Alignment and Uplift Activities
A number of industry standards exist, and without knowing where to start, it can be difficult to determine how to meet these. PrivSec will work along side you to determine your current state, and recommend pragmatic uplifts, specific to your organisation, that can be conducted to increase your maturity and reduce audit effort when achieving a third party standard.
|
ISO27001/2 Alignment and Internal Audit
ISO27001 can seem like daunting standards to conform to, but is often required, depending on the environments you are operating in. Our consultants are experienced in aligning organisations with this standard, and assisting in the development of related policies and artifacts to help you meet it. Members of our staff have completed ISO27001 lead auditor training, and are well versed with the requirements of the standard.
Payment Card Industry Data Security Standard (PCI DSS)
Do you take credit card payments? This might be via your call centre, website, payment terminals, or mobile app. If you store, process or transmit cardholder data, you have a requirement to meet the Payment Card Industry Data Security Standard (PCI DSS). PrivSec can help you with:
- Defining your cardholder environment
- Conducting a full range of penetration testing required for your environment to meet the requirements of the standard
- Conducting a gap analysis of your environment
- Completing your Self Assessment Questionnaire (SAQ)
- Answering ad hoc questions regarding how to best meet the PCI standard
Protective Security Requirements (PSR)
PrivSec Consulting has experience assisting our clients in uplifting their organisations' security posture to advance their Protective Security Requirements (PSR) maturity. We do this through working alongside your internal stakeholders, determining current maturity, then developing an ongoing schedule of work to uplift the organisation over the four PSR domains:
- Governance
- Personnel Security
- Information Security
- Physical Security
NIST Cyber Security Framework (CSF)
The CSF is a voluntary standard and best practices fro managing security risks, containing the following six core functions:
- Govern
- Identify
- Protect
- Detect
- Respond
- Recover
ACSC Essential 8 & CERT Top 10
The NZ CERT provide a series of key security controls, as does the Australian Government through the ACSC Essential 8. PrivSec will conduct a review against the control set of your choice to help determine your current posture, and highlight areas where you can make material movements in your oganisation's security posture.
Health Information Security Framework
We can assess your maturity against the Health Information Security Framework (HISF), to ensure you are managing your environment appropriately to handle health information in New Zealand. We can conduct these assessments for:
- Hospitals
- Small Organisations
- Large Organisations
- Health Care Suppliers