Sport Event Lifecycle Risk Assessment

My client provides real-time sports data feeds from matches around the world to bookmakers, enabling them to provide online in-match betting. The brief was to review the data flows, security controls and integrity checks and to produce a risk assessment considering how such data might be vulnerable to compromise.

To achieve this, I accompanied data scouts to UK football matches from non-league to Premiership to understand how data are captured, visited their two data processing centres in Europe to understand the integrity checks performed and interviewed staff from a range of roles involved in providing the service. I then wrote up the assessment and presented it to the board.

Information Assets Audit

During a six-month engagement with a Mutual Insurance Company, I conducted an information assets audit. Interviewing stakeholders from the Life and General Insurance businesses, as well as core business functions such as HR and IT, I compiled a list of information assets and the systems that process them, and assessed the business impact of compromise of these. I then used the ISF’s IRAM2 risk assessment methodology to assess the potential threats and vulnerabilities that were applicable to each asset class.

Concurrently with this I provided subject matter expertise into an RFP process to source a Governance Risk and Compliance tool that would be capable of ingesting the IRAM2 worksheets and producing a holistic view of information risk across the organisation.

Protect the “Crown Jewels”

Organisations are realising that they have too much information to be able to protect all of it to the same extent. I led a team identifying and advising on the protection of a FTSE 250 Oil company’s most critical information assets, tracing their “crown jewels” through their lifecycle and recommending targeted security controls for the points at which they were most vulnerable.