Information Security Analysis

The Information Security Analysis (ISA) service is one of ITSEC’s key offerings and complies with ISO27001/ISO27002 standards.

The ISA service provides a comprehensive analysis and review of organisations’ situation in relation to information security.

The scope of the service includes, but is not limited to, a comprehensive assessment of organisations’ information-system-security-policies, the standard operating procedures around cyber-incident-management, business continuity, and disaster recovery.

The main benefits of the ISA service to organisations are:

•  A review of the current state of organisational information security posture, including an analysis of information assets, security infrastructure and associated configurable items. This helps enterprises to formulate or fine-tune their strategy for information security.
•  An excellent return on investment thanks to the optimised security measures and secure information infrastructure.
•  Assistance in preparing the ground to conform with the ISO 27001 standard.

Our approach in delivering a comprehensive information security analysis involves several vital activities, such as technical and management aspects of Information Security Management Systems (ISMS).

In the course of an ITSEC ISA service delivery, our consultants also focus on knowledge exchange with clients and deliver a comprehensive training programme that ensures a thorough understanding of the assessment results.

For best results, it is advisable to combine ISA service delivery with penetration testing executed as a first stage of the project. This measured approach provides additional benefits, such as increased security awareness, practical evaluation of implemented security measures, and an assessment of the impact of discovered security weaknesses.

The outcome of an ISA service delivery is a comprehensive project report along with a presentation to our client’s executive management and technical teams. The project report contains the assessment findings, security risk weaknesses, risk probability and impact assessment, and detailed remediation measures.

Cyber Incident Response Plan (CIRP) Analysis

A cybersecurity incident is a disturbing event that threatens confidentiality, integrity, or availability of organisational information assets.

Cybersecurity incidents can include an unintentional or intentional disclosure of sensitive or protected information, data breaches, data theft, acts of intrusions, such as cyber attacks, to networks, or a full-blown system compromise by external attackers or faulty operational processes getting exposed or exploited by members of own staff.

Information security incident management involves the monitoring and detection of security events on information assets and the execution of appropriate responses to those events.

A Cyber Incident Response Plan (CIRP) is a specific form of an incident management plan. Its primary objective is to define a well-understood and expectable response to cybersecurity incidents. By implementing CIRPs, businesses can be proactive about cybersecurity and prevent potential damage.

Members of staff that are most likely be dealing with the cybersecurity incidents are organisations’ IT security teams.

A CIRP should at least describe:

•  The types of incidents or crisis situations that trigger its activation.
•  A framework for the required actions to mitigate and control the impact during and after the incident.
•  The details of an incident response team, including clearly defined roles and responsibilities of each person performing those actions.
•  A communication plan, including communication procedures, messaging intervals, contact lists of the stakeholders.
•  An event log to record information, decisions, actions, and evidence that is taken during an incident.
• A set of recovery goals and objectives.

Business Continuity Plan (BCP) Analysis

Business Continuity Planning (BCP) is a subset of the organisational business risk management. It is an overarching and more comprehensive approach in comparison to a Disaster Recovery Plan (DRP).

The main purpose of a BCP is to create recovery systems in relation to potential threats to a company.

By having a BCP in place, organisations seek to protect their mission-critical services and give themselves their best chance of survival. This type of planning enables them to re-create services to a fully functional level as quickly and smoothly as possible.

A BCP aims at the restoration of systems to full functionality under a variety of damaging conditions that businesses face from time to time. The focus of a BCP is to sustain an organisation’s critical processes including IT security during and after a disruption. It entails the processes and procedures that are carried out by them to ensure that essential business functions continue to operate during and after a disaster.

A BCP generally covers most or all of an organisation’s critical business operations.

BCP and Cybersecurity

It is increasingly important for a BCP to cover cybersecurity.

Cyber attacks can result in a loss of reputation and public ridicule, besides a loss of business opportunity and the threat of potential litigations. A breach in security can create temporary or permanent damage to organisations. Mitigation measures, along with BCP reviews, can protect technology assets, prevent hacking, and ensure business continuity. Therefore, cybersecurity is critical to business continuity planning.

The information security aspects of a BCP policy aids by decreasing the risks of potential disasters and recovery.

Business continuity planning and associated documentation is done prospectively and can include preventative measures. A business impact analysis is often required in order to distinguish critical and non-critical organisational functions. Functions are crucial if they are necessary by law or if their disruption is unacceptable. After defining recovery requirements, a cyber threat and risk analysis should be carried out in order to collect and list the different threats and their recovery steps. Impact scenarios should be conducted to support a business recovery plan, including BCP testing. Once the business and technical impacts are analysed, the requirements for the solution design, implementation, testing, and periodic maintenance are assessed.

Even if an organisation’s cybersecurity incident response plan is efficient, it is good practice to align it with the business continuity plan rather than having two different response models.

All organisations—large and small—require a BCP.

ITSEC’s expertise helps organisations in analysing their business continuity plan and suggests recommendations. It can assist organisations to develop a bespoke strategy around business continuity with an emphasis on security.

Disaster Recovery Plan (DRP) Analysis

A majority of organisations are unlikely to recover from a cyber attack if it occurred today.

Disaster Recovery Plans (DRP) have always been the basis for business continuity in the event of natural, environmental or other man-made disasters.

DRPs define and comprehensively document processes of actions required to protect and recover a business’ IT infrastructure in the event of a disaster.

The primary objective of a DRP is to describe the procedures for moving to an alternate processing site and returning to the primary site within a minimal time frame whenever any disaster occurs in the information systems.

A DRP generally consists of technical plans ready to bring systems back up after a crisis and typically includes:

• Artefacts on how to restore critical systems.
• Failover system details.
• Teams and vendor details to expedite system restoration.

Although there are some similarities, disaster recovery is not the same as cybersecurity recovery. The former focusses on business continuity after a disruption, and the latter seeks to salvage the information assets after a breach.

When drafting a DRP, cybersecurity often gets overlooked even though it is a critical point in the risk management process.

The elements of threats within security recovery plans are more frequently observed than within DRPs. They can be quite destructive and require security recovery plans to describe how to respond to such risks.

A DRP should factor in all potential interrupters. A business impact analysis study should be conducted in order to state the priorities of business continuity without ignoring cybersecurity and recovery time.

ITSEC helps organisations in analysing the effectiveness of their DRPs. We also ensure that the DRP aligns with the business continuity plan in order to safeguard information assets and achieve a quick recovery.