Governance, Risk, Compliance, and Audit

Services > Governance, Risk, Compliance, and Audit

Governance, Risk, Compliance, and Audit

Endure Secure has vast expertise in Governance, Risk, and Compliance (GRC). As well as conducting audits to measure such areas. Endure Secure strongly believes that being compliant with GRC frameworks is imperative for an organisation to have assurance of the strength of their security posture.


Governance

Security Program (ISMS) Development and Review

Virtual CISO

  • The development, review, and procurement of several documents, some of the key documents being:
    • Disaster Recovery Plan
    • Incident Response Plan
    • Business Continuity Plan
    • Data Classification Policy
  • Securing and supporting:
    • Corporate brand and reputation.
  • Information assets and ICT systems.
  • Data privacy and compliance.
  • Partner/vendor negotiation.

Risk Management

Risk Assessment and Treatment

Threat Modelling

Cyber Insurance Advisory

A risk assessment helps identify what needs to be prioritised, in terms of security, based on your organisation’s specific needs. Treatment refers to the actions taken to address the results of the risk assessment.

Threat modelling in many ways is similar to a risk assessment, but is application specific. Risks identified in a threat model are done in a way that can be tracked over time.

Insurance companies often struggle when it comes to appropriately measuring risk for customers wanting to purchase cyber insurance. Endure Secure’s security assessors can advise on risk metrics needed by cyber insurance companies to accurately measure their customers.


Compliance and Audit

ISO 27001

ASD Essential 8

ASD Essential 37

NIST CSF

ISO 27001 is an independent, internationally-recognised standard on managing information security within an organisation.

A baseline, consisting of 8 essential mitigation strategies to protect organisations of all sizes. Formed by the Australian Signals Directorate (ASD)

A further 37 mitigation strategies to protect organisations of all sizes against cyber attacks.

The NIST Cyber Security Framework is an internationally-recognised standard on managing information security within an organisation. NIST is an agency of the United States government.

PCI DSS

ISMS

SOC2

GDPR

The Payment Card Industry Data Security Standard is an information security standard for organisations that handle branded credit cards from the major card schemes.

Endure Secure can audit, create, and uplift ISMS systems.

SOC 2 is a voluntary compliance standard developed by the American Institute of CPAs (AICPA), which specifies how organizations should manage customer data

The General Data Protection Regulation 2016/679 is a regulation in EU law on data protection and privacy in the European Union and the European Economic Area.