Rivington Information Security

Rivington Information Security provides high calibre Information Security Consultancy and Managed Security Services. Our solutions are practical and carefully scaled to your environment, utilising a great mix of consultant skills and best technology. The projects we work on range from large scale, transformative solutions to smaller scale assessments, audits and remediation.

At Rivington we pride ourselves on the depth of knowledge and experience our Professional Services team has gained; all of our team have worked in the Information Security industry for many years. Because of this we are able to provide our clients with access to the expertise that can design, build and implement solutions that address whatever business Information Security requirements your organisation may have. We specialise in areas such as policy, strategy, vulnerability, identity management and security compliance.
Our consultants’ certifications and experience include:

• PCI QSA & ISO27001 Auditor
• CRISC & CISSP
• PRINCE II
• PKI & Security system design and implementation

and they have provided guidance and advice across many industry sectors including:

• HMG government departments
• Major high street retailers
• Finance & Banking
• Utility companies & Service providers

Our key services include:

Identity Access Management

As organisations move their business towards cloud and mobile based applications, the threats to which they are exposed increase dramatically. Controlling and governing access to applications and information has become an ever more important challenge. At Rivington we understand how important it is to balance convenience and security. Good business relies on the right people having access to the right information at the right time. Organisations must be agile enough to respond quickly, but secure enough to avoid being compromised. Rivington Information Security offer the following core services for Identity & Access Management (IAM):

• Assess the business need and work with internal stakeholders to ensure best fit solutions are considered
• Design the identity architecture so that the correct security coverage and governance is in place from day one
• Build solutions; staging, deploying and tuning to ensure smooth operations
• Implement to ensure the seamless transition and successful adoption of the solution
• Operate and provide thought leadership and education to internal teams so that the solution may become the business as usual model

Compliance Assessment

Rivington provides services to both create compliance frameworks and assess organisations against existing frameworks. Our consultants cover multiple national and international standards including GDPR, ISO27001 and HMG SPF among many others. In addition, we are a Payment Card Industry Security Standards Council (PCI SSC) approved Qualified

Security Accessor Company (QSAC) of ‘good standing’. Our services include:

• Support for the identification of applicable compliance requirements and standards
• Identification of controls required to demonstrate compliance
• Development and collection of appropriate evidence for external auditors
• Support for the design, implementation and operation of compliance management technology
• Implementation of an Information Security Management System (ISMS) with controls and metrics to assess the organisation’s compliance with the approved ISMS and Policies
• Create security standards and policies, including a framework for the adoption, update and retirement of policies

Vulnerability Management

Vulnerability Management is a vital operation within an organisation, however, it can prove problematic due to resource skills, prioritisation and maintenance of signatures. Whether driven by compliance requirements or security policies, Vulnerability Management is not a function which should be overlooked. The threat landscape is constantly evolving, with surveys highlighting technology configuration and staff as a key point of vulnerability. At Rivington we recognise this issue but also believe that people are a great asset in the fight against data breaches. We always favour deploying technology that promotes the role that staff can play in identifying, reporting and defeating threats. Rivington:

• Assess ‘current state’ by conducting an initial Vulnerability Assessment
• Design the solution and build a schedule to ensure adequate coverage of all infrastructure with minimal impact to the network
• Build deploy and tune the solution, working with internal teams at each stage to ensure scan windows are agreed with various internal platform owners
• Implement schedules for internal transition and scanning/patch management, ensuring policies are in place and understood
• Operate and Transition, providing simple platform management through to full operation and transition to an internal team

Rivington proudly maintain a vendor agnostic approach to designing and architecting the best security solution in support of our clients’ business needs and as such has no significant financial links to any vendor or 3rd party. Any recommendations made by Rivington will be based upon best fit, vendor capabilities, product capabilities and client requirements.

Our expert team is dedicated to working with clients to achieve secure and lasting solutions and the broad industry-wide experience we have gained enables us to work smoothly alongside existing teams. We are passionate about what we do and our business is founded on the firm belief that genuine information security is more than an annual tick box exercise. We work with our clients to make a genuine difference to their organisations. Our aim is simple; to make security a business asset.

To contact us, or to see the full range of Rivington’s services and to read some of our Thought Leadership articles please visit our website.

Tel: 
020 36211544

Event Diary

The largest flood exhibition and conference in the world is coming to London’s ExCeL in September.

World of Learning will feature even more opportunities to discover the latest in learning and development (L&D) with over 100 exhibitors, The Technology Test Drive, Learning Design Live, live workshops, one-to-one consultations, free seminars and its renowned annual conference.