Consultancy and Advice
Our team are experts in their fields, and can provide you with bespoke security consultancy and advice as needed. We can assist in the development of security and privacy policies as well as assisting in the development of your security function. We also can augment existing teams to support one-off projects, working through a backlog of work or temporarily address recruitment challenges.
|
Policy Development
Are your security policies feeling a bit old, not fit for purpose, or you haven't yet developed a strong policy set for your organisation? PrivSec can work with you to develop a policy set that is right sized for you organisation, while meeting the needs of any frameworks or standards you are required to meet, such as ISO27001 or the NZISM. Policy sets may include:
- Information Security Policies
- Access Control Policies
- Incident Management Policies
- Business Continuity Policies
- Information Classification and Handling Policy
- 3rd Party Supplier Security Policy
- Cryptographic Key Management Policies
- Physical Security Policies
Security Uplift Programmes
Is your organisation growing, or are you moving into new markets? Have you found that you have encountered a number of security incidents recently, or have you identified that certain areas within your organisation require a security uplift?
We can work with your team to uplift your organisation's security maturity. This may include conducting a gap analysis to best understand where gaps sit, and then developing a programme of work to ensure both robust policies and processes are in place, but also ensure that your team is able to implement these.
We can work with your team to uplift your organisation's security maturity. This may include conducting a gap analysis to best understand where gaps sit, and then developing a programme of work to ensure both robust policies and processes are in place, but also ensure that your team is able to implement these.
Virtual CISO (vCISO)
Our team are experts in their fields, and can provide you with bespoke v-CISO consultancy and advice as needed for your specific context. We can set up regular meetings with CIOs and CTOs to provide advice specific to their context and needs, or advise on demand when the situation requires. We can assist in the development of security and privacy policies as well as assisting in the development of a security function. Finally, we will provide relief when an existing CISO or ITSM role is vacant, but the work does not stop and decisions cannot wait.
General Consultancy
Our team are experts in their fields, and can provide you with bespoke security consultancy and advice as needed. We can assist in:
- The development of security and privacy policies as well as assisting in the development of your security function
- Augmenting an existing team to support one-off projects, working through a backlog of work or temporarily address recruitment challenges
- Replacing an existing resource during planned or unplanned absences, providing handover time beforehand and afterwards
Security Design and Architecture Reviews
Incorporating security and privacy design principles early on in the development of a new system or service saves both time and money down the road, reducing costs of rework and delaying go-live dates. We can review your design documentation and attend workshops to help align your services with best practice.
Security Design Reviews can be performed early in a solution/service design process, similar to security architecture consultations but with a report as formal deliverable, or later when the design is almost finalised, as some form of formal assurance.
Designs to review can scale from relatively simple designs (e.g., websites) to complex architectures involving networks, servers, applications, database and user endpoints. It may make sense to split the engagement up in several phases / tranches in that case.
Security Design Reviews can be performed early in a solution/service design process, similar to security architecture consultations but with a report as formal deliverable, or later when the design is almost finalised, as some form of formal assurance.
Designs to review can scale from relatively simple designs (e.g., websites) to complex architectures involving networks, servers, applications, database and user endpoints. It may make sense to split the engagement up in several phases / tranches in that case.