Cyber Security Governance

An organisation’s board is responsible (and accountable to shareholders, regulators and customers) for the framework of standards, processes and activities that, together, secure the organisation against cyber risk.

All boards should be aware of the cyber threat landscape and should understand what advanced persistent threats are.

A cyber governance health check is a good starting point for identifying areas in which the board should act to improve its cyber risk management.

Cyber Security Strategy

Getting cyber secure should be based on a risk assessment, and should address the key cyber security domains: people, process, technology and compliance.

Risk Management

Cyber security risk assessments are the starting point for a cyber security strategy. Our cyber security consultants can carry out such an assessment for you, or you can go on a certificated course to learn how to do this yourself, and/or you can purchase a cyber security risk management toolkit.

​Enterprise and Security Architecture

Increasingly, organisations deploy enterprise architecture frameworks to design their IT and security infrastructures so that they are aligned with and support their business architecture.

Security Audit, Intrusion Testing

Our cyber security consultancy services include auditing for the existence and effectiveness of cyber security controls. These audits are usually carried out against audit frameworks such as the ISO27002 controls and the 20 Critical Security Controls. We also offer a CREST-accredited IT Health Check and Penetration Testing service.

Regulation and Certification Controls

Regulatory compliance is a key aspect of effective cyber governance. Regulators are paying more attention to cyber breaches, and fines are increasingly onerous. Reputational damage from regulatory breaches can also be significant. Organisations may also have to maintain compliance with Code of Connection requirements, whether these are G-Cloud, PSN, IG Toolkit/N3 or Gambling Commission requirements.

Recovery & Continuity Plans

Cyber resilience is a crucial underlying cyber security philosophy. Sooner or later any cyber defence will be breached. Organisations need to develop cyber resilience, a continuum of tested processes that enable it to respond appropriately to incidents of all sizes, including those which escalate and threaten the survival of the organisation itself.

Cyber security skills

Cyber security is an increasingly complex area. Organisations need either to employ staff who have adequate skills and knowledge or, recognising that there is a global shortage of such skills, ensure that security staff acquire and maintain appropriate skills.  As an organisation, we offer a growing range of cyber security products and solutions for securing content, including both encryption technologies and Data Loss Prevention (DLP) technologies.

How IT Governance can help you

We are the leading provider of information, books, products and services that help boards develop, implement and maintain a cyber security governance framework. In many cases, this involves deploying one or more cyber security management system standards.

IT Governance is unique. Across all the key segments and domains of cyber security, we can usually offer a solution and approach that suits your own organisational budget and culture: we can provide cyber security consultancy services, we can deliver cyber security training (either through a public training course or on-site to a number of your staff), and we also have a comprehensive range of books and tools that will enable you to look after yourself.

Whatever your preference, our unique mix of products and services means that we can serve you precisely.

