1

1

INFORMATION SECURITY MANAGEMENT

The i-Deliver Toolset—An effective approach to Information Security Risk Management

Specialists in Information Risk Management 1

1. Introductions from the Directors

1. Background and Why

i-confidential?

2. Industry best practice and

information security

3. The i-confidential team

4. Contact us

i-confidential Specialists in Information Risk Management

Technology at work for you

CONNECTING YOUR BUSINESS TO THE RISK MANAGEMENT YOU NEED

Introductions from the Directors We are delighted to introduce i-confidential and what we do. We are confident that we have compelling propositions that will meet your requirements, incorporating knowledge and experience gained delivering information and IT Security improvements for many organisations over the past 6 years. We have helped many organisations transform their information security capability and are sure these experiences will be invaluable to potential customers. Our company values are such that we can provide not only the services which you require, but also insights and flexibility, based on previous experience. i-confidential Directors Colin Fraser Ian Harragan Simon Lawrence Background We are an information risk management consultancy; founded by leading information security practitioners in 2008. By combining industry best practice with pragmatic judgment, we deliver clear methods of protecting information. Our wide experience of driving the information security agenda in the financial services industry began in one of the world’s largest banks. Our knowledge and expertise has since been significantly enhanced through a wide range of engagements and assignments across the financial services and other industries. Why i-confidential? At i-confidential we are a trusted and proven source of leadership on information security matters. We supply information security services for a number of very significant organisations. Exploiting our information security skills, methodologies and tools, we help them to drive improvement in their security risk position. Our method is tried and tested. We are strong on delivery, with a track record of producing real results; exceeding our customers’ expectations. We pride ourselves on offering value for money. The value we give our customers is clear in the repeat business from our clients.

3

3

Industry best practice and information security

Combining our experience with industry best practice, we have developed an effective approach to quickly deliver successful management of information security. We have outlined below our i-Deliver toolset. This provides a fast and cost effective way of driving out security gaps and delivering the activities required to address them. This is built upon our comprehensive control framework: i-Assess rapidly delivers a comprehensive and quantified list of

gaps in an organisation’s information security controls, services and operating model.

i-Predict prioritises control gaps based on the most concerning threats, resulting in accelerated remediation action.

i-Define delivers an up to date inventory of system assets and criticality scores. This improves the quality of control improvement prioritisation.

i-Know delivers control MI and a material risk position. This readily maps back to regulator expectations and the organisation’s own policy.

i-Decide provides a view of the required investment to address information security risks, based on risk appetite. Additionally, i-Decide delivers the control improvement and risk acceptance strategy.

i-Protect defines the activities to address information risks and close control and operating model gaps, improving the security risk position of an organisation.

We believe that by using the relevant components of our i-Deliver toolset, we can ensure an organisation focuses on those areas of greatest concern and prioritises security spend in line with security investment and risk.

2 Specialists in Information Risk Management

4

4

The i-confidential team Ours is a pragmatic and comprehensive approach to information security which takes an end-to-end view of an organisation. With a focus on people, process and technology we provide a flexible resourcing model to meet our clients’ demands while remaining cost effective. Our roots are in financial services and our track record shows our capability to deliver successful security solutions in a wide variety of organisations. We are proud that our clients come back to use our services time and again and regard us as a trusted partner. The depth of our knowledge in information risk and security underpins our approach and success. Operating effectively at every level of the stakeholder community we deliver what’s needed. Our expertise covers all areas of information risk and security and we only use practitioners with outstanding track records. We have over 40 full time practitioners with expertise in:

Data Leakage Protection

Vulnerability Management

Policy Creation and Governance

Privileged access management

Application Security

Security Outsourcing

Asset identification and Protection

Security Architecture and Design

3 Specialists in Information Risk Management

Outcome for you: the customer

We concentrate on delivery of the

desired client outcome, rather than

selling whoever is on the bench of

available resource. We don’t body

shop, but deliver high quality services

at competitive rates.

Tailored service on every assignment

Because we are security practitioners,

we understand what you need when

you ask for it and we either supply it

for you, or say we can’t. Each request

is reviewed by our Directors with an

internal challenge process, to ensure

we deliver what’s needed.

You are always buying a team

Our people are part of the

i-confidential team, with a support

network and access to methodologies

and the i-Deliver toolset. They have

associated quality assurance processes

and development activities behind

them. Even if you buy the services of

just one of the i-confidential team,

they are not on their own.

5

5

Registered address: 1a Torphicen Street Edinburgh EH3 8HX Visit us: http://www.i-confidential.com Contact us: info@i-confidential.com

During the six years of i-confidential’s existence, our approach has matured both in terms of effectiveness and efficiency. The key to success is a strong foundation based on the selection of a family of controls, which addresses all elements of information security. The ISO 27000 family of controls provides the basis of information security for thousands of organisations worldwide. i-confidential have built upon the ISO framework and added best practice from SANS and NIST as well as our own experience to create a control framework that is more practical than ISO and covers the latest threats. This forms basis of our i-Deliver toolset which addresses an organisation’s need to secure not only their customer channels, but also their IT domains, business processes and the activities of third and fourth party suppliers. Having a comprehensive and up to date control framework is one of the key components required to create and operate an effective information security function.

This will enable an organisation to rapidly and immediately respond to the constantly changing security demands in a way that will ensure the security of the Bank is maintained throughout. As well as ensuring that all new business initiatives have the appropriate controls in place, the control framework is key to managing and measuring existing business as usual security services. i-confidential will use our control framework to provide a solid base for all elements of your business including; Information Security management Cyber security Digital security 3rd party security Our control framework forms the basis of our information security services and is the primary building block for all other deliverables.

8

4