Designing IT Solutions
5b/3 Central Avenue
Thornleigh, NSW
Australia, 2120


4 Fundamental Questions

Overall there are 4 fundamental questions that need to be asked about security, they naturally flow from the top of the organisation down.

Does the Company security policy comply with legislation and support overall organisational objectives and values?

Do the company's business procedures and business processes uphold the company security policy?

Do the controls enforce the company security policy?

Does the data security model support enforcement of the company security policy?

Designing IT Solutions centre our approach around 5 pillars: –

  • Assessment of potential security risks
  • Prevention of these risks
  • Detection of breach events
  • Reaction to breach events
  • Recovery from breach events

We understand that security is about more than the software that your company uses. Security is a complex layering of controls, some of these are about hardware and software, but just as important are the people and processes within the organisation.

Final Report – Data Security Control Review

The final report structure is as follows: The final report will provide:

  • An enterprise list of the major data information assets that need protection.
  • An enterprise list of vulnerabilities that each data asset would be in danger from.
  • A calculation of likelihood and organizational impact for each identified asset.
  • A list of the existing controls for each asset that mitigate risk.
  • An assessment of the effectiveness of the list of controls in terms of adequacy.
  • A road map in terms of fixing the gaps and the way forward.