Our experts have worked with within high-risk and pressured industries, including law enforcement, financial organisations and data-sensitive companies. Our experts work closely with our clients and we followed our Business Approach to directly provide a targeted and quantifiable training requirement or consultancy service.
We engage with clients at an early stage, integrating our client business knowledge into our work and collaborating wherever possible. We communicate effectively on this to develop, build and implement the service requirements.
Our review system ensures that we apply effective quality assurance systems to our products, and we pride ourselves on the positive feedback we have received. Our key focus throughout all stages is to ensure we build positive experiences and trust with the client and the employees. The review stage allows an iterative approach that further develops the client and business relationship.
Regulation and Compliance
Digital transformation and cyber security are reliant upon experience, specialisation and understanding of requirements. Our specialists have years of experience working towards the appropriate regulatory or compliance standard for the individual client. The specialists can use our business process to ensure that we work to the most proportionate solution.
JP Morgan Chase Bank
Key success stories include:
- Development and implementation of standards, baselines and controls for the implementation of technology
- Development of processes, procedures and governance structures to prevent circumvention of security controls
- Audit of IT security deployments, including the build, configuration, access control and logging
- Development of a cyber security initiative to focus on four key areas: Continued operations, strategic initiatives, additional protection and automation/monitoring
JP Morgan Chase Bank provides global retail, investment and credit card services. Our experts worked with JP Morgan Chase for over 5 years developing their cyber security capabilities. The organisation, whilst having an established global security team, was looking to improve its IT security services through a Defence in Depth approach, along with a Security Operations Centre (SOC) and incident management capability.
We reviewed the existing cyber security technologies the organisation employed. With this knowledge, we advised on improvements and assisted with the design, implementation, configuration and system integration of a number of these improved technologies.
We worked on several key security areas including network security, application security, encryption, identity and access management, release management, vulnerability management and security incident response processes.
The implementation of an assessment and selection of a Security Information & Event Management (SIEM) tool. Upon implementation, our team helped to configure the various SIEM logs sources and use cases to ensure that the SOC was alerted on relevant security events and could manage those accordingly. Delivery of effective Cyber Security using the following high-level approach:
- Agreeing on security roles and responsibilities for delivery
- Identifying and addressing immediate and urgent compromised systems and security risks
- Establishing appropriate technical governance
- Creating operational security controls and an auditable security schedule
- Identifying and addressing vulnerabilities and threats as part of an ongoing programme
- Establishing dashboards to track Crown Estate maturity against the NCSC 10 steps to Cyber Security
- Ensuring operational reporting against Security KPIs
- Obtaining operational evidence of following our Security processes
The Crown Estate
Key success stories include:
- Discovery of several improvements to Information and Cyber Security control
- Delivery of technical and non-technical enhanced/new controls to improve security
- Development of detailed processes, procedures, standards and guidelines
- Information security online and direct on-premise awareness course
- Creation of continual improvement plan to maintain an effective security posture
The Crown Estate (TCE) are responsible for managing the Land and Assets of the British Monarchy. With a value of £14.4 billion and an annual turnover in excess of £350 million, the security of their information and data is paramount. TCE wanted to understand their current security and risk posture and therefore chose to initiate an ISO27001 and Cyber Essentials assessments to identify any areas that required remediation, formulate a plan, and implement any necessary controls to complete such remediation.
Our cyber experts performed a risk assessment against the applicable Annex A ISO27001 framework controls and identified improvements where controls were either partially or not in place.
A Cyber Essentials assessment was completed to identify any specific technology security gaps. The output of these assessments helped form a phased Cyber Security Management Plan, which described how the confidentiality, integrity and availability of information would be ensured through the continued implementation of IT security measures.
The remediation plan involved the creation of processes and procedures, implementation of a number of technical controls including backup and replication, network segmentation, web proxy, vulnerability scanning, IAM, RBAC. As well as non-technical controls e.g. segregation of duties, schedule of key activities, roles and responsibilities and skills/development matrix, as well as updates to the organisation’s Information Security Management System (ISMS) and policies.
We created an Information and cyber security training plan with online courses to help promote security and enable staff to better understand their importance in helping to protect the integrity, availability and confidentiality of the organisation’s data.
Transport for London
Key success stories include:
- Supported the successful deployment of secure Enterprise Cloud and Mobile services
- Development of standards, baselines and controls for the implementation of mobile and cloud technology
- Development of processes, procedures and governance to prevent circumvention of security controls
- Integration of on-premise and cloud technologies to provide transparent and secure services for staff, external customers and third parties
Our experts worked on several initiatives with Transport for London (TfL), who are responsible for the entire London public transport system, supporting millions of customers every day. Our most recent engagements have been focused on developing their security capabilities to support a number of digital transformation initiatives.
These initiatives have included:
Enterprise Mobility – The organisation was looking to improve its services for customers through more automated processes and a more mobile workforce. A technical capability was developed and over 18,000 Apple iOS devices and 20 apps were created to support this initiative. We created and developed an enterprise mobile security policy, defined security controls, access control to internal systems and email using certificate-based authentication, Single Sign-On (SSO) to aapps and internal services through the integration of TfL’s Active Directory. We created user guides, FAQs and training courses to support this initiative.
Cloud – Whilst the organisation was already using some Amazon Web Services (AWS) and Microsoft Azure (Azure) IaaS, PaaS and SaaS cloud services, there were few controls, management and security to ensure TfL’s information and data were secure. We therefore worked with TfL to extend core enterprise IT services to the cloud. Doing so included the implementation and integration of vulnerability scanning, AV/Malware protection, logging, monitoring, AD authentication as well creating a Software Defined Network (SDN), build patterns, standards and baselines for configuration, hardened Windows & LINUX operating systems.
Knowledge and Awareness
We pride ourselves on the ability to convert our practical experience into simulation-based learning for our clients. We develop relevant, in-depth case studies, which directly resemble the work of the client resources. Our qualified trainers deliver the theory and delegates apply the learning in our simulations. Further, we are developing our capability to produce digital training products aimed at targeting medium to long-term cognitive learning and behaviour.
Lloyds Bank and City of London Police
Key success stories include:
Development of employees directly in line with their roles, responsibilities and competencies
Development of a specialised business operating model for the Bureau and City of London Police
Discovery of many intelligence weaknesses and solutions based upon the designed simulations
Information security awareness and knowledge improvements as standard practice
Long-term service-level agreement for continued support and consultancy
We have established long-term relationships with Lloyds Bank and City of London Police to develop their operational data analysis capabilities. The organisations were relatively new to the area of intelligence development (the ability to use the latest data analytical techniques to guide business activity) and required improvements on product outputs, employee resilience and analytical capabilities.
We applied a training needs analysis with managers and resources to understand the demands and needs of individuals, intelligence units and the organisations at a tactical and strategic level. This scoping process helped our clients understand the known and unknown needs of the organisations and to prioritise urgent needs. It painted a clearer picture of requirements otherwise missed or given insufficient focus.
Our professional trainers then developed and built tailored training courses. We implemented a staged approach to the delivery of training, involving subject matter experts and based upon specially designed simulations of the work undertaken by the organisations.
Our courses and services were employed over the course of several years with both organisations. They enhanced staff retention and the output of operational documents to guide tactics and strategy against fraud. With the Bureau we developed an enhanced intelligence framework which was made operational across the UK.
Special Investigations Team for the Turks and Caicos Islands
Key success stories include:
- The saving of over £4.25 million in resources and work effort due to digitisation
- The development of complex evidential packages at speed and with high levels of due diligence
- The delivery of a system that met the core requirements of regulation, such as integrity, confidentiality and availability
- The successful implementation of an asset recovery system at a much earlier stage than usual in the investigation
A Special Investigation was commissioned by the United Kingdom Foreign Office to identify evidence of corruption and fraud in the Turks and Caicos Islands in order to gather evidence and bring perpetrators to justice. A key element of the Investigation was the collation and processing of vast amounts of hard copy material and intelligence.
We worked within the Special Investigations Team to provide the analytical and technical services for digital transformation whilst enabling the Investigation to move forward at speed. Our team developed a deep understanding of the material from an evidential and investigations perspective. We built and implemented a system with constant availability, full integrity and appropriate confidentiality credentials.
The system and its analytical capabilities supported the Team in all areas of the Investigation, from operational requirements to strategic evidential goals. The integrity and availability on location in the Turks and Caicos as well as in the satellite offices in the United Kingdom was vital and fully implemented as part of the Key Performance Indicators.
Our services enabled the Special Investigations Team to advance complex corruption and fraud cases at a higher speed and worked towards the highest standards of intelligence and evidential requirements. The success of the system allowed all appropriate qualified Team members, including investigators, lawyers and support staff, to produce high-quality products quickly.
Special Tribunal for Lebanon
Key success stories include:
- The delivery of a high-quality information and cyber security awareness product
- The quantifiable improvement of awareness across the Office of the Prosecutor
- 100% positive feedback from delegates of the course and positive responses from the
- Positive impact on the knowledge and behaviour of employees regarding information and cyber security in a high-threat business area
The Special Tribunal for Lebanon (STL) was formed after the United Nations agreed upon a resolution to investigate the assassination of the ex-Premier Rafiq Hariri and other associated terrorist attacks. The Tribunal, especially the Office of the Prosecutor, dealt with highly sensitive material and investigation methods, bringing a high level of scrutiny and targeting by malicious actors.
We were approached to provide high-level information and cyber security training to mitigate threats and risks by the resources of the Office of the Prosecutor. Through an Information Security Awareness Assessment, we established the core requirements for the Prosecutor’s resources, including Open Source Intelligence Knowledge ((OSINT)) and cyber threat mitigation methodologies.
Our experts developed and built an awareness course that was facilitated for over 30 employees. The course used our training and thought leadership expertise to deliver a high quality awareness programme, which was recognised as one of the best products received by the Office of the Prosecutor.
The delivery greatly enhanced the knowledge and awareness of the Prosecutor’s employees and helped implement many threat mitigation strategies for the organisation.
Wilhelmina van Pruisenweg 35, 2595 AN Den Haag
Monday-Friday: 8am – 5pm