Pinpointing where to take action to bring information security up to date

The updated information security standard, ISO27001: 2013, reflects the latest thinking on best practice in information security. Since 2005, when the previous standard was published, there have been huge advances in technology and an explosion in cyber activity.

Our client, the CIO of a major clothing retailer, wanted to understand where the business had work to do to meet the new standard. He also wanted a clear picture of any particular InfoSec risks the business needed to address.

We carried out a detailed gap assessment against the requirements of ISO27001: 2013, evaluating our client’s existing controls around people, processes and technology and highlighting examples of where it was possible to bypass them. By conducting technical penetration testing on site we were able to give our client a would-be attacker’s view and, with this, a vivid demonstration of where security needed to be strengthened.

Our custom-built ISO27001 gap assessment tool allowed us to produce a report containing a detailed breakdown of compliance status by domain. We also reported on the security gaps we had discovered, categorizing them according to how critical they were and providing recommendations for addressing them.

Our client now has a clear blueprint for action to bring information security right up to date and to secure the business against the constantly developing threats that the evolving technology and cyber landscape presents.

To find out about how we can help your business become more resilient against potential cyber attacks, speak to one of our ​information security experts or read about our information security services.