Our consultants are specialists from law enforcement, military services, niche service providers and the big four consulting houses.
We have real world experience across all market sectors and verticals. We only take on work we know we can complete in line with your requirements. We support ‘plain English’ so engaging with us is easy and simple.
So whether you are a public or private sector organisation, we are able to help you meet your Audit & Assurance requirements.
Key Audit & Assurance Services:
The entry point to any engagement is review of your requirements, followed by a scoping process that would typically involve a ‘gap analysis’ and the subsequent development of a remediation plan to get you to the standard you wish to achieve.
Testing is an essential part of any security solution. Far from being security theatre or the usual list of vulnerabilities that most organisations provide you with we are different. Coupled with our advisory business we can set real context around the risks you face within your organisation and the criticality of these to you.
This is in real world language not just a set of CVSS scores that does not assess the context or understanding of the bigger picture.
PCI Penetration Testing
This process specifically meets the needs of PCI DSS. Our testers (some of whom are QSA’s) work closely with our QSA team to ensure that any testing in this area will allow you to pass an audit.
Vulnerability and Malware Analysis
Most companies just get out a copy of Nessus and provide you with a list of vulnerabilities with a CVSS score. Not us, our team of specialists can help in analysing vulnerabilities or malware threats and then categorise these against your business and technical posture giving you a true risk, that allows measured and appropriate response.
Request a no obligation Scoping Call:
Our public and private sector clients include SMEs, larger corporate organisations and non-commercial institutions.
We deliver solutions which include strategic information assurance planning and design, cyber threat-vectoring and analysis, compliance (with standards such as PCI DSS and ISO27001:2013), digital forensic incident planning/response and education/training.