Information &
Cyber Security

Information Security is about seeing the whole picture – and selecting the right response

As data becomes ever more connected – whether it be within your organisation; into the Cloud; with clients; or with data brokers – the need to protect that information becomes critical to the viability of your business.

If the aim of information security is to advance your business, rather than simply be an encumbrance, it requires a response precisely attuned to your specific needs and business goals.

Business Outcomes Focused

The aim of security is to ensure outcomes for business and customers.

Vital Advisory assist organisations in Australia and New Zealand to identify their security objectives and realise them by structuring effective and efficient responses to security risks. By adopting well-ordered security initiatives, organisations can:
+  be better protected
+  provide confidence to customers, partners and regulators
+  reduce costs by responding only to threats which pose genuine risk
+  adapt to rapid change in the threat landscape
+  reduce the overheads of winning new business
+  ensure security is an organic and active part of business operations

Whole of Enterprise Approach

Security is only effective when it embraces the totality of an organisation’s activities.

We don’t focus on technology-based solutions – we develop organisational capabilities to address genuine security challenges. Vital Advisory work in partnership with your business to build a complete understanding of your security requirements, capabilities and the change needed to accomplish your security goals. Our methodology for a typical engagement takes clients through four stages:

1

+ Understand the Business
Firstly we construct a clear picture of your business situation: your strategic goals; the functions organisational units perform; the information assets they manage; the systems they rely upon; the stakeholders they interact with; external compliance obligations; and more.

2

+ Understand the Risks
Having built a clear map of your business processes, we use this information to identify risks your information assets face, who has responsibility, and potential impacts. This allows us to construct a prioritised image of the risks you face and where security investment and process changes can best protect your goals.

3

+ Build Your Security Strategy
We document and action processes to uplift your security practice. This includes:
• business processes for information security
• IT and Security strategy
• security control implementation
• structures for monitoring, review and improvement of security practice
Our unique approach to documentation distills knowledge – using a “One Page” approach – so that the outcomes are easily understood and adopted by business teams to become an active part of BAU.

4

+ Put Security Practice into Operation
Ongoing security improvement underpins successful business. We put in place the elements to make security a core component of business operations, which strengthen over time. These elements include:
• commitment of the Board and senior management
• staff security training and engagement
• monitoring of risk and the effectiveness of security controls
• audit of security organisation and practice
• regular programme updates to reaffirm security effectiveness

By applying these four strategies, we ensure that the totality of your information security requirements are identified, addressed, and managed efficiently. Security aligns with your core business goals and becomes a tool to win new business, not remain a cost and complexity burden. Talk with a security adviser to find out how to reach your security objectives. 

Security Strategy & Architecture

  • Strategic planning and review
  • Information security risk and opportunities mapping
  • Security investment planning and improvement prioritisation
  • Architecture review and documentation
  • Security technology research, trend, analysis and recommendation

ISMS - ISO/IEC 27001

  • End-to-end ISMS implementation
  • Capability assessment & gap analysis
  • Project planning & roadmap documentation
  • Certification advisory & assistance
  • Information security risk assessment
  • Security policies, procedures documentation
  • Internal ISMS audit
  • ISMS training and awareness

Security Compliance

  •  ISO 27001
  • CPS 234
  • Privacy
  • PCI DSS
  • ISM/PSPF
  • NIST
  • STAR certification

Security Advisory or Implementation

  • Build an information security strategy
  • Hire or develop a world-class CISO
  • Improve security practices
  • Implement a governance, risk, and compliance (GRC) framework
  • Design and implement a vulnerability management program
  • Develop and implement a security incident management program