RISK - DISCOVERY
Discovery through Consultancy
IL7 know it is not just good enough to tell stakeholders they must have AV or the must have IDS just to be compliant with a set of rules. There may be statutory, regulatory or industry rules or there may be competitive advantage of being compliant with de facto standards. But stakeholders also want to make risk based decisions. It is the impact of not having the security element in question that needs to be exposed. These include the loss in business terms, the reputation, the IPR, regulatory loss or the loss of not being able to take advantage of an opportunity because it is “too risky”. IL7 will consult with stakeholders. The context will have been defined and then the need is to listen to and understand the business managers. Before investing in defences managers will require evidence that they are, or will be targeted by specific threats.
As IT professionals, IL7 will also consult with the customer’s ITC personnel. It is difficult to provide an accurate assessment without getting intimately involved with the ICT. IL7 recognise that every organisation is a potential victim, that every organisation has something of value that is worth something to others. IL7 consultants will probe for any weakness that might result in the organisation being the victim of a targeted or untargeted attack. Untargeted attacks such as phishing and ransomware are part of everyday cyberspace but our customer may also be singled out an attractive target of a DDoS attack or spearfishing. Dependant on the customer organisation IL7 need to recommend appropriate defences, whether basic security controls within a normal budget are applicable or whether more holistic, defence in depth measures are called for.
 IL7 worked with the NPIA to guard against an Anonymous attack on PoliceUK.