2. Specialists in Information Risk Management 1
1. Introductions from the Directors
1. Background and Why
i-confidential?
2. Industry best practice and
information security
3. The i-confidential team
4. Contact us
i-confidential
Specialists in Information Risk
Management
Technology at work for you
CONNECTING YOUR BUSINESS TO THE RISK MANAGEMENT
YOU NEED
Introductions from the Directors
We are delighted to introduce i-confidential and what we do.
We are confident that we have compelling propositions that will meet
your requirements, incorporating knowledge and experience gained
delivering information and IT Security improvements for many
organisations over the past 6 years.
We have helped many organisations transform their information security
capability and are sure these experiences will be invaluable to potential
customers. Our company values are such that we can provide not only
the services which you require, but also insights and flexibility, based on
previous experience.
i-confidential Directors
Colin Fraser
Ian Harragan
Simon Lawrence
Background
We are an information risk management consultancy; founded by
leading information security practitioners in 2008.
By combining industry best practice with pragmatic judgment, we
deliver clear methods of protecting information.
Our wide experience of driving the information security agenda in the
financial services industry began in one of the world’s largest banks. Our
knowledge and expertise has since been significantly enhanced through
a wide range of engagements and assignments across the financial
services and other industries.
Why i-confidential?
At i-confidential we are a trusted and proven source of leadership on
information security matters.
We supply information security services for a number of very significant
organisations. Exploiting our information security skills, methodologies
and tools, we help them to drive improvement in their security risk
position.
Our method is tried and tested. We are strong on delivery, with a track
record of producing real results; exceeding our customers’ expectations.
We pride ourselves on offering value for money. The value we give our
customers is clear in the repeat business from our clients.
3. 3
3
Industry best practice and information security
Combining our experience with industry best practice, we have
developed an effective approach to quickly deliver successful
management of information security.
We have outlined below our i-Deliver toolset. This provides a fast
and cost effective way of driving out security gaps and delivering the
activities required to address them. This is built upon our
comprehensive control framework:
i-Assess rapidly delivers a comprehensive and quantified list of
gaps in an organisation’s information security controls, services
and operating model.
i-Predict prioritises control gaps based on the most concerning
threats, resulting in accelerated remediation action.
i-Define delivers an up to date inventory of system assets and
criticality scores. This improves the quality of control
improvement prioritisation.
i-Know delivers control MI and a material risk position. This
readily maps back to regulator expectations and the
organisation’s own policy.
i-Decide provides a view of the required investment to address
information security risks, based on risk appetite. Additionally,
i-Decide delivers the control improvement and risk acceptance
strategy.
i-Protect defines the activities to address information risks and
close control and operating model gaps, improving the security
risk position of an organisation.
We believe that by using the relevant components of our i-Deliver
toolset, we can ensure an organisation focuses on those areas of
greatest concern and prioritises security spend in line with security
investment and risk.
2 Specialists in Information Risk Management
4. 4
4
The i-confidential team
Ours is a pragmatic and comprehensive approach to information
security which takes an end-to-end view of an organisation. With a
focus on people, process and technology we provide a flexible
resourcing model to meet our clients’ demands while remaining cost
effective.
Our roots are in financial services and our track record shows our
capability to deliver successful security solutions in a wide variety of
organisations. We are proud that our clients come back to use our
services time and again and regard us as a trusted partner.
The depth of our knowledge in information risk and security underpins
our approach and success. Operating effectively at every level of the
stakeholder community we deliver what’s needed.
Our expertise covers all areas of information risk and security and we
only use practitioners with outstanding track records. We have over 40
full time practitioners with expertise in:
Data Leakage Protection
Vulnerability Management
Policy Creation and Governance
Privileged access management
Application Security
Security Outsourcing
Asset identification and Protection
Security Architecture and Design
3 Specialists in Information Risk Management
Outcome for you: the customer
We concentrate on delivery of the
desired client outcome, rather than
selling whoever is on the bench of
available resource. We don’t body
shop, but deliver high quality services
at competitive rates.
Tailored service on every
assignment
Because we are security practitioners,
we understand what you need when
you ask for it and we either supply it
for you, or say we can’t. Each request
is reviewed by our Directors with an
internal challenge process, to ensure
we deliver what’s needed.
You are always buying a team
Our people are part of the
i-confidential team, with a support
network and access to methodologies
and the i-Deliver toolset. They have
associated quality assurance processes
and development activities behind
them. Even if you buy the services of
just one of the i-confidential team,
they are not on their own.
5. 5
5
Registered address:
1a Torphicen Street
Edinburgh
EH3 8HX
Visit us:
http://www.i-confidential.com
Contact us:
info@i-confidential.com
During the six years of i-confidential’s existence, our
approach has matured both in terms of effectiveness and
efficiency.
The key to success is a strong foundation based on the
selection of a family of controls, which addresses all
elements of information security. The ISO 27000 family of
controls provides the basis of information security for
thousands of organisations worldwide.
i-confidential have built upon the ISO framework and
added best practice from SANS and NIST as well as our own
experience to create a control framework that is more
practical than ISO and covers the latest threats. This forms
basis of our i-Deliver toolset which addresses an
organisation’s need to secure not only their customer
channels, but also their IT domains, business processes and
the activities of third and fourth party suppliers.
Having a comprehensive and up to date control framework
is one of the key components required to create and
operate an effective information security function.
This will enable an organisation to rapidly and immediately respond to
the constantly changing security demands in a way that will ensure
the security of the Bank is maintained throughout.
As well as ensuring that all new business initiatives have the
appropriate controls in place, the control framework is key to
managing and measuring existing business as usual security services.
i-confidential will use our control framework to provide a solid base
for all elements of your business including;
Information Security management
Cyber security
Digital security
3rd party security
Our control framework forms the basis of our information security
services and is the primary building block for all other deliverables.
4