EaglePeak Consulting

Quality and Environmental Management Systems

Tel:           +44 (0) 845 230 4191

                 +44 (0) 7725 558 225

E-mail:     enquiries@eaglepeakconsulting.co.uk
SWConsult Logo
BW Logo

 

EaglePeak Consulting Ltd. Registered No. 5799537 England and Wales

Registered Office 35 Badger’s Way, Weston Super Mare, North Somerset. BS24 7ED

Information Security—Key Skills

Neil has implemented an APACS Standard 55 certified Information Security Management System with zero non-conformities at the registration assessment. APACS Standard 55 is a secure printing industry sector specific derivative of ISO 27001, mandating a number of additional requirements.

 

As Management Information Security representative of an APACS approved cheque printing division of a global leader in the share registry sector, the scope of the ISMS included the confidentiality, availability and integrity of assets such shareholder data files, forthcoming corporate actions, high value printed items and blank cheque stock, as well as the applications & infrastructure required to securely & accurately transfer raw data into printed items to be despatched to each shareholder.

 

 

Key Information Security Skills Include:-

 

Information Security Policy Development

Identification of Assets within ISMS Scope

Risk Management of ISMS Assets based on ISO 27001 Methodology:-

 - Identification of threats to the confidentiality, availability & integrity of each asset

 - Identification of the vulnerabilities which can be exploited by each threat

 - Business value of each asset

 - Business impact of loss of confidentiality, availability or integrity of each asset.

 - Determination of risks based on the levels of threat, vulnerability & asset valuation

 - Identification & Selection of Controls from ISO 17799

 - Development of a Statement of Applicability against each control listed in ISO 17799

 - Implementation of Controls

 - Verification of Effectiveness of Controls

Information Security Procedure Development

Development/ Delivery of Training Programmes

Planning & Conduct of Management Review

Planning & Conduct of Information Security Forums

Information Security Auditing

Deployment of Audit Programmes across multi-site operations

Investigation of Security Incidents & Breaches

Corrective & Preventive Action

Service Level Agreement development with outsourced service providers

Business Continuity & Disaster Recovery Planning & Auditing