Securing
a Digital
Economy
HQ
Cheltenham Spa
1998
Founded by Charles White and David Cazalet
INDEPENDENT
We always recommend what is best for your business
SIMPLICITY
We deliver confidence, not complexity
VISIBILITY
We make risks visible and measurable to the right
people, at the right time
MATURITY
We enable Board-led and business-as-usual risk
management
SC MAGAZINE
Information Security Consultancy of the Year
SECURITY
PRIVACY
TRUST
Digital Innovators
Founded in 1998, IRM is an award winning and independent cyber security consultancy. The company’s vision is to align proportionate and innovative cyber security with the strategic direction of our clients.
IRM works with a diverse range of organisa-tions, including FTSE 100 companies, central Government departments and many interna-tional Blue Chip clients operating in EMEA. Our mission is to help our clients make distinctive, lasting and substantial
improvements to their cyber security posture in times of growing threat and to build a great company which through its thought leadership and innovative solutions attracts, excites, and retains both exceptional people and its customers.
IRM believe that we will be successful if we dare to think about what we do differently and how we deliver cyber security in an innovative way.
Security Specialists
As one of the largest cyber security consultancies in the country, IRM’s
outstanding reputation is based above all on the professionalism, ability and integrity of our people.
We employ professionals with a natural flair for problem solving, commercial awareness and practical experience. Our consultants are regularly invited to present at security conferences and play key roles in industry bodies and working groups, such as CREST. Whilst working for IRM, consultants are able to participate in company funded research into emerging and evolving security threats, such as Cloud Computing, Mobile Devices, the Internet of Things (IoT), Biometrics and Voice over IP (VoIP). This research supports the development of our industry leading testing tools and methodologies, training courses and cyber security services.
Cyber Credentials
IRM has a long established relationship with the National Technical Authority for Information Assurance, CESG and is a member of the CESG, CHECK Scheme with Green light status. CHECK is a partnership between the UK Government and Industry that allows third parties to conduct security tests on Government networks.
We are also a member of the Cyber Security Information Sharing Partnership (CiSP), a real time cyber threat information exchange, and receive insights from a number of well-respected sources, such as the Information Security Forum (ISF).
IRM is proud to be a thought leader in the payment security space, having co-authored the award winning Barclaycard Risk Reduction Programme (BRRP) – a cost effective and risk-based approach maintaining PCI DSS compliance. The BRRP won ‘Compliance Project of the Year’ at the 2013 FStech Awards.
Client Collaboration
IRM builds long-term relationships - working with clients to bring the best of our abilities to every project and achieve success.
We understand the specific business challenges facing the companies we work with as well as their cyber risk posture relative to that of the wider industry. IRM prides itself on implementing managed security services and solutions that support, as oppose to adversely impact, our client’s ability to innovate, invest in new technologies and confidently compete in the Digital Age. In light of our research, cyber security testing and cyber incident response engagements, we take a proactive approach to ensure that the organisations we work with are prepared with actionable threat intelligence and can reduce their risk exposure.
About Information Risk
Management Plc (IRM)
Hu
ma
n Be
havio
ur
New Techn
ology
Rep
uta
tio
n
IT
In
fr
as
tr
uc
tu
re
Re
qu
ire
m
en
ts
Re
gu
lato
ry
Supply
Chain
& Foren
sic R
ead
ine
ss
Incide
nt R
esp
ons
e
Bu
sin
es
s R
es
ili
en
ce
IT Infrastructure
“There is a huge need and a huge
opportunity to … help transform society
for the future. The scale of the technology
and infrastructure that must be built is
unprecedented.”
- Mark Zuckerberg, CEO, Facebook
Almost a quarter of large organisations detected that outsiders have penetrated their networks in the last year. Furthermore, around 70-80% of system attacks
are actually conducted from within an organisation’s internal network2.
If the increasing risk to IT infrastructure is going to be managed – the design and implementation of defences must be multi-layered and not undermined by the weakest link. At IRM we help our clients implement effective security policies, processes, procedures and products to give them a multi-layered and coordinated defence strategy.
Underpinning
our clients
COMPETITIVENESS
with CYBER
SECURITY
Human Behaviour
“Only amateurs attack machines,
professionals target people”
- Bruce Schneier, American cryptographer,
Human behaviour is often the weakest link in the cyber security chain. Last year, 31% of the worst security breaches were caused by human
error and a further 20% by deliberate misuses of systems1. Employee’s
interaction with new technology is amplifying their propensity to make mistakes (in the very worst cases, ‘automating stupidity’) and circumvent security measures.
At IRM, we have the ability to test, measure, train and increase awareness via bespoke campaigns in order to ultimately reduce your behavioural risks.
New Technology
“People who think they
are crazy enough to
change the world are the
ones that do.”
- Steve Jobs, Co-founder, Chairman and CEO, Apple Inc.
Regulatory Requirements
“If you have ten thousand regulations
you destroy all respect for the law”
- Winston Churchill, Prime Minster of the United Kingdom from 1940 – 1945 and 1951 – 1955
The Digital Age has brought forth a number of regulatory requirements, standards, guidelines and certifications. This landscape is highly complex, with domestic and international Government and industry-led standards in existence and development. It is no wonder that complying with laws and regulations is the 4th main driver for information security expenditure3.
IRM identify gaps and common controls across compliance initiatives, helping our clients comply with, and invest in, standards that drive the most business benefit and effectively protect customer information and data integrity.
Reputation
“It takes 20 years to build a reputation and five
minutes to ruin it. If you think about that, you’ll
do things differently.”
- Warren Buffett, American business magnate, investor and philanthropist
The Digital Age has re-written the rule book on customer behaviour and communication. Customers will no longer passively invest in your brand; they expect service on social media and will actively research your company’s digital footprint.
At IRM, we ensure that our clients have tailored and tested plans to prevent a cyber-incident from spiralling into a reputational crisis. We test resilience to high likelihood and high risk events – from an organisation’s network monitoring and forensics maturity through to the preparedness of their communications team.
Supply Chain
“Change the name.” …
“The name has been
poisoned.”
- Don Draper, Mad Men, after being asked what a client should do when its popular brand of dog food is found to contain horsemeat
Incident Response
& Forensic Readiness
“There cannot be a crisis next week.
My schedule is already full.”
- Henry A .Kissinger, American diplomat and political scientist Expect the unexpected – this applies to any type of incident. In cyberspace, the well-known phrase ‘assume you have been breached’ is illustrative of a total shift in perception – fatalism that corporate networks are already infiltrated. 73% of large organisations suffered from infection by viruses or malicious software in the past year (up
from 59% a year ago7).
IRM is able to inform organisations if they are being actively targeted, identify any changes to information systems, implement processes that identify whether forensic investigation is required and quickly deploy an incident response team to conduct complex investigations.
Business Resilience
“Resilience is all about being able to overcome the
unexpected. Sustainability is about survival. The
goal of resilience is to thrive.”
- Jamais Cascio, writer and futurist
Online attacks now cost the UK around £27 billion a year6. Digital
interdependencies associated with the rise of technology have become indispensible to businesses, and demand the same resilient strategies and disaster recovery plans necessary to prepare for a natural disaster, political uprising and world economic or health crisis.
IRM help our clients build cyber resilience strategies and programmes - acting as an extension of existing security and IT teams. We define business risks based on threat-led outcomes, develop policies for the people, processes and technology that access key assets before implementing and testing a recovery plan.
1. Information Security Breaches Survey, Department for Business, Innovation and Skills, 2014 2. IT Infrastructure Security-Step by Step, SANS, 2013
3. Information Security Breaches Survey, Department for Business, Innovation and Skills, 2014 4. Building Resilience in Supply Chains, World Economic Forum, 2013
5. The Global State of Information Security Survey, PwC, 2013
6. The UK Cyber Security Strategy: Protecting and promoting the UK in a digital world, Cabinet Office, 2011 7. Information Security Breaches Survey, Department for Business, Innovation and Skills, 2014
In the event of a data breach, your business will be held accountable for the actions of vendors and suppliers – their risk is your own. More than 80% of companies are concerned about the resilience of
their digital supply chain4. Organisations now require a process for
defining the cyber risks of sharing data with suppliers, customers and partners outside of traditional audit regimes.
IRM categorises suppliers according to cyber criticality via a risk management framework that is flexible enough to cope with the changing nature of these relationships.
Involving cyber security at a project’s outset and being able to calculate the attendant cyber risk of a digital decision enables businesses to confidently (and quickly!) capitalise on new technology and remain competitive. Worryingly, less than 25% of companies currently involve cyber security at the beginning of a digital project5.
IRM sit on a number of innovation teams – aligning business and cyber security objectives to dramatically increase the probability of
