Information Security Assurance

Security Testing, Audit & Compliance

Acting as trusted independent advisers on a wide variety of issues across the public and private sectors, NGS Secure has the expertise, knowledge and skill to guide you on all areas of information security.

Risk Assessment and Mitigation

A sound risk management strategy will not eliminate risk altogether, but it will aid an organisation in managing risks, enabling it to maximise opportunities and minimise any inappropriate exposure. At NGS Secure, we can help you to understand the risks your organisation faces along with the regulatory requirements placed upon it surrounding; IT; information security and corporate governance; and the implications of non-compliance.

HMG CLAS

We have an in-depth understanding of the UK Government security standards and have been adhering and complying with these for many years for our government customers. As a member of the CESG Listed Advisor Scheme (CLAS), we can provide advice and penetration testing services to government departments and other organisations that provide vital services to the UK.

We participate in a number of the CESG initiatives (for example the Information Assurance Collaboration Group and the CLAS Forum) aimed at ensuring the industry is aware of current government security issues and those anticipated for the future. This involvement enables us to proactively advise organisations on the impact of future changes in UK security policies, on the security of their programmes, and business transformation initiatives.

Secure Development Lifecycle (SDL)

When working with companies that have a software security requirement, including Microsoft themselves, we use a combination of training, product analysis and penetration testing services to highlight security weaknesses and strengthen a product offering. Threat modeling, fuzz testing and code review are all deployed when analysing the security footprint of software. Used correctly in combination with SDL minimum standards, these activities steer a development team away from poor design and implementation choices and also reveal existing security holes in a current product.

Secure Coding Services

One of the least understood and most often overlooked element of a secure environment is the custom software deployed within an enterprise. Developing secure applications is a continual balance between the need for security and the pressures of the development lifecycle. To assist with this we offer a range of secure coding services, including code review, software outsourcing and application architecture design review.

Information Security Advisory

Our expert team of specialist information security consultants provides independent expert advice to clients in the private and public sector. The team, which includes CLAS consultants, will work with you in all areas to ensure that you mitigate risk in a cost, effective and appropriate manner. Areas of expertise include: strategy and planning, policy and governance, architecture, staffing and skills, procurement and encryption.

Business Continuity Management (BS 25999)

In an increasingly risk-aware environment, Business Continuity Management (BCM) is an important component of strategic planning for all organisations. Whilst major high-profile events like terrorist attacks, flu epidemics and natural disasters all push business continuity and emergency planning to the forefront of people’s minds some organisations are more at risk from more mundane but potentially damaging incidents such as technical failure, loss of key staff or premises. We have extensive experience in preparing organisations for a range of eventualities, enabling them to withstand periods of interrupted operation, avoiding loss of business and customer confidence.

Our comprehensive Business Continuity Management services bring together all of the key elements required to ensure that you have appropriate arrangements in place for maximum protection. We work with you to create a business continuity framework - a ‘living and breathing’ plan - that is regularly reviewed, audited and updated to ensure it continues to provide the protection you need.