IPSec: Efficient Security Risk Management with Strategic Approach

Boardroom decisions cement the future of an organization and only theoretical strategies are not sufficient to draw a clear picture on information security risks and a defined executive direction for the protection of its information assets. Well established communication with a common risk language, endorsement & direction between the executive business management and the CIO - overseeing security – delivers far superior outcomes in risk management. IPSec, a Melbourne based company providing end-to-end information and asset protection solutions, bridges the gap between senior business management and the IT function to in grain information risk management into the culture of an organization.“IPSec has taken advantage of the growing awareness amongst executives and senior managers of the importance of information risk management at all levels of decision making,” says Jeff Sussman, Head of Risk Services, IPSec.

Incepted in 2009, IPSec is constituted of expert risk management consultants specializing in risk assessment & mitigation within the information security and cyber security landscape. The company leverages international standards such as Australian Privacy Principles, ISO 27001:2013, PCI DSS 3.1, and assesses the maturity of an organization in managing information security risk. The assessments utilize a comprehensive set of predefined libraries created through established industry security standards delivering cost-effective risk review and gap analysis within a short time span.

Shedding the traditional spreadsheets, IPSec avails state-of-the-art SaaS tools to minimize the manual work involved in standards based assessment alignment and gap analysis. IPSec works closely with the customer to understand their primary regulatory, compliance requirements, or alignment with a desired information security standard(s). The IPSec risk assessment outcome enables the company to review relevant industry standards, facilitate desired standards assessment compliance with set target maturity levels, and understand specific areas of deviation from their desired security posture.

IPSec and the customer then contextually analyze the output of the assessment ensuring & tuning direct relevance and appropriateness within chosen standards for the organization. Thereafter, appropriate mitigation controls advice aligned to chosen industry standards to mitigate detected risks is provided. Risks are prioritized and mitigation advice is provided in formation of a risk driven security improvement road map.

A set of assessments enable IPSec to measure the gaps between target and assessed control effectiveness forming the basis for gap analysis. The risk report provides information security strategy with management summary, compliance / alignment summary, deviation radar, risk diagram and compliance reference. “Within seconds of completing the assessment, sophisticated risk trees generate multiple reports ranging from Risk Heat Maps to Radar Maps showing Expected vs. Assessed Maturity,” elucidates Sussman. The IPSec SaaS portal provides the organization with the ability to then measure their information security risk improvements and risk posture over time as risk mitigation activities are executed.

The solution brings uniqueness into the realm of risk management. For instance, the Victorian Government has passed a legislation that requires all Victorian Public Sector Agencies and bodies to comply with a specific security standard, VPDSS (Victorian Protective Data Security Standard). The assessment must be submitted to the privacy commissioner for attestation on annual basis, and biannually every entity must provide a data security plan which significantly consumes resources for producing assessment, security plan and compliance with the laid down requirements. IPSec’s Saas smart portal significantly reduces the timeframe, resources and cost required to generate the reports and required compliance. In addition, it can be scaled up to hundreds of departments producing gap analysis and consolidated to deliver policy at the top level.

IPSec has bagged several awards and recognitions including Sophos – VAR of the year and McAfee – Top growth partner in security landscape. The company has recently unveiled the IPSec Guard SIEM cloud service for detecting breach within organizational environments in real time, and immediately prioritizing security tasks helping companies to minimize the impact security breaches. Looking beyond the horizon, IPSec plans to propel its risk solutions on the global center stage by integrating a Task Manager, which will be dynamically linked to the inbuilt Risk Register enhancing the functionalities of IPSec Risk Assessment and Management offerings, as a world class GRC platform.