Information &
Cyber Security
Information Security is about seeing the whole picture – and selecting the right response
As data becomes ever more connected – whether it be within your organisation; into the Cloud; with clients; or with data brokers – the need to protect that information becomes critical to the viability of your business.
If the aim of information security is to advance your business, rather than simply be an encumbrance, it requires a response precisely attuned to your specific needs and business goals.
Business Outcomes Focused
The aim of security is to ensure outcomes for business and customers.
Vital Advisory assist organisations in Australia and New Zealand to identify their security objectives and realise them by structuring effective and efficient responses to security risks. By adopting well-ordered security initiatives, organisations can:
+ be better protected
+ provide confidence to customers, partners and regulators
+ reduce costs by responding only to threats which pose genuine risk
+ adapt to rapid change in the threat landscape
+ reduce the overheads of winning new business
+ ensure security is an organic and active part of business operations
- Security Capabilities Framework and Operating Model
- Cyber Security Maturity Assessment
- Standard Response Pack for Customer Questionnaire
- Business Security Architecture Review
- Security technology research, trend, analysis and recommendation
- End-to-end ISMS implementation
- Capability assessment & gap analysis
- Project planning & roadmap documentation
- Certification advisory & assistance
- Information security risk assessment
- Security policies, procedures documentation
- Internal ISMS audit
- ISMS training and awareness
- Vendor / Third Party Risk Assessments
- ISO 27001
- Privacy (ISO 27701)
- CPS 234
- RFFR Accreditation
- ISM/PSPF
- PCI DSS
- NIST
- STAR certification
- SOC 2 / SSAE / ASAE
- Security Strategic Planning and Advisory
- Security function As-a-Service
- ISMS As-a-Service
- CISO As-a-Service
- Security Assurance As-a-Service
- TechRisk Enhancement As-a-Service
- Security Awareness As-a-Service
- Cyber Security Risk Workshops Facilitation
Whole of Enterprise Approach
Security is only effective when it embraces the totality of an organisation’s activities.
We don’t focus on technology-based solutions – we develop organisational capabilities to address genuine security challenges. Vital Advisory work in partnership with your business to build a complete understanding of your security requirements, capabilities and the change needed to accomplish your security goals. Our methodology for a typical engagement takes clients through four stages:
1
+ Understand the Business
Firstly we construct a clear picture of your business situation: your strategic goals; the functions organisational units perform; the information assets they manage; the systems they rely upon; the stakeholders they interact with; external compliance obligations; and more.
2
+ Understand the Risks
Having built a clear map of your business processes, we use this information to identify risks your information assets face, who has responsibility, and potential impacts. This allows us to construct a prioritised image of the risks you face and where security investment and process changes can best protect your goals.
3
+ Build Your Security Strategy
We document and action processes to uplift your security practice. This includes:
• business processes for information security
• IT and Security strategy
• security control implementation
• structures for monitoring, review and improvement of security practice
Our unique approach to documentation distills knowledge – using a “One Page” approach – so that the outcomes are easily understood and adopted by business teams to become an active part of BAU.
4
+ Put Security Practice into Operation
Ongoing security improvement underpins successful business. We put in place the elements to make security a core component of business operations, which strengthen over time. These elements include:
• commitment of the Board and senior management
• staff security training and engagement
• monitoring of risk and the effectiveness of security controls
• audit of security organisation and practice
• regular programme updates to reaffirm security effectiveness
By applying these four strategies, we ensure that the totality of your information security requirements are identified, addressed, and managed efficiently. Security aligns with your core business goals and becomes a tool to win new business, not remain a cost and complexity burden. Talk with a security adviser to find out how to reach your security objectives.
What our clients have to say about Vital Advisory
Legal Firm
Mining Technology
Marketing
Health Insurer
Legal Firm
Major Legal Firm
It was a pleasure working with Vital Advisory. They brought onboard the wealth of knowledge and experience and helped us navigate through ISO27001 requirements and in achieving the certification.
Some of the key differentiators we saw in Vital Advisory compared to other vendors were:
+ Wealth of knowledge in governance, risk and compliance and experience in implementing them
+ Focus on value of certification (why is it required, what is the best value for money)
+ Focus on Org strategy rather than treating ISO27001 as a checkbox activity
+ A constant focus on user education and not just ticking the box for audit purposes
+ Flexibility i.e. we were able to ask questions and not fear of being charged for every interaction or a slight deviation from original SoW which helped us gain more value from engagement.
Mining Technology
Major Mining Technology Company
I engaged Vital Advisory to help us with accelerating the ISO27001 certification process. I found the methodology developed by Vital Advisory to capture the required information under the mandatory clauses novel and extremely easy to use. Everybody I dealt with at Vital Advisory was professional and good at what they do.
With Vital Advisory’s help, I was able to halve the time I would have otherwise spent on preparing for the certification. We were certified under the ISO27001 standard in 2020 in the first attempt and I can whole heartedly recommend Vital Advisory for anyone looking for help in this space.
Marketing
Major Marketing Firm
Vital Advisory were with us from the start and brought us through the entire process. We decided to get ISO 27001 certification to ensure the quality of our information security.
Vital Advisory delivered a service that was exceptional and indeed enabled us to deal with BAU at times and worked around us when required. Not only did we receive our certification, we also made the date earlier than expected. I would have absolutely no hesitation in recommending Vital Advisory.
Health Insurer
Major Health Insurer
Vital Advisory has provided us with outstanding services, they not only helped us achieve our ISO27001:2013 Certification with a clean report (no findings) but also ensured that our staff are well trained and Vital are always available to provide guidance and support. I would highly recommend their services.