Nettitude provides services for company executives to help aid the information flow within the business. Through understanding the critical management information that is required within an organisation and by identifying the policies, controls and strategies that are in place to enforce them, Nettitude is able to provide strategic guidance around corporate governance.
What is Governance?
Governance is the phrase that is used to describe the way in which an organisation manages the relationships between its main internal and external stakeholders.
In larger organisations it is not uncommon for there to be conflicts of interest between some of these stakeholders. For instance employees may have objectives that are dissimilar to the leadership team, and both of these parties may have objectives that conflict with shareholders. The concept of corporate governance is used to increase accountability within these stakeholder groups.
Numerous acts, including the Cadbury Report, a series of OECD reports and the Sarbanes-Oxley Act all make reference to the principles of corporate governance within an organisation. In both the UK and US, an “Anglo-American” model of corporate governance is practiced, where a board of directors and non-executive directors is elected to serve the objectives of the shareholders.
Risk Management Services
Risk management is a phrase that is used to describe the process of identification, assessment and prioritisation of risks. Every organisation, whether large or small, conducts risk assessments every day of the week. However in many instances the measurement of risk is ad-hoc, undocumented, and follows no defined structure. This can result in disjointed risk management, and ultimately higher levels of residual risk than would ordinarily be achieved through a formal risk management program.
The typical responses to risk are: risk transferral, risk avoidance, risk reduction, or risk acceptance.
At the beginning of any engagement, risk appetite and risk tolerance needs to be fully understood.
Nettitude defines a clear scoping document that identifies all areas of assessment.
Assets and focus of interest: Nettitude moves on to identify the focus of interest. This could include a business unit, an IT asset, an application or a data set.
Determination of business impact: If an FOI was compromised, there would be a compromise in confidentiality, integrity or availability. This in turn would have a consequential business impact. Nettitude uses a series of business impact tables that help to quantify the impact of a compromise.
Assessment of threat sources & threat actors: Nettitude identifies who the threat sources and threat actors are that could impact an FOI.
Threat assessment: Nettitude identifies the threat as a combination of both capability and motivation of threat actors and threat sources to attack an asset.
Identification of compromise methods (vulnerabilities): Nettitude attempts to identify the compromise methods that a threat actor would use to compromise confidentiality, integrity and availability.
Assessment of likelihood: Nettitude attempts to measure the likelihood that a threat will exploit a vulnerability, leading to a business impact.
Once this risk level has been ascertained, Nettitude moves on to generate risk mitigation guidance. This guidance is used to manage the risk in a manner consistent with the organisation’s initial risk appetite.
Global Compliance Services
Nettitude has presence in both the UK and North America. We help hundreds of merchants, in the providing of compliance and cyber security consultancy services, which are highly focused on the Payment Card Industry Data Security Standard (PCI DSS). We are one of less than ten organisations worldwide to be recognised by the PCI Security Council (SSC) as a PCI QSA, PCI ASV, PCI PA QSA and PCI P2PE QSA. Combining this level of focus with our award winning penetration testing practice, malware analysis and forensics labs, makes us highly unique and sought after within this industry.
As part of our end-to-end approach to security, Nettitude provides focused design, implementation, support and testing services that address many of the technical requirements of cyber security. In addition to this, Nettitude can carry out formal risk assessments, security auditing services, comprehensive policy & procedure definition and alignment.