Information Security

Evolve provides a full range of Information Security services to help ensure that the confidentiality, integrity and availability of information over its complete life cycle is maintained. They are available either as a stand-alone service or in conjunction with our traditional business consultancy.

We are founder members of the CESG Listed Advisor Scheme (CLAS) for security consultants and are approved by BSI to deliver ISO27001 consultancy services. Our consultancy team is at the top of this profession; it contains one of the first consultants in the country qualified to BS7799 Lead Auditor level and one of the country’s first OGC Management of Risk approved trainers. In addition to specialist affiliations many of our consultants are PRINCE2 accredited practitioners. Our success in the field of Information Security and Business Continuity Planning is based upon the expertise, experience and dedication of our people.

Furthermore, we are authorised to provide security consultancy under the OGC Buying Solutions approved supplier framework.

Services we provide to ensure Information Security is appropriate, cost effective, timely and meets the requirements of your organisation:

ISO27001

  • ISO27001 compliance strategy development and implementation through to full certification and compliance confirmation through the use of qualified ISO27001(BS7799) Lead Auditors;

Risk Management

  • Risk Assessment and Management (including CRAMM, the UK government preferred risk method). Our consultancy team includes of one of the country’s first approved trainers in the OGC;
  • Management of Risk (MoR) method and our approaches to risk assessment and management are fully informed by this method;
  • Risk Management and Accreditation Document Set (RMADS) production using CLAS consultants;

Accreditation and compliance

  • Compliance with HMG Baseline standards and associated CESG documentation and Memoranda (e.g. Manual V);
  • Security Policy development and reviews consistent with ISO27001 and HMG Security Policy Framework or tailored to your business;
  • Codes of Connection (CoCo) Consultancy including N3 and GSI, xGSI, GSX, GCSX, GSE.
  • Physical and environmental security, including counter terrorist work, assessment of security control requirements and guarding;
  • Expertise in building construction and resilience assessment.

Health Check

  • Penetration testing using CREST and TIGER certified, CHECK approved personnel;
  • Network and systems vulnerability assessments and analysis
  • PCI DSS approved security scanning

Education, Training and Awareness

  • Our education packages are provided as class based skills transfer sessions.  Each tailored to suit the requirements of your organisation and delivered on-site to integrate real life examples;
  • Training includes workshop style delivery to assist organisations meet training requirements of legislation to large groups of staff;
  • End user awareness training will ensure your end users which are sometimes the weakest link in your security strategy are made aware of current threats and vulnerabilities;
  • Our training covers topics such as ISO 27001, Business Continuity Planning, Privacy legislation, End user security awareness and bespoke technical courses such as network security, including firewall design, encryption, VPN, routers and switches, remote access and wireless.

Technical Security (Systems / Design / Architecture)

  • Specification and management of the implementation of technical security solutions consistent with CESG best practice such as:
    • VPNs, Remote Access, switches, routers, and standards;
    • PKI and Cryptography;
    • Intrusion detection systems (IDS);
    • Firewalls, including Application (layer7)  and Host based;
    • Host based and Network Intrusion Prevention Systems (IPS);
    • Virtualisation, Cloud Computing and SOA (Service Orientated Architecture) security;
    • Database and storage (NAS /SAN) security;
    • Data Loss Prevention (DLP) technologies and consultancy;
  • Voice and telephone security including VoIP security and secure video conferencing;
  • Wireless security including specification of Manual V IPSec based solutions;
  • Advice on biometrics, identity management applications and the provision of technical support to ensure smooth and secure integration with existing applications;
  • Secure network and system design service based around technical risk analysis and security requirements specification.

Auditing

  • Systems and Network Auditing ;
  • Security Analysis, which also extends to physical and environmental when looking at secure installations;
  • Data privacy audits to fulfil data protection act requirements including vendor audits prior to contract signing to ensure legal security obligations exist;
  • Outsourced Information assurance, we provide independent technical security expertise to work on behalf of our clients to ensure that outsourced IT service providers are delivering security consistent with contractual obligations and government standards.

To find out more about our information security services please read on:

Print This Page Print This Page Email This Page Email This Page
© 2010 Evolve Business Consultancy Ltd - Registered Number: 03956682 (England & Wales)