While every business wants to protect its digital assets, the best methods and controls for achieving this can vary across sectors, regions and business type. So the newest cyber security standard, PAS 555, focuses on defining the outcomes that effective cyber security should deliver, rather than defining specific methods and controls.
This made the standard the perfect basis for our independent review of an ambitious global digital security programme launched by our client, a large industrial group with thousands of employees across tens of countries. The purpose of the programme was to ensure an adequate and sustainable level of digital protection across the whole organisation. Two years in, the company asked us to confirm the programme was on track.
We mapped the programme to confirm it covered the four key elements of the PAS 555 framework: Security Leadership and Governance, Assessing Risks, Protecting, and Responding and Recovering. Our assessment took into account the role of technology, people, culture and physical security in each of these areas. Next, we carried out extensive fieldwork to assess whether the programme was achieving its objectives. This included over 30 interviews with stakeholders from the security department, IT and the wider business, as well as interviews with top management to assess their commitment to a digital security culture and the improvement programme.
Our detailed report and briefing for the company’s security governance group highlighted areas of strength the programme could build on and identified areas where improvements needed to be accelerated. This part of our findings was based on a high-level comparison of the company’s security against that of similar businesses. We also identified areas that could be added to the programme to give it greater coverage.
Our work gave the company the insight it needed to get the best from its investment in digital security and ensure it was on course to deliver a high level of protection for the business’s digital assets worldwide.
If you need to protect your organisation's digital assets, talk to one of our information security experts today or read about our cyber security services.
Are you considering developing your own cyber capability? Read about our range of expert lead cyber security certifications.