Free White Papers
Ask the experts
Got a question? Put us to the test
Information Risk Management
Oakleigh consultants have significant experience of delivering information risk management for major public and private organisations in the UK and around the world.
Our philosophy is to build information security within an overall framework of risk management and corporate governance, working alongside the client using proactive methods and formal tools, like CRAMM.
We have developed the Oakleigh Information Security Management System (ISMS) framework, an eight stage approach for use on assignments where security compliance and certification is needed.
ISMS provides information security policies and processes based on the needs of their organisational responsibilities.
The fundamental controls, which are accepted as guiding principles in providing good information security, have been used in devising the policies and associated guidelines within ISMS. They are based on the principles within BS ISO/IEC 27001: 2005, and include those controls which are essential from a legislative point of view and for establishing best practice. The fundamental controls are as follows:
- Establishment of an information security policy and allocation of associated responsibilities
- Information security education and training
- Reporting security incidents
- Business continuity management
- Compliance with key legislation.
We typically produce policies based on the latest security standard, which facilitates the client’s move to compliance – either now or in the future.
A key aspect is to ensure that there is clear understanding and commitment to the roles and responsibilities expressed within the policy and our consultants are renowned for understanding and developing the security culture – essential to the effective implementation of any policy.
Security policies are often produced as part of wider security awareness imitative – our consultants have first hand experience of driving such campaigns across a broad range of organisations.
How can Oakleigh help?
Oakleigh can help its clients by providing:
- British Standard/ISO (27001/7799/17799) assessment and support -
- from gap analysis to compliance
- Ongoing risk assessments of major projects and programmes
- Strategic risk assessments of ICT infrastructures
- Business Continuity Planning based on the identification of key business processes
- Professional advice on information - related law and expert witnesses should you need them
- Developing and delivering innovative security awareness programmes.
How we have helped our clients
- Oakleigh carried out an assessment of a major NHS Trust's information security against the BS7799/ ISO standard, using the NHSIA's Gap Analysis toolkit based on the CRAMM risk assessment methodology. The work involved working with Trust staff to identify the risks, the gaps against the security standard and the controls required to develop an effective Information Security Management System (ISMS).
- A team of Oakleigh consultants developed an Information Governance framework, conducted a gap analysis for BS7799/ ISO compliance and produced a publication scheme for compliance with the Freedom of Information Act for a large organisation. Following an in-depth gap analysis of information security arrangements, from policy to technical controls, a detailed action plan was introduced to move the organisation forward to compliance.
"An independent, honest, external view is essential to any organisation seeking to respond to the changing business environment and achieve its mission to deliver the best possible service. Oakleigh consulting have these attributes and made a significant contribution in assisting us to attain our on-going developmental goals."
Chief Executive, UK Central Government Department