Introduction: IL7 in 2020
Now IL7 Security is able to meet the requirements of numerous contracts, we have developed and matured a risk assessment methodology called SWIFT which accelerates the process without abandoning adherence to ISO standards. We have also further developed policies that comply with NIST and continue our commitment to ISO 27001, NIS and GDPR. IL7 proposes to be a partner to those clients in the Transport Industry that want to be Cyber Secure. This is why we have developed Transport Cyber (www.transportcyber.com) with the creative design input from Domingo’s Design & Media
IL7 came about after I left BT in 2012 having briefly taken a permanent role to represent them in the PSN space and in their venture with Scottish Government. When they wanted to utilise my knowledge of IDS/IPS and SIEM as an SME for pre-sales, I decided to leave and develop my own consultancy. Before BT, I had run Subrosa Security with consultancy roles undertaken for various Police Forces (MPS, TVP etc.) the Charity Commission, DWP, HO, ONS, HMRC as well as Banks and other Private Sector blue-chips often at the same time. After BT, I was subsumed with roles for the Passport Office, BAE, Air ISTAR and the Rural Payments Agency. While great contracts, my consultancy ambitions sought a wider client base and I believe that I can support customers on both a full time and part-time basis as well as in collaboration with other consultants. Last year I brought my family in to support me with the creation of this web site and to provide business and technical support. During 2017 to date, I achieved goals with greater diversification and provided rolling consultancy to Barclays Bank, the Cabinet Office, the Defence Infrastructure Organisation and Rolls Royce. I have now joined the Consultancy Hub and hope to diversify further into both Public and Private Sectors and bring more intelligent, pragmatic and well-informed advise to IL7's my It is my intention to gradually grow the capacity of IL7 to provide excellent advice through partnership and recruitment.
IL7 support talking about risk in terms our customers understand and in plain English. Follow the link to gain a comprehensive understanding of what WE mean when we say YOU are at RISK - http://www.praxiom.com/iso-31000-terms.htm
IL7 accept a wider audience
Il7 recognises that NCSC, as the technical authority, has obligations beyond the limited fields of central government and can no longer confine its recommendations to standards that suit the HMG community. Even the world of central government has changed widely since the early developments of domain based security (DbSy). We are now faced with the digital economy, digital government and the plethora of new threats associated with embracing the opportunities and risks of cyber.
Threat actors are different, more organised, more technically proficient and the technology in their hands more powerful and sophisticated. IL7 recognises the need for more flexibility in getting the risk message across.
Whether it’s the cyber threat or the insider threat, the risk needs to be quantified and communicated clearly. Areas of local government and health need faster less bureaucratic methods of risk assessment. Others have different control contexts to address and face different regulations and frameworks of compliance. While HMG IA governance is still underpinned by the accreditation cycle whereby SyAc and Accreditor both know the process, this is not guaranteed to continue. Nor, necessarily, does such governance exist universally outside central government. Stakeholders in the risk decision are no longer IAOs, SIROs or Accreditors. The Business Case for risk, the Security Case in IS1/2 terms, needs to be made to the business mover, the one that will pay for the treatment, and suffer the consequences for not doing so. They might not understand IS1 terminology and therefore they need to be spoken in the business language and context they understand. IL7 also recognise that this flexibility in communication needs to be consistent and repeatable so it needs to have a framework. The frameworks offered by ISO 31000 and ISO/IEC 27005 appear to meet these requirements.
Risk is a business concept - the concept is UK.
Successful risk management can affect the likelihood and consequences of risks materialising, as well as deliver benefits related to better informed strategic decisions, successful delivery of change and increased operational efficiency. Other benefits include reduced cost of capital, more accurate financial reporting, competitive advantage, improved perception of the organisation, better marketplace presence and, in the case of public service organisations, enhanced political and community support. CESG were right to acknowledge that risk management in HMG has become tired over the last few years. Methodologies can be too restrictive and need more business focus. IL7 recognises the value of risk management and will seek to inject new positivism and energy into its practice.