Security
Whatever your area of business, we can help you take the proactive security measures necessary to protect your people, your data, and your reputation.
At Doherty Associates, we appreciate that not all organisations have the same security requirements, which is why our first priority is always to listen.
The more we understand about your business and its potential exposure the better we can support you in developing your resilience to current and emerging threats. So, in the never-ending arms race between malicious actors and their targets, you’ll be better positioned to stay one step ahead with our considered expertise behind you.
However fledgling or well-developed your IT security posture, we’re confident we can add value to it, so please contact us if you think we can help.
- Advisory and vCISO
Many businesses are not yet at a size where it’s appropriate to have a dedicated Chief Information Security Officer. In this situation, we can fill the knowledge gap with regular or one-off consultancy sessions that are not just invaluable but affordable too.
Our consultancy and virtual Chief Information Security Officer (vCISO) function is led by our own CISO, Alex Bransome.
Alex has over a decade of experience in the IT security sector and – crucially – he also understands business priorities, for example, the need for security, productivity and budget to work in parallel.
Alex’s team is responsible for driving our ‘secure by default, secure by design’ approach and for shaping the security toolsets and offerings we create for our clients. The team includes colleagues with Certified Information Systems Security Professional (CISSP) and Certified Ethical Hacker (CEH) qualifications, which means they’re adept in assessing the security of computer systems and in finding and addressing any points of exposure.
Our security advisors bring a wealth of cross-sector knowledge and experience to the table, which allows us to assemble the right set of capabilities to meet each client’s specific needs. Above all, they are passionate about security yet able to cover complex technical scenarios in a highly approachable way.
To find out more about how we can help, please contact us.
- Security operations
In today’s world, security is a never-ending arms race between malicious actors and IT teams. And we have the expertise to keep you on the winning side.
At Doherty Associates, we believe in training our people properly and equipping them with best-in-class tools, so they can resolve issues before they become problems in as many cases as possible.
Our Security Incident Response team members are the ‘first responders’ to any security incident detected or reported to us. All of them have completed the demanding Blue Team Level 1 (BTL1) exam, used to train advanced technical defenders in areas such as law enforcement, government, and finance.
This means that our frontline team is capable of making informed decisions and of addressing a variety of incidents and threats, even when they are complex or cleverly disguised. However, during some more serious security incidents, more in-depth knowledge may be needed to make the right decisions, in which case they are able to access the specialist skills of our five-person Security Operations team.
Our whole approach is joined up and multi-layered. For example, our first responders might remove a piece of malware, but our Security Operations team will then look deeper into how it got there in the first place, what the opportunities were to block it, and what improvements might be made to prevent such an incident occurring in the future. We also look at day-to-day security incidents through a business lens with a view to minimising any negative impacts and resolving problems at their source.
Finally, with such a well-established client base, we are able to gather and aggregate a wealth of information and insight and apply this to improving security across each business we support.
- Managed Security Service
Our Managed Security Service is designed to lift all of your security concerns off of your shoulders – not only by remediating any current problems but by continually improving your security posture.
It’s reflective of our mindset that our Managed Security Service is built to align with all five pillars of the National Institute of Standards and Technology (NIST) cybersecurity framework; the ‘gold standard’ that all US federal and state organisations must abide by.
These five pillars are Identify, Protect, Detect, Respond and Recover. So, rather than putting all of our eggs in the ‘Protect’ basket (like some do), we take a proactive and layered approach.
Naturally, we pinpoint the areas of highest-risk, so we can focus our actions where they are likely to have the most impact. We also analyse our findings to identify what caused them in the first place and this feeds into a process of continual improvement, helping to prevent any similar issues from arising in the future.
For clients who already have a relationship with us, the added value of aggregating rather than outsourcing security is considerable – especially today, when understanding the context of a business, its critical assets, data, and processes goes hand-in-hand with keeping it running safely at full strength. However, we can also support your in-house or third-party teams so whatever your set-up, we’re confident we can play a useful role.
- Security awareness training
We can turn your workforce into a ‘human firewall’ by ensuring they understand the mechanisms of phishing, malware, ransomware and other forms of malicious attack – and are able to apply this knowledge to keeping your business safe.
Leveraging our partnership with KnowBe4, the world’s most popular integrated security awareness training and simulated phishing platform, we can turn your staff into an effective line of defence against social engineering, spear phishing and ransomware attack.
We can work with you to deliver online security awareness training that’s immersive in nature and effective in outcome. This can include simulated phishing events, which can be tailored to your business; often crucial as even simple phishing emails can seem persuasive to the untrained eye.
We then report on the results, so you’re always fully in the picture.
- Governance & compliance
Our experience in highly-regulated markets such as finance and the law has given us a deep understanding of the regulatory landscape. This makes us the ideal partner in protecting and retaining control of your data, and in remaining compliant with the necessary and evolving regulations.
Good governance requires that an organisation’s information is only used for the purposes intended, and that only certain people should be authorised to gain access to it. However, flexibility is also a factor and in certain circumstances, you may need to make protected information more widely available (e.g. to collaborate with colleagues across departments, or to share information with trusted third parties).
We can help you manage your information in a way that allows for ‘exceptions to the rule’ while retaining full control. We can help ensure that your policies keep pace with any relevant changes in the regulatory environment, so you can demonstrate compliance to internal and external stakeholders such as company boards and insurance companies. And we can help you stay secure through every step, from initial assessment through getting your house in order, to ongoing compliance and risk management – with swift response in the event of a suspected breach.
This means that you avoid unnecessary penalties and compensation payments and that your data and your reputation stay protected.