Information Security Governance (ISO 27001) – We can advise on a security governance framework and strategy appropriate to any organisation; produce suitable policies, procedures and security infrastructure; and design and implement a relevant information security awareness programme for all staff.
Security Risk Management – Kingston Smith Consulting can create and maintain a risk management framework relevant to the organisation. The framework documents a common and agreed level of IT risks, mitigation strategies and agreed-upon residual risks.
Vulnerability Analysis – A process that defines, identifies, and classifies the security vulnerabilities in a computer, network, or communications infrastructure.
Web Application Security Review (OWASP) – We can perform a specialised vulnerability analysis on internet facing applications to assess potential security exposures in their implementation.
Penetration Testing – The perimeter of a network where it connects to external sources (eg the internet, or a third-party’s own network) is a potentially weak area of defence, and should be regularly tested to provide assurance over its integrity. Kingston Smith Consulting has staff with appropriate specific skills to perform this work using a range of tools.
Incident and Response Management – Timely and effective response to IT user queries and problems requires a well designed and well-executed service desk and incident management process. Kingston Smith Consulting can assess the process, technology and organisation using a relevant maturity model.
Identity Management – All users (internal, external and temporary) and their activity on IT systems (business application, system operation, development and maintenance) should be uniquely identifiable. We can ensure that cost-effective technical and procedural measures are designed and deployed.
Data Encryption – Encryption is one of the mechanisms used to protect the most sensitive data, but needs to be implemented carefully to be cost-effective, manageable and legal. We can devise and implement the most appropriate encryption architecture for any organisation.
Security Awareness Training – The design, implementation and roll-out of a programme of regular training to ensure that all staff in an organisation are aware of their security role and responsibilities.
Security Architecture Design – Implementation of a framework covering personnel, hardware and software to protect an organisation’s assets most cost-effectively. This may also include the assessment or specification of appropriate physical security and environmental controls.
CLAS – The Public Sector including the UK government requires work to be performed by CLAS certified consultants who have appropriate technical skills, understand government methodologies and techniques; and have appropriate security clearances to ensure security. We can provide CLAS consultants certified up to level 3 to provide the Public Sector and UK government with Information Security and Assurance related services.
