CommSec’s customers need to ensure that their IT security products, processes and practices are effective, documented and measurable. The methodology employed in conducting our Security Assessments is based on the ISO 27001:2013 Information Security Standard combined with industry best practices and standards published by organisations such as the SANS Institute, the US National Institute of Standards and Technology, the US CERT Coordination Centre and the Centre for Internet Security.

When we undertake a security audit for your business, we examine every aspect of your IT environment and how users and IT administrators work with the IT systems.

At the completion of the audit, we give a comprehensive written report which includes all our key findings and detailed prioritised remediation recommendations.

This can form the basis for strengthening a robust IT security strategy, in line with company risk management and security objectives. We recommend carrying out a security assessment at least annually.

Other solutions to help you prepare for certification

  • Gap Analysis
  • Internal Audit
  • Lead Implementer
  • CISO aaS

What is an ISO 27001 audit?

An ISO 27001 audit involves a competent and objective auditor reviewing:

  • The ISMS or elements of it and testing that it meets the standard’s requirements,
  • The organisation’s own information requirements, objectives for the audit,
  • That the policies, processes, and other controls are practical and efficient.

In addition to the overall compliance and effectiveness of the audit, as ISO 27001 is designed to enable an organisation to manage it’s information security risks to a tolerable level, it will be necessary to check that the implemented controls do indeed reduce risk to a point where the risk owner(s) are happy to tolerate the residual risk.

What are the types of audits?
The standard requires that an organisation is required to plan and conduct a schedule of “internal audits” to be able to claim compliance with the standard. Furthermore, if an organisation desires to achieve certification, it will require “external audits” to be carried out by a “Certification Body” – an organisation with competent auditing resources against ISO 27001.

To ensure maximum benefit from the audit, it is strongly recommended to ensure that the certification body selected is accredited by a recognised supervising authority. 

Internal audit
Internal audits, as the name would suggest, are those audits carried out by the organisation’s own resources. If the organisation does not have competent and objective auditors within its own staff, these audits can be carried out by a contracted supplier. These are often referred to as “2nd party audits” since the supplier acts as an “internal resource”.

External audit
The term “external audits” most commonly applies to those audits carried out by a certification body to gain or maintain certification. However, the term may also be used to refer to those audits carried out by other interested parties (e.g. partners or customers) wishing to gain their own assurance of the organisation’s ISMS. This is especially true when such a party has requirements that go beyond those of the standard.

Get in touch today to book a consultation.

CommSec take ownership of the successful implementation of all projects and services we deliver. We take great pride in the quality of the work we do and as a services driven business we do everything we can to ensure that IT security projects get delivered on time and within budget.

We fully manage all IT security projects and services we deliver. If you already have IT project management expertise in-house, then we work closely with them to ensure the project is delivered as intended.

We can also provide you with a dedicated IT security project manager to help you implement any significant change in your current IT security infrastructure.

The Services

CommSec’s customers need to ensure that their IT security products, processes and practices are effective, documented and measurable. The methodology employed in conducting our Security Assessments is based on the ISO 27001:2013 Information Security Standard combined with industry best practices and standards published by organisations such as the SANS Institute, the US National Institute of Standards and Technology, the US CERT Coordination Centre and the Centre for Internet Security.

When we undertake a security audit for your business, we examine every aspect of your IT environment and how users and IT administrators work with the IT systems.

At the completion of the audit, we give a comprehensive written report which includes all our key findings and detailed prioritised remediation recommendations.

This can form the basis for strengthening a robust IT security strategy, in line with company risk management and security objectives. We recommend carrying out a security assessment at least annually.

DPO aaS

Achieving and maintaining compliance with industry specific data security standards and general compliance standards like GDPR, can place an additional burden on your business. However, remaining compliant with data protection laws and best practises is essential for any organisation.

CommSec offer a broad range of services which help you achieve security and data protection compliance.

We can work with you no matter where you are on the journey to achieving compliance.

Scenario 1

You may already have achieved some compliance or quality standards and you need to build on that to meet new obligations or meet more sophisticated threats to your business.

Scenario 2

On the other hand, you may have very little in-house knowledge around security and compliance. In that case we can provide you with a fully managed program of building the systems and processes in your business to become compliant with GDPR and other regulations that may affect you, such as PCI DSS.

To become compliant- we need to look at your entire business and how it manages data. IT security is only one part of this process. We look at all the information assets in your business-what security technology and data protection processes if any, you have in place, then perform a standards-based risk evaluation and gap analysis.

The outcome of this risk assessment is that we get a clear picture of where your major risk areas and vulnerabilities are.

Then we can design a solution around business processes and technology, to achieve compliance with security standards and GDPR.

  • Data Protection Officer (DPO) as a Service

Our DPO-as-a-Service offering is proving popular with customers who require a Data Protection Officer and where this is not a full-time role. Clients benefit from experienced, objective professionals who are skilled at board-level communication and have a track record of implementing effective Data Protection processes and practices, as well as associated documentation and audits.

Finally, we offer the services of our Data Protection Consultants to provide support to the newly appointed or under-resourced Data Protection Officer in many organisations.

GDPR

CommSec offer a broad range of services in relation to Data Protection. Many of our customers start with a comprehensive Data Protection Impact Assessment, conducted by one of our highly experienced Data Protection Consultants. The written report that follows provides a framework for continuously improving your Data Protection posture, including compliance with the General Data Protection Regulation (GDPR).

We also offer GDPR Training, including classroom and software options. Our classroom training empowers management and assigned Data Champions to communicate effectively and accurately with their teams. Software training solutions ensure that awareness is measured, employees working shifts or remotely are included, improvement metrics are reported on and new hires are not missed.

CISO aaS

Achieving and maintaining compliance with industry specific data security standards and general compliance standards like GDPR, can place an additional burden on your business. However, remaining compliant with data protection laws and best practises is essential for any organisation.

CommSec offer a broad range of services which help you achieve security and data protection compliance. We can work with you no matter where you are on the journey to achieving compliance.

Scenario 1

You may already have achieved some compliance or quality standards and you need to build on that to meet new obligations or meet more sophisticated threats to your business.

Scenario 2

On the other hand, you may have very little in-house knowledge around security and compliance. In that case we can provide you with a fully managed program of building the systems and processes in your business to become compliant with GDPR and other regulations that may affect you, such as PCI DSS.

To become compliant – we need to look at your entire business and how it manages data. IT security is only one part of this process. We look at all the information assets in your business – what security technology and data protection processes if any, you have in place, then perform a standards-based risk evaluation and gap analysis.

The outcome of this risk assessment is that we get a clear picture of where your major risk areas and vulnerabilities are.

Then we can design a solution around business processes and technology, to achieve compliance with security standards and GDPR.

  • Chief Information Security Officer (CISO) as a Service

This is a great option for when there isn’t a full-time requirement for a CISO. Our CISO as a Service gives you access to a very experienced CISO on a long-term continuous basis, but at a level of engagement you can afford. The flexibility of the service means you can pay for what you need to meet your requirements at different times.

CommSec offer a broad range of services in relation to Data Protection. Many of our customers start with a comprehensive Data Protection Impact Assessment, conducted by one of our highly experienced Data Protection Consultants. The written report that follows provides a framework for continuously improving your Data Protection posture, including compliance with the General Data Protection Regulation (GDPR).

What is Digital Forensics?

Digital Forensics is a branch of forensic science that focuses on identifying, acquiring, processing, analysing and reporting on data stored on a computer, digital devices or other digital storage media.

What is covered by the CommSec Digital Forensics Service?

CommSec provide a suite of advanced Digital Forensics services, headed up by Colm Gallagher, a Cyber Forensics expert with 30 years experience in An Garda Siochana before establishing the Digital Forensics practice of CommSec. The primary areas we cover are:

  • Desktop and Laptop Analysis
  • Identification and Securing of Digital Evidence
  • Mobile Device Analysis
  • Data Recovery
  • Breach Analysis
  • Incident Investigation
  • Cloud Investigation
  • Email Analysis
  • Internet History Analysis

What are the main business use cases for Digital Forensics?

For most organisations, the use cases for Digital Forensics in business are:

Incident Response and Damage Control: What happened? When, and for how long, did it happen? How exactly did it happen? What is the extent, or limit, of business exposure?

Internal Investigations: Policy violations, intellectual property theft, fraud, sexual harassment. Forensic methods may be the only way to determine the truth. Use of non-forensic methods exposes business to failure in any subsequent proceedings.

Data Recovery: Forensic methods and equipment can be used in order to try recover data in cases where the cause is not physical failure of equipment. Typically used where human error is cause of data loss.

Securing Evidence: Forensic methods may be used in order to properly secure potential evidence where legal proceedings or full investigation are being considered. If an eDiscovery process is anticipated, evidence can be identified and secured forensically for later use in that event.

In All Cases: Get professional advice early! Mistakes made at the beginning of the process can be very costly indeed!

 

Profile: Colm Gallagher, Digital Forensics Director at CommSec

The Digital Forensics practice of CommSec is led by Colm Gallagher.

Colm is a highly experienced, former police detective with a wide range of experience in the security and investigations industry. Before joining CommSec, Colm spent 30 years in An Garda Síochána(the Irish police force) where he held a number of roles as a detective police officer, including Digital Forensic Analyst and Cyber Crime Investigator.

Colm is highly skilled in the following: computer forensics, cyber-crime investigation, prosecution and expert testimony in criminal cases, case management, systems administration, implementation and configuration of endpoint protection and backup/restore systems, Linux and Windows server administration.

Colm also has a strong IT and security education background with a 1stclass honours master’s degree in forensic computing and cyber-crime investigation from University College Dublin. He also holds a Certified Forensic Computer Examiner certification from IACIS.

 

What is Digital Forensics?

Digital Forensics is a branch of forensic science that focuses on identifying, acquiring, processing, analysing and reporting on data stored on a computer, digital devices or other digital storage media.

What is covered by the CommSec Digital Forensics Service?

CommSec provide a suite of advanced Digital Forensics services, headed up by Colm Gallagher, a Cyber Forensics expert with 30 years experience in An Garda Siochana before establishing the Digital Forensics practice of CommSec. The primary areas we cover are:

  • Desktop and Laptop Analysis
  • Identification and Securing of Digital Evidence
  • Mobile Device Analysis
  • Data Recovery
  • Breach Analysis
  • Incident Investigation
  • Cloud Investigation
  • Email Analysis
  • Internet History Analysis

What are the main business use cases for Digital Forensics?

For most organisations, the use cases for Digital Forensics in business are:

Incident Response and Damage Control: What happened? When, and for how long, did it happen? How exactly did it happen? What is the extent, or limit, of business exposure?

Internal Investigations: Policy violations, intellectual property theft, fraud, sexual harassment. Forensic methods may be the only way to determine the truth. Use of non-forensic methods exposes business to failure in any subsequent proceedings.

Data Recovery: Forensic methods and equipment can be used in order to try recover data in cases where the cause is not physical failure of equipment. Typically used where human error is cause of data loss.

Securing Evidence: Forensic methods may be used in order to properly secure potential evidence where legal proceedings or full investigation are being considered. If an eDiscovery process is anticipated, evidence can be identified and secured forensically for later use in that event.

In All Cases: Get professional advice early! Mistakes made at the beginning of the process can be very costly indeed!

 

Profile: Colm Gallagher, Digital Forensics Director at CommSec

The Digital Forensics practice of CommSec is led by Colm Gallagher.

Colm is a highly experienced, former police detective with a wide range of experience in the security and investigations industry. Before joining CommSec, Colm spent 30 years in An Garda Síochána(the Irish police force) where he held a number of roles as a detective police officer, including Digital Forensic Analyst and Cyber Crime Investigator.

Colm is highly skilled in the following: computer forensics, cyber-crime investigation, prosecution and expert testimony in criminal cases, case management, systems administration, implementation and configuration of endpoint protection and backup/restore systems, Linux and Windows server administration.

Colm also has a strong IT and security education background with a 1stclass honours master’s degree in forensic computing and cyber-crime investigation from University College Dublin. He also holds a Certified Forensic Computer Examiner certification from IACIS.

 

What is Digital Forensics?

Digital Forensics is a branch of forensic science that focuses on identifying, acquiring, processing, analysing and reporting on data stored on a computer, digital devices or other digital storage media.

What is covered by the CommSec Digital Forensics Service?

CommSec provide a suite of advanced Digital Forensics services, headed up by Colm Gallagher, a Cyber Forensics expert with 30 years experience in An Garda Siochana before establishing the Digital Forensics practice of CommSec. The primary areas we cover are:

  • Desktop and Laptop Analysis
  • Identification and Securing of Digital Evidence
  • Mobile Device Analysis
  • Data Recovery
  • Breach Analysis
  • Incident Investigation
  • Cloud Investigation
  • Email Analysis
  • Internet History Analysis

What are the main business use cases for Digital Forensics?

For most organisations, the use cases for Digital Forensics in business are:

Incident Response and Damage Control: What happened? When, and for how long, did it happen? How exactly did it happen? What is the extent, or limit, of business exposure?

Internal Investigations: Policy violations, intellectual property theft, fraud, sexual harassment. Forensic methods may be the only way to determine the truth. Use of non-forensic methods exposes business to failure in any subsequent proceedings.

Data Recovery: Forensic methods and equipment can be used in order to try recover data in cases where the cause is not physical failure of equipment. Typically used where human error is cause of data loss.

Securing Evidence: Forensic methods may be used in order to properly secure potential evidence where legal proceedings or full investigation are being considered. If an eDiscovery process is anticipated, evidence can be identified and secured forensically for later use in that event.

In All Cases: Get professional advice early! Mistakes made at the beginning of the process can be very costly indeed!

 

Profile: Colm Gallagher, Digital Forensics Director at CommSec

The Digital Forensics practice of CommSec is led by Colm Gallagher.

Colm is a highly experienced, former police detective with a wide range of experience in the security and investigations industry. Before joining CommSec, Colm spent 30 years in An Garda Síochána(the Irish police force) where he held a number of roles as a detective police officer, including Digital Forensic Analyst and Cyber Crime Investigator.

Colm is highly skilled in the following: computer forensics, cyber-crime investigation, prosecution and expert testimony in criminal cases, case management, systems administration, implementation and configuration of endpoint protection and backup/restore systems, Linux and Windows server administration.

Colm also has a strong IT and security education background with a 1stclass honours master’s degree in forensic computing and cyber-crime investigation from University College Dublin. He also holds a Certified Forensic Computer Examiner certification from IACIS.

 

Cloud Security content here

Quick Response

Email or Call our team

Call [contact-form-7 id=”1431″]

Certification

ISO 27001

...read more

Partners

...read more

Downloads

Terminology

PCI DSS Payment Card Industry Data Security Standard

Gap Analysis Where your business is now, and where it wants to be

DPO aaS Data Protection Officer as a Service

CISO aaS Chief Information Security Office as a Service

GDPR General Data Protection Regulation