Services > Governance, Risk, Compliance, and Audit
Governance, Risk, Compliance, and Audit
Endure Secure has vast expertise in Governance, Risk, and Compliance (GRC). As well as conducting audits to measure such areas. Endure Secure strongly believes that being compliant with GRC frameworks is imperative for an organisation to have assurance of the strength of their security posture.
Security Program (ISMS) Development and Review
- The development, review, and procurement of several documents, some of the key documents being:
- Disaster Recovery Plan
- Incident Response Plan
- Business Continuity Plan
- Data Classification Policy
- Securing and supporting:
- Corporate brand and reputation.
- Information assets and ICT systems.
- Data privacy and compliance.
- Partner/vendor negotiation.
Risk Assessment and Treatment
Cyber Insurance Advisory
A risk assessment helps identify what needs to be prioritised, in terms of security, based on your organisation’s specific needs. Treatment refers to the actions taken to address the results of the risk assessment.
Threat modelling in many ways is similar to a risk assessment, but is application specific. Risks identified in a threat model are done in a way that can be tracked over time.
Insurance companies often struggle when it comes to appropriately measuring risk for customers wanting to purchase cyber insurance. Endure Secure’s security assessors can advise on risk metrics needed by cyber insurance companies to accurately measure their customers.
Compliance and Audit
ASD Essential 8
ASD Essential 37
ISO 27001 is an independent, internationally-recognised standard on managing information security within an organisation.
A baseline, consisting of 8 essential mitigation strategies to protect organisations of all sizes. Formed by the Australian Signals Directorate (ASD)
A further 37 mitigation strategies to protect organisations of all sizes against cyber attacks.
The NIST Cyber Security Framework is an internationally-recognised standard on managing information security within an organisation. NIST is an agency of the United States government.
The Payment Card Industry Data Security Standard is an information security standard for organisations that handle branded credit cards from the major card schemes.
Endure Secure can audit, create, and uplift ISMS systems.
SOC 2 is a voluntary compliance standard developed by the American Institute of CPAs (AICPA), which specifies how organizations should manage customer data
The General Data Protection Regulation 2016/679 is a regulation in EU law on data protection and privacy in the European Union and the European Economic Area.