Smart Security. Smart Compliance.

Service Guide

SRM Service Guide

www.srm-solutions.com | 03450 21 21 51© Copyright Security Risk Management Limited

www.srm-solutions.com | 03450 21 21 51© Copyright Security Risk Management Limited

Smart Security. Smart Compliance.

1

This broad portfolio allows SRM to provide an effective service, making the most of consultants’ skills and offering you better value for money.

Having one service provider also improves project accountability and delivery by minimising any potential disruption to operations. Having multiple service providers on site could result in a duplication of effort, investment inefficiencies and conflicts of interest.

SRM experts, drawn from the private sector, police service, armed forces and government agencies, offer an exceptional skill-set and depth of experience, all delivered to a first-class level of service.

SRM’s existing clients, who range from small and medium size businesses to government departments, charities and other non-commercial institutions, trust SRM because we deliver what we promise.

IntroductionSecurity Risk Management’s (SRM) specialists cover the full scope of the Governance, Risk and Compliance agenda such as information assurance to UK Government, NATO, PCI DSS, N3 and ISO 27001 standards, business continuity, operational risk management and computer & network forensics.

SRM Service Guide

www.srm-solutions.com | 03450 21 21 51© Copyright Security Risk Management Limited 2

Service deliverablesWith a wide range of knowledge and practical experience, our consultants are ready to help you understand the risks to your information assets and manage them effectively.

Consultancy Services

Virtual Chief Information Security Officer (VirtualCISOTM)VirtualCISOTM provides a cost effective bespoke portfolio of professional services supporting, resourcing and advising CISOs on all practical and strategic aspects of Information Security.

Organisational Risk Profiling & ManagementOur experienced consultants understand all relevant compliance requirements and, through a collaborative consultative process, will determine a proactively managed strategic plan aligned with your organisation’s risk posture and business goals.

Access your own VirtualCISOTM team led by an individually-assigned senior IS consultant who will be your key contact throughout

Engage with experienced highly qualified consultants to develop, enhance and refine a comprehensive information security strategy

Prioritise activity through an analytical audit of your existing risk, compliance and security frameworks

Develop and deliver senior-level presentations detailing your security posture to key stakeholders

Assess and develop the information security skills of your wider team

Co-ordinate any security breach or incident investigations within a remedial, preventative strategy

Benefit from a pragmatic and collaborative relationship where trust is key: you will never be pressured to utilise services you do not need

Draw on the expertise of the wider SRM team if required including penetration testing, PCI compliance and Cyber Essentials

www.srm-solutions.com | 03450 21 21 51© Copyright Security Risk Management Limited

Smart Security. Smart Compliance.

3

To ensure minimal disruption, SRM develops a resilient future state model, based on an evaluation of your current operating state. Understanding that all plans should be tested, we ensure that our jointly created DR plan is safely invoked to demonstrate its effectiveness.

Dedicated Customer Support PortalThe SRM portal initiative is free to VirtualCISOTM clients and invited participants. It provides best practice, thought leadership, Q & A, legislative and security breach news with remediation techniques where applicable.

Disaster Recovery (DR) Planning & Health Checks

Business Continuity Planning (BCP) & Health ChecksOur BCP consultants are either Members or Fellows of the Business Continuity Institute and will evaluate existing BC plans and ‘stress test’ via a business impact analysis process providing a gap analysis and risk profile/analysis to create an enhanced plan. Our health check focus is to ensure mission critical services for your customers are recovered in a timely, ordered manner.

Information GovernanceAt SRM we understand that regulatory compliance and/or litigation are the usual drivers for an IG Programme. However, through efficient management of easily accessible data and only retaining what is essential, companies can make tangible cost savings via storage efficiencies and significantly reduce their risk profile.

Our team can help you structure and design a coherent Information Governance framework which enables you to get the most from your existing investment and focus future investment on delivering effect that supports your corporate objectives.

Improve Internal Information Security expertise via thought leadership, C-level mentoring and team/individual mentoring and coachingAt SRM we have created a team of consultants from multiple sectors bringing a range of relevant deep sector experience to our delivery assignments whilst providing thought leadership via both our blogging, C-level mentoring and VirtualCISOTM programmes.

Security Programme Design and Health Checks / Information Security Strategic Guidance, Policy Design and Health ChecksA detailed security analysis identifies gaps, providing SRM with the foundation on which to build an innovative bespoke security programme, balancing business objectives with the need to manage information security proactively. We also identify the critical security risks and challenges presented by emerging technologies, creating a strategic roadmap to mitigate immediate and potential threats to secure customers and partners.

SRM Service Guide

www.srm-solutions.com | 03450 21 21 51© Copyright Security Risk Management Limited 4

Compliance Services

General Data Protection Regulation (GDPR) & Data Protection (DP) GDPR applies to any country processing EU data and will impact on virtually every UK business. Compliance preparation in readiness for May 2018 is therefore key. SRM provides data discovery solutions supported by expert consultants to ensure full compliance with GDPR.

Payment Card Industry Data Security Standards (PCI DSS) – SAQ to full RoCWe have one of the largest teams of QSAs in Europe. We conduct your PCI assessment in order to validate and maintain your compliance with the PCI DSS. We also provide guidance in an advisory role to review any gaps between your documentation, policies, training, IT systems, processes and the requirements of the PCI DSS.

Not only does PCI DSS compliance provide you and your customers with the peace of mind that data is secure; failure to adhere to the PCI DSS requirements could result in a loss of customer trust and enforced PFI investigations and fines.

Payment Application Data Security Standards (PA DSS)Our PCI PA-DSS certified consultants can advise on payment application software design and review existing software to ensure your payment application stores, processes or transmits cardholder data in a PCI DSS compliant manner. ISO 27001 Lead Auditor & Pre-Audit preparation

SRM understands that the broad applicability of ISO 27001 can make the correct application of the Standard to any organisation a challenge. We have experienced Lead Auditors who, using gap analysis and an action plan will guide you on the scope, the appropriate controls required and undertake pre-audit activities to ensure you are well placed to achieve accreditation.

Cyber Essentials (CE)Cyber Essentials (CE) is a government-backed, industry supported scheme to help organisations protect themselves against common cyber-attacks. SRM can support you in becoming CE certified which is a mandatory requirement for organisations wishing to undertake work for government departments and agencies.

Information Security (IS) Awareness TrainingSRM offers bespoke courses to develop your teams IS awareness; aligned to your business to ensure all stakeholders understand the on-going importance of IS to business operations. SRM also provide cost effective e-learning course options.

www.srm-solutions.com | 03450 21 21 51© Copyright Security Risk Management Limited

Smart Security. Smart Compliance.

5

Information Security Testing & Compliance

Bespoke Penetration TestingNot only does your system need to be secure; it needs to be seen to be secure. We work with you to understand your business requirements to develop a test plan which satisfies all stakeholders that your web and supporting infrastructure are secure.

Our service considers external and internal threats using proven tools to simulate attacks on your infrastructure.

Websites and associated applicationsThird party applicationsFirewall, IPS & IDS EvasionCompany and client wireless solutionsInternet of Things (IOT) both devices and management infrastructureEnd user device testing including printers and other peripheral devicesMobile applications (IOS/Android & Windows), including OWASP Top 10 Mobile RisksSocial engineering (to fully test your IS awareness policies)Telephony / VoIP systems (on premise and hosted solutions)

We hold a range of accreditations both at a company and individual level including QSA, PA-QSA, CISSP, Cyber Essentials (IASME) and Tiger.

Our deliverable to you will be a comprehensive but easy to understand detailed breakdown of all your results presented by a consultant in an easily interpretable report. It will identify the threats in a jargon free manner so that we can work together to mitigate the key risks to your business.

Vulnerability AssessmentSRM provides a leading web application and infrastructure scanning tool which automates the discovery of security flaws within network perimeters to quickly identify any required remediating actions.

Web Application TestingTesting a web application is key to ensure malicious attack attempts don’t exploit poor configuration, out of date patching, cross configuration issues, cross site scripting attacks or injection attacks.

Network Security TestingYour network (wired, wireless and cloud based) is the business connectivity you rely on. Regular and robust testing will identify any risks to the backbone of your operation. SRM’s network testing methodology includes:

Routers, switches, firewalls (both physical and software based) and Wi-Fi access points internal and external to the organisationRemote access solutions and Virtual Private Networks (VPN)Company telephony solutions, including Voice Over IP (VoIP) and any mobile solutions in scopeReview of Operating Systems, patching policies and change governance processCloud deployed services including client access as appropriateWeb serving applications including any in scope databases

SRM Service Guide

www.srm-solutions.com | 03450 21 21 51© Copyright Security Risk Management Limited 6

Emergency? Call our incident response team on 03450 21 21 51Don’t hesitate to call our team if you have a problem. We’re available 24 hours a day, 7 days a week.

Incident response

PCI Forensic Investigation (PFI)SRM is one of only 19 PCI PFIs in the world and one of the top three PCI PFIs operating from the UK. SRM provides pragmatic and collaborative management of the PCI DSS requirement, supporting your business following any breach and offering effective remediation services.

Retained PCI Forensic Investigation (PFI) ServiceSRM offers a bespoke retained PFI service, working proactively through regular strategic reviews to develop enhanced risk mitigation and ensure rapid remediation and minimal disruption in the event of a breach.

Incident Hotline & Remote SupportOn hand 24/7 x 365, our dedicated response team provides professional, pragmatic and strategic support in the event of any type of incident, enabling you to focus on your business activities.

e-Discovery and Data Cleansing including Consultancy supported Remediation ServicesSRM has the complete solution for the identification, remediation and monitoring of sensitive personal data across your entire network. We work with you to reduce the risk of a data breach by containing the valuable customer, employee and payment information hackers are after, and simplify the processes required to make security a business-as-usual practice for your organisation.

Digital Forensic & Investigative ServicesFrom forensic laboratories in Rugby and Newcastle, SRM provides services for institutional and private clients. From large scale criminal investigations spanning the globe to personal investigations for individual clients, our team is skilled in all technology platforms. SRM will be ISO 17025 compliant by October 2017.

Security Breach, Incident Management & Containment Support (On-site & Remote)Breaches happen. But having the right team on hand to identify, analyse, correct and report on incidents saves money and reputation while reducing future risk and freeing you to continue to trade.

To find out more...Call us on 03450 21 21 51 Visit us at srm.solutions.com | Email us info@srm-solutions.com

srm-solutions.comT. 03450 21 21 51 | F. 0191 247 5755 | E. info@srm-solutions.com

© Copyright Security Risk Management Limited. All rights reserved. Company registration number: 3950239

Cyber Security Suppliers to

The Grainger Suite, Dobson HouseRegent CentreGosforthNewcastle upon Tyne NE3 3PF

Newcastle upon Tyne

Sir Frank Whittle Business CentreGreat Central WayRugbyWarwickshireCV21 3XH

Midlands

Portland HouseBressenden PlaceLondonSW1E 5RS

London

Smart Security. Smart Compliance.