How can we help?

What can KanSecurity do for you?











It is in fact more of, what can I do for you?

I've been around the information and cyber security world for >30 years. This doesn't make me an expert.  I am of an age where cynicism, and here we go again has crept in.  Don't let that put you off. If you have an open mind, and prepared for a discussion then that will only lead onto good and positive outcomes

  • I can help with Certification
    • ISO/IEC 27001:2013, including (where letters of compliance are required)
      • ISO/IEC 27017:2015
      • ISO/IEC 27018:2019
      • In fact there are 188 (growing daily it would seem) from ISO, JTC1/SC27 Information security, cybersecurity and privacy protection, most of which I have a working knowledge
    • tScheme profiles, with ETSI and eIDAS (the latter two remain of limited interest post 31 Jan 2020)
    • Cyber Essentials Scheme; my preference is to work with IASME as the Accreditation body, and come April 2020 the only Accreditation body)
  • If you don't won't Certification, I can help in other ways
    • Building a shorted/small information security management system - your own
    • Looking at information and cyber security risk
    • Internal audit to your own policies and procedures (as the criteria), or simply
    • A gap analysis to which area is of concern
    • Building your control framework in response to your risk treatment decisions (not focused on Annex A of ISO/IEC 27001:2013, but your own framework or that of NIST SP 800-53r5 (although still in draft), CIS framework, or following good practice guidance from UK NSCS
  • If you simply want a checkup completed of the security profile of your business or function, service, department - more than happy to pop along.
  • GDPR (EU), DPA2018 (UK GDPR), PECR2003 - I'm not an expert but neither was a bandwagon jumper back in 2016 out to make a fast buck. I've been around the data protection environment from when the EU Directive 95/46/EC was transcribed into the DPA1998. In fact it goes back to the 84 Act when a Computer Bureaux was all the rage. So ask the question, and yes I can help.
  • Training, mentoring, awareness
    • As an Accredited Training Organisation with the BCS, the Chartered Institute for IT, I can provide accredited training:
      • Certificate in Information Security Management Principles (BCS CISMP)
      • Essentials Certificate in A.I.
        • Currently working on Security Architecture (this one is a 'wait-out" scenario for the moment)
    • Cloud Security Alliance CCSK and CCSK Plus
    • Mentoring to CISSP, CISM and CISA
    • Senior Executive briefings on information and cyber security
    • Staff training on information and cyber security to meet your specific context and needs
    • Helping to build your awareness campaigns
And, a lot more besides.  Experience has been across most business sectors and organisations (UK and overseas). For businesses large and small; mature to start-ups. 

Let me know what you need Email me and I will get straight back to you.  


Popular posts from this blog

Risk and micro, small business

Image
Risk; why is it so difficult? Information security risk management, or if you wish cyber security risk management; either way it appears to cause a bit of a problem. Over many years now I have seen and audited different concoctions, the majority of which fail completely to be effective in managing the risk.  That said, I have also seen some scarily good processes, many of which are application driven rather than spreadsheet driven. This is an out and out plug, but the best and most effective examples have usually be driven by Acuity Risk Management's Stream application .  However, for the micro or small business the best approach is to keep things simple, for the moment at least. Risk description - there are excellent definitions for risk published within various ISO documents. However it all boils down to the following: Source (what is the source of the thing that could happen - internal or external parties) Event (what is going to occur) ...
Read more

Risk and Certification

Image
Risk too...for Certification The previous discussion on information and cyber security risk was focused toward the micro and small business; the purpose being an attempt to get their ball-rolling on looking at risk. Certification to ISO/IEC 27001:2013 (information security management system (ISMS), requirements) needs the business to seriously focus on information and cyber security risk. In fact, clause 6 (Planning) and its sub-clauses are all focused on risk; this is the 'plan' element of the plan, do, check, act (PDCA) dance. On the other hand, clause 8 (Operation) and in particular 8.2 and 8.3 are all about carrying out risk assessment and treatment, the 'do' element of PDCA. The International Organisation for Standardisation (ISO) does not dictate to your business any particular process or methodology for risk. But, whatever process you adopt it must produce consistent, valid and comparable results (clause 6.1.2b).  If not, the syst...
Read more

Sleepless nights, and business owners

Image
What keeps the business owner up at night? I am talking about owners of the micro, small, and in some cases medium sized business; those owners who on a daily basis put their heart and soul into building their business and doing all they can to keep it running successfully; making profit; keeping customers happy; employing people etc. The farthest thing from their minds will be information and cyber security.  It could even be suggested that the mere mention of the subject is likely to result in a furrowed brow followed by, this is what I pay the IT Service Provider to look after. It is not surprising then that the evangelist, having worked in the information and cyber security space for many years, comes across disinterest; disregard; and perhaps just a bit of indifference when the subject is raised. That is not meant to insult the business owners, it’s simply a fact of the evangelist's life. For 20 years and more so many thoughts around how to change mind-s...
Read more