24 May, 2016

Security

The security services we provide typically fit within one of the following categories:

Security Assessments

OSS Group offers IT security assessment services to its clients.  These assessment services are international standards based and delivered using an ISO27001 compatible framework.  The service is designed to inform the business of its organisational level of security maturity.  They’re also designed to be used as evidence of its maturity when dealing with other businesses, partnerships, lending institutions, insurance providers, governing bodies and other interested parties.

Security assessments aren’t meant to be completed once and never considered again.  They’re a periodic exercise, occurring as a result of changes in technology or changes to a client’s business.  Treating an assessment as a check-box exercise is not the goal; protecting our client’s business & information assets is.

OSS Group takes a practical approach to security assessments.  We’re not alarmists and won’t use scare tactics to get a client’s attention.  We will tell you the unvarnished truth, in practical terms that business stakeholders can easily understand and act upon.

We conduct on-site personnel interviews with key business stakeholders and those responsible for enforcing security policy, processes & procedures.  Our interviews will address the following topics as they relate to security:

  • Technical / environmental
  • Behavioural
  • Procedural
  • Policy
  • Governance
  • Investment

We look at security this way: when we cross the street, for our own safety, we look in both directions.  We don’t look at the sky to check for falling meteors.

Our clients receive a comprehensive assessment including any noted vulnerabilities and actionable advice.  This can be easily incorporated into a broader organisational security assessment.

The assessment includes:

  • Determining the magnitude of potential business & operational impacts of successful IT security breaches
  • Determining the location of business-critical information on networks and how that information is accessed
  • Highlighting where security controls may be damaging productivity or not fulfilling intended roles
  • Discovery and Identification of unapproved devices, applications, configurations and services
  • Workshop(s) to determine corrective action plans
  • Any evidence to support adjustments to investment in IT security.

And if technical remediation services are required, they’re delivered and reassessed for complete security assurance.

Security Remediation

OSS Group also offers IT security remediation services to its clients, primarily as a follow-up service to our security assessments. We also offer standalone remediation services, on an “as required” basis, when security concerns or issues are raised. Our remediation services are delivered by competent IT professionals with decades of experience in their respective fields.  Remediation services are provided .