Our Information Security Management Services ensure that your organisation is optimised and conforms withleading-edgee frameworks such as ISO 27000, NIST CyberSecurity Framework, COBiT and others. We work with organisations to identify the right frameworks for their sector, size, market presence, regulatory obligations and culture. We assess, recommend, build, operationalise and enable the organisation to sustain their information security management system.
There are numerous touch points with privacy, risk, information technology, solutions development, business stakeholders, and suppliers. It is essential to establish policies, educate employees, empower consumers and provide transparency on security posture. In addition, organisations need to make these efforts operational through measurable processes and control procedures.
Information Security Management Services
Security Program Services
Are you starting or restarting your security program from the ground up? Sometimes organisations go through major shifts in their strategy and the CISO needs to re-assess the program in its entirety. Our Security Program Assessment services use frameworks such as ISO27000, NIST 800-53, NIST CSF, COBIT, and more to establish a gap assessment and a new roadmap to match your business strategy.
2MC is highly skilled in security controls at every layer: network, systems, networks and applications, both on-premise and in the cloud. We will work with you to ensure all layers of your program including critical IT Hygiene factors such as: vulnerability management, configuration management and patch management are following leading practices given evolving threats to you and your sector.
Policy Management System
The effectiveness of an organisation’s security programs hinges on rigorous policy management. Those policies are applied through a traceable set of controls and procedures that put policy into action – with measures. But, how do you know you have the latest security controls unless you work with outside experts?
ISMS for Cloud: If you’re adopting hybrid cloud solutions or implementing a full cloud transformation strategy, you should talk to us. Our experts can help you re-stratify your control definitions and documentation, including cloud visibility, emphasis on identity and access management as the new perimeter, and changes in your approach for monitoring.
Our services include insight in and delivery for Policy Definitions, Control Standards, Control Procedures, Exceptions Management and Remediation Management. We can help you with each of these, and ensure all the pieces fit together for an effective Information Security Management System.
If you are a global organisation or need a practical start point for security – introducing an information security management system (ISMS) is an important start. ISO27000 ISMS will enable you to measurably control and improve your company’s information security posture. Our experts can assist you with comprehensive services, from gap analysis to the design and implementation of ISO27000. This includes risk assessments, deployments and assurance to the ISO27002 you have chosen. Rely on our extensive global experience and our industry vertical expertise specific to ISO27000 preparation and certification.
If you develop your own software, or have it developed for you – a strong Software Security Program is a must-have. Regardless of code that is developed, purchased, downloaded from open source sites, these are your assets to protect. Modern day organisations adhere to the build security in mentality and many have subscribed to BSIMMtm level maturity.
2MC has services that fit in with your agile style development lifecycles. We can augment your staff, train them or assess the SDLC program. With a broad variety of skills and insight including threat modelling, we can ensure that your custom development does not become the weak link in your security program overall.