Security strategy

We assist clients in strategic security planning that is aligned with business and IT strategy and the risk posture and environment. Although the security strategy often involves IT we understand that it should not be limited to IT but should extend to other business groups and include areas such as, privacy, information classification, physical security and user awareness.

Business Aspect takes a risk approach to the development of a security strategy and can provide an analysis of costs and benefits to measure the ROI of security, often referred to as the Loss of No Investment.

This allows our customers to realize how to spend on security and where to focus that spending. An outcome is a 3-5 year roadmap that defines what the strategy is, why it is required and the risks of not undertaking the strategy.

Risk Assessment

Risk assessment is the process of identification of potential risks and focusing management effort on those that are most important at any point in time. Business Aspect practitioners live and breathe risk management. We are constantly measuring the amount of security controls or the level of continuity capability our client’s need whether through our inherent knowledge and interpretation of threat likelihood and business impact or through a detailed standards-based assessment. We have worked with standards, such as AS4360 and have developed pragmatic and efficient approaches based on these.

Business Continuity Management

As leading practitioners Business Aspect uses a defined and proven process for assisting customers through business continuity and disaster recovery planning. Our approach fulfils the requirements of HB221 Business Continuity Management handbook and is aligned with the specification defined in the handbook.

Business Aspect has refined and enhanced these standards-based methods to provide robust yet pragmatic approaches that combined with our extensive intellectual property provides our clients with cost-effective outcomes.

Common BCM outcomes include Capability Maturity Model (CMM) Assessments, Business Impact Assessments (BIA), Business Continuity Plans, Disaster Recovery Plans, Testing strategies, desktop scenario based walkthroughs and training and full site isolation testing and planning.

Compliance and Audit

While Business Aspect takes a risk approach to security and availability we are adept at audit techniques and understand key audit targets. We have CISA certified practitioners who have provided extensive assistance to our clients in audit readiness and remediation.

Business Aspect has developed tools to assist with compliance assessment, whether against best-practice standards, such as AS27001 or against our client’s internal policies. We understand that the actual level of security to meet compliance requirements is based on risk management and not compliance for compliance-sake.

Risk and Continuity Advisory

Business Aspect offers a team of resources with skills and capabilities across the full spectrum of the information security and risk management discipline – from business to technical. Our practitioners have extensive experience in providing information security advice and assistance at various levels within business and Government.

Business Aspect consultants are actively involved in industry forums and exhibit a number of qualifications including:

• Bachelor and Masters degrees with various Majors in Business and Information Technology
• Certified Information Systems Auditor (ISACA)
• Certified Information Systems Security Professional (CISSP)
• Certified Cisco Network Associate (CCNA)
• ITIL Foundation
• Business Continuity Institute (BCI)
• Australian Information Security Association (AISA)
• Information Systems Audit and Control Association (ISACA)
• Information Systems Security Association (ISSA)– Founding President, Queensland Chapter