Security spend may have been insufficient or deprioritised up until recently in your organisation. Somethings changed, maybe an incident, perhaps new regulations such as GDPR, or even a change in focus – either way a knee-jerk reaction to security improvement can be more damaging than effective.
Burning Tree provide our clients with a methodical approach that includes access to collateral, policies, improvement services and people to help them navigate complex security governance and compliance requirements to improve maturity and capability in this field. Burning Tree are best suited to help improve security with a strong understanding in security governance, operations and compliance (e.g. EU GDPR, PCI Data Security Standard, ISO 27001:2005, Sarbanes Oxley).
Typical engagements we have performed for our customers include:
Information Security Architecture Services:
Comprehensive, continuous monitoring from core infrastructure through to advanced Cloud application delivery.
Security Improvement Program:
Building of an Information Security Management System (ISMS)
Define and prioritise initiatives to improve security posture and reduce risk.
Measure progress with a capability maturity assessment, benchmarked against industry sectors.
Security demand management.
Project triage and assessment.
Security requirements management.
Assessment forms, e.g. Privacy Impact Assessment (PIA), Vendor Risk Assessment (VRA), Exception handling.
Definition and implementation of a risk based framework to prioritise improvement and mitigation.
Process enablement for compliance and reduction in findings, failure and fines.
Data Protection Services
Protect critical assets by improving data and application security.
In full compliance with privacy laws, such as GDPR and innovative approaches to reducing risk.
Subscription service enabling on-demand security advice, guidance, governance collateral and reference architectures supported by our consulting team.