ECIS Services

Security Architecture and Design

We assist clients in the design and definition of Security Architecture using a wide variety of Enterprise Architecture Frameworks, including: US Department of Defence Architecture Framework (DoDAF), Zachmann, Sherwood Applied Business Security Architecture (SABSA) and the Ministry of Defence Architecture Framework (MODAF). We can bring experience of design of cryptographic, authentication, authorisation, audit and access control systems in enterprise environments implementing n-tier architectures (CORBA, EJB, J2EE middleware components etc) as well as delivering security design documentation and detailed security requirement specifications.

Enterprise and System Risk Management

We have in-depth specialist experience in application of UK Government and other methodologies to manage risk at enterprise and system levels. This includes undertaking risk analysis and conducting business impact assessments assessing business, operational and technical risks, identification of assets by business and/or security domain (with considerable experience of applying QinetiQ's DBSy methodology), determination of threats and vulnerabilities associated with assets, identification of controls to mitigate risks, identification of residual risks.

Information Assurance Frameworks

We have developed and implemented enterprise-wide assurance frameworks for UK Government clients. As part of the deliverables we assist clients in creating multi-stakeholder IA dashboards to inform senior management decision-making based on identified risk and control metrics. We can also assist in the analysis and definition of appropriate governance mechanisms to ensure an enterprises security governance is fit for purpose.

Information Security Management Systems

We guide clients in the design and implementation of enterprise ISMS. We have skills in the integration of security management within ITIL service oriented environments. Definition of organizational and technical security policy and strategy using ISO17799, ISO27001, JSP440, internal corporate security standards and proprietary methodologies.

UK Government Accreditation

We have consultants experienced in the Accreditation of major UK Government department sensitive application and infrastructure systems uisng the latest UK Government information security standards. We assist clients development of Risk Management and Accreditation Documentation Sets (RMADS) including continuous improvement of the supporting processes and liaison with accreditation authorities.

Information Systems and e-Commnerce Systems Development

We can provide clients with consultants experienced in the complete systems development life cycle of secure multi-tier enterprise architectures using Object Oriented Analysis and Design, UML, RUP, Design Patterns and the latest software engineering techniques. We assist clients in the identification of technical, legal and commercial aspects of security for electronic commerce and financial services organisations, including: legal and regulatory issues, infrastructure and standards for Symmetric and Asymmetric Public/Private Key Cryptosystems, DES, IPSec, SSL/TLS, ISAKMP, CA, PKI and Digital Signature Systems, Smart Cards, Firewall and VPN implementations, database security and computer crime.

Security Awareness and Training Programmes

We assist clients with training needs analysis, job analysis, course design and delivery and training objective validation. This includes design and analysis of quantitative and qualitative research, using questionnaires, telephone, face-to-face surveys and interview techniques. We can create targeted training material utilising a range of eLearning technologies which can be integrated into security awareness programmes. We have experience in the establishment of objectives and components of enterprise training programmes, identifying functional training requirements, aquisition and/or development of training aids and can assist with the identification of external training opportunities.

Business Continuity Management and Planning

We will work with clients in the initiation and management of BCM projects including: risk evaluation and control, business impact analysis, developing an appropriate business continuity strategy, integrating emergency response and operations, defining Corporate, Process and Resource recovery BCM strategies, developing and implementing business continuity, resource recovery and crisis management plans, exercising, maintaining and auditing BCM plans, defining BCM policy and assurance/governance structures.

Programme and Project Management

Our Project Managers have experience of full project life cycle including: bid preparation and management, negotiation, budget control, risk analysis, risk management, quality planning, management and motivation of staff (in-house and third party), preparation and delivery of project management plans and associated project documentation, report writing and general communication skills including internal and external liaison.

Please contact us for more information or to arrange an initial meeting.