CYBER ADVISORY
SERVICES

Design and implement an effective security operating model that
balances the risk profile of your organisation with your
cyber security requirements.

LETS TALK

WHAT ARE CYBER ADVISORY SERVICES?

JUMPSEC provide a range of advisory services designed to highlight and overcome strategic and operational issues which can impair an organisation’s security operating model, preventing it from functioning effectively and having the desired reduction in cyber risk exposure.

An effective cyber security operating model comprises a multitude of overlapping capabilities and controls. Controls in a cybersecurity context are not limited to purely technical, system-level controls, and can be understood as any aspect of the security operating model, including:

WHY JUMPSEC FOR CYBER ADVISORY SERVICES?

Building and maintaining an effective security operating model is a complex task. JUMPSEC is experienced at supporting organisations with all aspects of their security operations -across offensive, defensive and strategic disciplines.

While many strategy-oriented consultancies will provide audit-centric solutions based on a myriad of frameworks and standards, JUMPSEC can provide superior insight into what comprises an operationally effective security operating model. Our experience of offensive consultancy services, combined with the experience of building and running a Managed Security Operations Centre service, gives us first-hand experience of what works, and what doesn’t. This enables JUMPSEC to move beyond compliance, advising organisations on how to configure their security operations to deliver the outcomes they need.

WHAT OUTCOMES WILL JUMPSEC CYBER ADVISORY SERVICES PROVIDE?

FAQ’S

Yes, JUMPSEC can deliver assessments aligned with industry-recognised frameworks such as:

  • The NIST Cyber Security Framework
  • ISO 27001 and the ISO 27000 Series
  • The CIS Top 20 Controls
  • SOC I / SOC II
  • PCI DSS
  • IT Health Check

Unless certification with a specific standard is required for compliance reasons, JUMPSEC recommends a broader assessment approach using a range of best practices, tailored to be relevant to your business and technology requirements. Even where specific compliance needs must be met, a blended approach can provide a more effective foundation from which specific compliance needs can be more easily met.

JUMPSEC perform a staged Discovery and Gap Analysis exercise to ascertain an organisation’s current maturity level from which improvement recommendations can be made. The assessment is conducted through a documentation review and a series of interviews with senior stakeholders, key IT, data protection and security staff, the HR or Legal team (where relevant), and representatives from any managed service provider(s).

The exercise is delivered across four phases:

  • Kick-off – Hold initial meetings with key stakeholders to set expectations and agree to engagement rules, sharing valuable information about the organisational structure from which interviews and workshops can be scheduled.
  • Discovery – Assess the regulatory, legal and compliance environment that the organisation operates within.
  • Assessment – Conduct a series of interviews with key stakeholders. These sessions focus on policies, procedures, controls, infrastructure, architecture and key indicators of good cyber security hygiene, drawn from a range of appropriate industry-accredited standards and regulations including GDPR, ISO 27001 and the NIST Cyber Security Framework. JUMPSEC will also review documentation to identify acceptable practices that the client has already put in place and uncover less mature areas and gaps.
  • Reporting – Comprehensively detail the team’s findings, identifying both short term ‘quick wins’, as well as medium- and long-term activities which should be pursued, enabling sustained improvements over time, guiding the client to a level of security maturity that is appropriate for its business requirements.

CONTACT US READY TO FIND OUT MORE?