information security
Protect the integrity of your data and your business’ operational viability.
From ransom attacks, fraud, and leaks to outright sabotage, the integrity of your data - and by extension, your operational viability - requires a robust information security posture.
In this evolving digital age, both your people and customers are at risk. It is a strategic and social imperative to assess, prepare, and rapidly address the impact of a security breach.
UNDERSTANDING YOUR NEEDS
-
Awareness of Key Regulations
You need to have the right policies, procedures, governance, and compliance controls to face audits and regulatory requirements.
-
InfoSec Maturity Level
With no clear response plan, you’re uncertain of the most likely and impactful risks to your business, and so where to prioritise security resources and efforts.
-
DevSecOps
Your software development approach is lacking in security elements and is too costly to maintain.
-
Trained Employees
You are not 100% confident that my team won’t fall for insider threats and social engineering adversaries, like phishing.
Why choose Alumni?
Customers need to trust that their data is safe and that if a breach happened, your organisation is prepared to mitigate the risk and respond rapidly.
This depends on a detailed security architecture, implementing the requisite controls and protection measures, and ensuring the responsibility of security is understood across all levels of your organisation.
Clients need to first understand the relevant compliance, regulatory, and governance requirements and procedures in their industry. A risk assessment and managed exposure test is then performed to define specific threats and introduce an upgraded security architecture.
To build trust and credibility in both your InfoSec maturity and operational resilience as a business, we validate the requisite controls, protection measures, monitoring capabilities, and response strategies. This may include in your application development process, data loss protection, and extended response.
To successfully mitigate threats, your organisation must rapidly deploy and embed security and risk awareness across all levels. Change management and gamification techniques are employed to cultivate a shared responsibility for security.
-
A globally recognised, logistics specialist was looking to get its IT Risk and Security business certified by ISO27001.
While they had a robust infrastructure, they lacked the necessary frameworks, processes, and resources to deliver and successfully manage the programme.
Alumni were chosen for our extensive knowledge of Information Technology Infrastructure Library (ITIL) frameworks and our comprehensive understanding of the broader IT Service Management (ITSM) landscape, including DevOps, Agile, Lean IT, and Service Design.
We provided tailored coaching on ITIL and ITSM best practices, conducted thorough audits to identify gaps, and offered continuous support to implement necessary changes aligning with ISO27001 standards. Our proactive approach to managing IT projects and services enabled us to identify potential risks early and implement mitigation strategies, significantly reducing their impact.
The results were three-fold: the ease of doing business with customers increased dramatically due to the implementation of appropriate controls, interactions with regulators were simplified, and the certification process expedited the business case for the client to standardise controls across all its subsidiaries.
services for every need
-
Audit & Cert
Strategically evaluate your information security practices, ensuring alignment with industry standards and regulatory requirements. Revise and uplift policies and standards, providing advisory and pragmatic delivery services for Information Security management certifications.
-
Infosec Maturity
Develop established cyber risk management strategies that align with your risk tolerances and the outcomes of cybersecurity and risk culture assessments. Ongoing maturity monitoring and benchmarking accompany implementation support for identified improvements.
-
Operational Resilience
Drive continuous improvement in vulnerability and risk management across the CI/CD pipeline with our modular approach. Build immediate trust and support, instilling a core structure and competency of DevSecOps across your organisation to ensure quick recovery from disruptions.
-
Employee Awareness
Transform your organisation-wide culture to better manage human risks by engaging and motivating teams to shape and influence behavior. Move beyond traditional training to create a digitally enabled, security-conscious environment.
MEET OUR infosec EXPERTS
Noel Mookerji
Lead Consultant
Noel Mookerji
Lead Consultant
Noel is a business and IT delivery lead with 20+ years of experience in leading and developing high performing cross-border, and multidisciplinary teams to deliver customer-focused digital solutions. He is passionate abour leveraging technology that enable organisations to optimise business benefits and improve operational efficiency.
Ronald Ng
Head of Technology (Hong Kong)
Ronald Ng
Head of Technology (Hong Kong)
Ronald is a technology leader with 16 years of IT experience MNCs in client-facing roles. He transforms customers IT capability to deliver new ways of creating business value and enabling agility in operations. The unique combination of business knowledge and Ronald’s technical background, is a perfect storm to spawn new value strategies, developing technology planning, whilst working with existing capabilities and partnering with vendors and/or service teams to deliver results.
Aiza Serrano
Continuous Improvement Consultant
Aiza Serrano
Continuous Improvement Consultant
Aiza has over 10 years of experience in the development and implementation of strategies aimed at enhancing processes and procedures within an organization. Her focus lies in ensuring these efforts seamlessly align with the standards set forth by ISO 9001 for Quality Management Systems and ISO 27001 for Information Security Management Systems.