Case Study: IT Risk, Information Security and Business Continuity Advisory Services

For over 7 years, Business Aspect has fulfilled the roles of IT Risk Manager and Information Security Advisor to a Banking and Financial Services corporation and continues to be engaged in these roles today. The work of providing specialist business risk and technical advisory services has included delivery of over 50 technical risk assessments and the provision of extensive business continuity management advice. One of Business Aspect’s Partners has had overall responsibility for delivering high quality outcomes through the use of a team of subject matter and domain specialists with expertise relevant to the corporation’s specific requirements.

As part of these roles, we have regularly provided advice to the Corporation on current ‘best of breed’ security practices and solutions, including:

  • evaluation of log consolidation and management solutions
  • identification and market scan of USB security devices
  • system security architecture definition and advice
  • gateway architecture recommendations
  • incident response and management procedures
  • a security policy framework and compliance program that aligned with industry standards
  • a security awareness strategy and tools
  • a project IT risk framework that aligned with the Project Management Office framework and catered for large projects as well as small technical initiatives
  • mentoring of project managers on project risk
  • pre-audit readiness checks and recommendations.

Business Aspect’s work has resulted in a substantial improvement in IT and project governance within the corporation and has resolved numerous audit findings and recommendations. A number of strategic governance outcomes have also been delivered to the Corporation that have resulted in innovative practices for the organisation’s risk and governance framework. The risk review outputs have formed reusable baselines for assessing risk among similar initiatives and determining appropriate controls.