardized operations relies on strong control compliance framework. Organizations depend mainly on IT to provide a platform for conducting business.
As a result, controlling risks to information assets via security controls has come to the top of the agenda at corporate board meetings. To comply with regulatory requirements enterprises must develop comprehensive information security compliance management programs such as Payment Card Industry Data Security Standards (PCI DSS), GDPR and many others. These regulatory standards prescribe recommendations for protecting data and improving information security management in the enterprise
M&A Cybersecurity Due Diligence
At PROTECT IT, our M&A Cyber security due diligence team has extensive experience in assuring technology change programmes. We bring methodologies and frameworks combining years of experience in delivering successful technology change programmes. Our services include Independent Programme Assurance, IT Due Diligence, IT Strategy, past major incidents, and Emerging Technology Risk.
Data vulnerabilities can seriously threaten the value of a business. As the cyber-risks facing organisations intensify, cybersecurity is becoming a critical part of the due diligence process for M&As. The Verizon and Yahoo case in August 2017, demonstrates the costly impact of an acquisition void of thorough M&A cybersecurity due diligence. When you buy a company, you buy its data.
And you take responsibility for its data security – past, present and future. That can mean inheriting its cyber failings, which can have a significant impact on its value. Yahoo!’s misfortunes reduced the price paid by Verizon to the tune of $350 million. Alleged state-sponsored attacks, organised hacktivism, leaked entertainment content and global ransomware attacks are becoming all too commonplace. The EU’s General Data Protection Regulation (GDPR) came into force on May 2018, ushering in potentially enormous fines: up to €20 million, or 4% of global turnover (whichever’s higher).
An effective cyber due diligence exercise should therefore involve a review of the target firm’s data protection measures, breach management, business continuity plans, compliance with industry-specific data regulations, and a dark web search for signs of a breached data.