My client provides real-time sports data feeds from matches around the world to bookmakers, enabling them to provide online in-match betting. The brief was to review the data flows, security controls and integrity checks and to produce a risk assessment considering how such data might be vulnerable to compromise.
To achieve this, I accompanied data scouts to UK football matches from non-league to Premiership to understand how data are captured, visited their two data processing centres in Europe to understand the integrity checks performed and interviewed staff from a range of roles involved in providing the service. I then wrote up the assessment and presented it to the board.
During a six-month engagement with a Mutual Insurance Company, I conducted an information assets audit. Interviewing stakeholders from the Life and General Insurance businesses, as well as core business functions such as HR and IT, I compiled a list of information assets and the systems that process them, and assessed the business impact of compromise of these. I then used the ISF’s IRAM2 risk assessment methodology to assess the potential threats and vulnerabilities that were applicable to each asset class.
Concurrently with this I provided subject matter expertise into an RFP process to source a Governance Risk and Compliance tool that would be capable of ingesting the IRAM2 worksheets and producing a holistic view of information risk across the organisation.
Organisations are realising that they have too much information to be able to protect all of it to the same extent. I led a team identifying and advising on the protection of a FTSE 250 Oil company’s most critical information assets, tracing their “crown jewels” through their lifecycle and recommending targeted security controls for the points at which they were most vulnerable.