Information Assets Audit

During a six-month engagement with a Mutual Insurance Company, I conducted an information assets audit. Interviewing stakeholders from the Life and General Insurance businesses, as well as core business functions such as HR and IT, I compiled a list of information assets and the systems that process them, and assessed the business impact of compromise of these. I then used the ISF’s IRAM2 risk assessment methodology to assess the potential threats and vulnerabilities that were applicable to each asset class.

Concurrently with this I provided subject matter expertise into an RFP process to source a Governance Risk and Compliance tool that would be capable of ingesting the IRAM2 worksheets and producing a holistic view of information risk across the organisation.

Cyber Essentials Scheme

The Cyber Essentials Scheme, and Cyber Essentials Plus, is a security certification introduced by the UK Government to encourage businesses to protect themselves against common Internet threats.

The scheme is based around the National Cyber Security Centre’s Ten Steps to Cybersecurity

Although it is predominantly aimed at Small and Medium sized enterprises, organisations are also required to be certified in order to bid for public sector contracts. Consequently it was a priority for EY to achieve certification and I managed an internal project to do so, achieving certification on the first attempt.

Subsequently I led a team to support a retail client in achieving Cyber Essentials.