Security used to be considered something that was easily defended against using firewall and anti-virus technologies. Whilst it was barely true then, it’s not the approach today that will allow institutions and organisations to avoid attack or data loss.
Forfusion is invited by its customer to take a Defence In Depth stance on security, fully acknowledging that the only way to protect businesses against attacks is to address People, Process, Technology - and the environment technology. All of our services, designs and implementations put this thinking at the heart of what we do. Our Enhanced Security Services bring this thinking all together in one place and utilises our proven experience and capability to help your organisation achieve its Cyber defence objectives.
Taking inspiration from other fields
When we started building our security services portfolio, we sought inspiration from areas of security and safety outside of IT. We realised that, with Cyber being by all accounts a recent problem, the market had not yet matured to the point that we could simply plug in technologies and services to well documented best practise.
We looked, as an example, at how the UK and much of the civilised world has matured hazardous working, the process industry and fire safety to the level it is today. We explored how these sectors view safety and security, and analysed and tested that thinking against what organisations ought to be doing in the IT Security world. What we found was interesting; whilst not immediately apparent, almost all the IT security challenges when mapped to these sectors resonated with how standards and enforcement have become the absolute norm in those worlds.
So what did we learn?
Let’s look specifically about how, as an example, fire safety plays a part creating safe living and working environments in the UK today.
- Design – safe industries put security at their core. You cannot design a building of any type without complying to rigid standards.
- Validation – designs are subject to controls before being accepted. External bodies, generally governed by local authorities but often supplemented by fire services, will test your planned design against standards (if you’ve ever been involved in extending your home, you’ll know how this works; linked fire detection systems, fire doors and upper floor evacuation windows as examples).
- Build – as the construction phase is undertaken, regular building inspections are carried out to ensure that every aspect of the design is being followed up. Not just the things you see – detectors, sprinklers etc – but all the components embedded in the fabric of the building and never seen.
- Pre-Occupation – after design, thorough test of the detection and suppression systems will be undertaken, ensuring that every single element works in isolation and as part of a whole system. If the tests fail, it’s simple, you need to resolve them before occupation.
- In Life – regular tests by certified, competent people must be carried out by Law of detection and suppression systems, manual suppression (fire extinguishers) must be regularly externally inspected. Fire alarm sounders are tested, staff are trained in evacuation, fire drills are carried out regularly.
In the IT world, it’s arguable whether we come close to the thoroughness of any of these disciplines. There are standards and guidelines, ISO27001, PCI DSS being examples, however whilst they provide good high level and robust goals, they provide less by way of overall operating processes that businesses can rapidly and easily adopt.
How does Enhanced Security Services Works
We deliver our services in three distinct phases – Audit, Remediate and Maintain.
- Audit – this is split into three smaller phases. Firstly, we undertake a pre-audit; this is designed to collate specific issues – perhaps something specific has triggered our engagement – and to allow us to scope and size the audit itself. Secondly, we carry out a rapid-fire audit, looking for anything that is of such a risk that we identify and recommend action immediately if so warranted. And thirdly, the main audit phase where we use the Enhanced Security Services audit process to explore all aspects of people, process, technology and environment. This third phase is thorough, we don’t like to leave any stone unturned; addressing most things in security just doesn’t work in this climate, it needs to be in totality. In short, the audit phase documents findings and matching recommendations in a detailed, but easy to interpret way that clearly shows a path forward.
- Remediation – implementing improvements identified within the Audit stage in a structured, controlled, and low risk manner. This activity brings your organisation to a point where people, process, technology and environment are working in harmony to secure the business IT
- Maintain – our ongoing service to provide proactive, reactive and response services, up to 24x7x365 if required, to ensure that your investment in protection is maintained, monitored and regularly tested.
We aim to take your organisation to a secure and maintained state as rapidly and smoothly as possible, and work with your organisation at every step of the way.
To find out more about how our services can support improving your security posture, call us on 0191 500 9100 or fill out the below contact form.