BH Consulting

Helping you Piece IT Together

Why have a Security Assessment?

Why have a Security Assessment?Ensuring the security of your information systems and data is a constantly challenging and changing process posed by new technologies, new threats and regulatory requirements.


Engaging an independent third party provides you with invaluable information on how to stay abreast of current relevant security developments, industry best practices and identify areas of improvement within your information security infrastructure. An independent security assessment also sends a clear message to customers, senior managers and key stake-holders that information security is a high priority issue within your organisation and one that is being managed accordingly.


Our Assessment Methodology

Our Assessment MethodologyOur unique methodology enables us to assess your information security at many different levels such as managerial, process, policy and technical. Our methodology is based on the ISO 27001 Information Security Standard combined with industry best practices and standards published by organisations such as the SANS Institute, the US National Institute of Standards and Technology, the US CERT Coordination Centre and the Centre for Internet Security.


Our assessment also includes a full vulnerability scan of ten IP addresses for known security issues and weak configurations with a 99.995% accuracy using the most up to date and comprehensive database of known vulnerabilities.


Our Approach

Our ApproachWe believe a proper security assessment requires a good understanding of your business and the important business drivers for you and your company. To this end we take the following approach;


  • Our experienced consultants conduct a comprehensive interview to identify the strengths and weaknesses of your security infrastructure.
  • A vulnerability scan of your designated ten IP addresses is conducted and the data collated.
  • A review of the information gathered during the interview and the results of the scan are correlated and examined.
  • The results of our findings are presented to you with issues prioritised according to the potential impact they may have on your business.
  • Where appropriate a list of recommendations will be provided on how to mitigate any issues or gaps identified during the assessment.


Our Deliverables

Our DeliverablesAt the end of each assessment our consultant will sit down with you and provide you with the deliverables listed below in both hard copy and soft copy format. We will discuss each of the key areas within the report to ensure the impact of our findings are fully understand and where necessary provide details on how best to address any issues identified.


Our deliverables to you at the end of this process will be:

  • Detailed reports on any vulnerabilities discovered with the appropriate remedial actions and links to the relevant patches.
  • A detailed report on how your security infrastructure relates to the ten key sections of the ISO 27001 Information Security Standard, which are;
    1. Security policy
    2. Organization of information security
    3. Asset management
    4. Human resources security
    5. Physical and environmental security
    6. Communications and operations management
    7. Access control
    8. Information systems acquisition, development & maintenance
    9. Information security incident management
    10. Business continuity management
    11. Compliance
  • A list of recommendations on how to mitigate any issues identified during the review.
  • Peace of mind and assurance that your information security is in line with recognised industry standards.


For more information on our security assessment service please contact us and one of our consultants will respond to your query. Alternatively you may download our brochure.

BH Consulting - Award 

Winner 2012 BH Consulting - Award 

Winner 2013 ISO 27001 Certification