• Procedures and Policy Authoring: Our experience in ISO/IEC 27000 gives us a uniquely homogenous perspective on security threats and vulnerabilities. We use these skills to produce policies and procedures to support your systems, whether you want full ISO/IEC 27000 accreditation or simply pragmatic guidance and best practice for your staff.
• ISO/IEC 27000 Gap Analysis / Health Check: It is often extremely difficult to introduce Information Security Management into an organisation, hindered by lack of resources, lack of time or simply the "blank sheet of paper" syndrome. Our Information Security Gap Analysis is designed to give you the necessary kick-start in implementing ISO/IEC 27000 in your organisation. Using interviews, we measure your organisation's current level of compliance. Analysis of the results allows us to provide you with an action plan to address areas of weakness.
• Information Security Consultancy: We can provide advice on all areas of information security management, using ISO/IEC 27000, best practice and First Base Technologies best practice, we can advise you on SEC3 and various other document security, help your in-house security meet the ISO/IEC 27000 standards and advise you on staff training, for example.
• Technical Seminars and Skills Transfer: We don't stop at providing you with professional security consultancy. Our engineers and consultants offer skills and knowledge transfer to your staff at all levels. Network audits, penetration testing and network discovery can be conducted in-house with our help and guidance.
• Security Awareness Training & Campaigns: We provide many clients with assistance with their security awareness campaigns, often in the form of providing a trainer to facilitate staff training and presentations to help build your "human firewall".
• Server and Router Hardening Guidance: Firewalls are never enough protection. We can help you secure your servers, routers and switches to minimise the risk of attack from outside and within. Our hardening standards are tailored to your business risk, to ensure adequate protection without inhibiting their usability and administration.
• Incident Response Advice: When a serious incident occurs is when you discover how prepared you are. Our experience in incident reporting and response provides you with guidance, training and documentation to ensure that your responses are timely and appropriate.
• Technical & Security Research and White Papers: Our in-house lab facilities and research team can be put at your disposal in order to investigate areas of interest and produce white papers and other documents tailored to your requirements.
• white-hats.co.uk: Set up in May 2002, white-hats.co.uk is our vendor-neutral user group provided with the intention of providing a knowledge base for IT security management and staff. All prospective members undergo a full vetting process, and are expected to sign a confidentiality agreement, prior to being admitted for membership. Membership comprises, and is open to (provided that they clear vetting), IT security professionals working for UK business and government. If you are interested in joining, check out www.white-hats.co.uk for further information.

You can read our FAQ on penetration testing here

And see what our clients say about our services here

or phone Andy on +44 (0)1273 45 45 25