Until recently, security spend may have been insufficient or a low priority in your business. But something’s changed: perhaps a change in focus, new regulations such as GDPR or a specific incident have given you pause for thought. Either way, a knee-jerk reaction to security improvement can be more damaging than effective.
At Burning Tree, we have a strong understanding of security governance, operations and compliance requirements such as the EU GDPR, PCI Data Security Standard, ISO 27001:2005 and Sarbanes-Oxley. We provide you with a methodical approach that covers access to collateral, policies, improvement services and people to help you navigate complex security governance and compliance regulations.
Typical engagements we can help you with include:
Comprehensive, continuous monitoring from core infrastructure through to advanced Cloud-application delivery.
Building of an Information Security Management System (ISMS)
Defining and prioritising initiatives to improve security posture and reduce risk.
Measuring progress with a capability maturity assessment, benchmarked against industry sectors.
Security demand and requirements management.
Project triage and assessment.
Assessment forms, e.g. Privacy Impact Assessment (PIA), Vendor Risk Assessment (VRA), Exception handling.
Definition and implementation of a risk-based framework to prioritise improvement and mitigation.
Process enablement for compliance and reduction in findings, failure and fines.
Protection of critical assets by improving data and application security.
Full compliance with privacy laws, such as GDPR, and innovative approaches to reducing risk.
Subscription service supported by our consulting team, which enables on-demand security advice, guidance, governance collateral and reference architectures.