Cyber Security Strategy,
Risk Management &
Compliance Services
Trusted Provider of ICT Security Consulting Services
We offer a compherensive portfolio of Cyber Security Strategy, Governance, Risk and Compliance services:
PCI DSS Compliance
Payment Card Industry Data Security Standard (“PCI DSS”) is a comprehensive set of information security requirements to help organisations proactively protect customer account data. It provides a robust, and pragmatic framework for developing business oriented payment card data security processes for the protection of account information. Focus is placed on prevention, detection, and appropriate reaction to information security incidents.
Secure Logic has achieved Qualified Security Assessor (“QSA”) status with the PCI Security Standards Council. This allows Secure Logic to conduct PCI compliance audits against the criteria set out in the PCI DSS. Additionally, Secure Logic is able to assist organisations implement requirements of PCI DSS, remediate audit findings, and maintain compliance requirements for certified organisations.
ISO27001 Compliance
The exponential growth of the Internet and the online economy has increased the risk profile of organisations’ information systems. Organisations are facing constant threats of security incidents from hackers, disgruntled staff, and a lack of preventative and detective security controls. These can have a serious impact on an organisation’s financial viability and its reputation.
The ISO 27001 standard is the international standard for the development, implementation, and operation of an organisation’s Information Security Management System (“ISMS”). It provides a business-risk driven approach to managing information security risks, underpinned by the enforcement of a top-down approach through the organisation’s senior management. The standard adopts a process-based approach for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving your ISMS. It also provides the mandatory requirements for establishing and operating the ISMS, as well as a suite of guiding technical controls to assist in the mitigation of identified risks, and facilitate continual improvement.
Secure Logic has vast experience in scoping, implementing, and maintaining ISMS for organisations. Our custom approach has resulted in our clients achieving certification to the ISO 27001 standard.
IT Security Policy
Policies and procedures form the foundation of every organisation’s compliance program and are essential for maintaining good governance. They set the security tone for the organisation and inform staff of what is expected of them. Interestingly, every industry-recognised compliance standard places significant emphasis on complete and accurate policies and procedures that are in line with an organisation’s structure and delivery capabilities.
Secure Logic has tailored its offering to meet the requirements of various compliance standards with a focus on maintaining the security of sensitive data and identifying everyone’s responsibility in protecting it. With the increased demand by card issuers for merchants and acquirers to become compliant with the Payment Card Industry Data Security Standards (PCI DSS), more and more organisations are looking for support in meeting the stringent policy and procedure requirements. It’s challenging enough dealing with the technical and security requirements of PCI DSS and ISO27001 without having to consider the impact of developing new policies and procedures that align with those standards.
Secure Logic has developed a process by which we guide you through the creation of policies and procedures to support your compliance program while enabling your staff to maintain them moving forward.
Security Advisory
Our Security Advisory Services are designed to help organisations that are analysing their current security maturity levels, and developing a cyber security strategy and roadmap according to their unique objectives.
Our methodology includes detailed phases to help businesses with their cyber security strategy development:
- Documenting cyber security programme objectives
- Analysing the current state of cybersecurity maturity
- Defining security capability targets
- Developing a cyber security roadmap
- Assisting with the execution and success benchmarking.
Risk Management
Organisations constantly struggle to ensure visibility of, and management over their information security risks due to the complexity of their organisational IT environments. There is an ongoing challenge to identify and manage risks in a consistent and repeatable manner which accurately demonstrates the information security risk posture of their business.
Secure Logic is able to assist businesses in the review of their current risk management processes against international and industry standards, or assist in defining, developing, and implementing an Enterprise Risk Management Framework which aligns to business objectives, and ensures a top-down approach in managing risks. Through the development and implementation of an Enterprise Risk Management Framework, organisations are able to identify, assess, monitor and manage information security risks at all levels of the business.
This framework enables mature risk-based decision making within the business, in order to manage and remediate risk in a prioritised approach.
Security Awareness Training
Companies that adopt a structured and integrated approach to learning will be in the best position to retain skills within the organisation. Secure Logic has specialist trainers who focus on training employees in key areas, addressing the skills requirements for specific roles and responsibilities.
At Secure Logic, we believe in sharing the knowledge we have gained through years of experience in information security. Our consultants assume a mentoring role in every professional services engagement we undertake, whether it be working through a compliance program or designing an Infrastructure Security Architecture. Our goal is to improve the maturity of your organisation by teaching your staff what we know.