Knowledge Transfer to meet governance, risk or compliance requirements
We partner with you to translate technical vulnerabilities and impacts into business risk. We’ll guide your organisation to become more resilient, taking into consideration any governance and compliance requirements, ensuring the best return on investment for your cyber security strategy and security maturity uplift requirements.
WHITE ROOK Cyber Security Strategy Advisory services will help you align the security of your organisation to your organisation’s strategic objectives. Whether it is tightening up the security to align to your risk appetite, or using security as an enabler for new business initiatives, our strategy advice will allow you to achieve your objectives and provide a greater level of security for lower cost.
Using security professionals with decades of experience, WHITE ROOK Cyber will provide high level analysis and advice, specific to your industry, organisation, and unique circumstances. We will help you define a 3-5 year strategy allowing long-term stability with consistent expectation of security, fulfilling legal and compliance requirements and maintaining your customers’ trust.
Gap analysis, implementation and advisory services for ISO27001, NIST , and Essential 8
The international standard ISO27001 (and ISO27002) is recognised across the world. The standard provides a risk based approach that will optimise your security controls, leaving you with efficient and effective security. In addition, the standard is auditable, meaning you can show your customers your ISO27001 accreditation.
WHITE ROOK can perform a gap analysis for ISO27001, or assist with the implementation activities post the assessment. We will walk you through the complete implementation of the framework in your environment, dealing with the different stakeholders in the business to ensure the project is a success.
NIST Cybersecurity Framework
WHITE ROOK can help your organisation gain alignment and maintain compliance with the NIST Cybersecurity Framework.
This framework provides a sensible baseline of security that is appropriate for all organisations. It is split into five sections: Identify, Protect, Detect, Respond and Recover.
As part of our NIST compliance services, we can guide you through using the NIST framework to enhance and optimise the security of your organisation. Whether you aim for full compliance, or you incorporate a subset of the framework into your security strategy, we can provide the visibility, analysis, policy and process development, and advisory services you require.
ACSC Essential 8
The ACSC has published eight essential security controls that it believes are appropriate for all organisations. These are:
- Application whitelisting
- Patch applications
- Configure Microsoft Office macro settings
- User application hardening
- Restrict administrative privileges
- Patch operating systems
- Multi factor authentication
- Daily backups
We have an assessment methodology that can test your organisation against the ACSC Essential Eight Maturity Model. This assessment methodology uses automated and manual tools and techniques to test which controls are in place and which controls, and the required maturity level for each control, aligns to in your organisation.
Our consultants can then provide recommendations and advisory services for improving the maturity level of your organisation and gain alignment with the standard. This can be used to show your clients and government agencies you have the baseline of security in place.
A Virtual CISO can provide ongoing tactical and strategic support, including board presentations, chairing steering committees, and aligning risk to the organisation’s risk appetite. Our Virtual CISO provides expertise and experience to your organisation, making you safer and more secure. While managing risk, the Virtual CISO can also help align cyber security as an enabler of new offerings and value for customers.
Following a security assessment, be it technical or business related, WHITE ROOK Cyber provide briefings tailored with relevant information needed to make sensible decisions at the executive level. This includes Risk Committee, Executive Teams or your company Board.
In our executive and board debrief, our Principal Security Consultant will analyse the results, contextualise the results in the organisation and industry, and provide the information in a presentation suitable for an executive or board audience. With exposure to both business and technical security, our Principal Security Consultant can bridge the gap to give your executive and board the information they need to make effective decisions to manage cyber security risk.