You probably already know good cyber security practices are crucial for your business. What you’re probably less sure about is how to ensure you’re implementing good cyber security practices. That’s where a cyber security consultant comes in. So, what does a cyber security consultation entail? Nigel Gildea, Head of Consulting at Falanx Cyber, talks through the steps.
We’ll handpick your consultant
Once you’ve picked Falanx for a consulting engagement, your account manager will allocate a consultant to your engagement. The consultant will be chosen from our governance, risk management, and compliance (GRC) team, and will be a subject matter expert, able to meet the objectives defined within the proposal. The account manager will then engage with our scheduling team to identify a range of availability dates which meet your timescale requirements. These will be offered to you and you can choose whatever suits your business, before locking them into our consultant’s diary.
Meet your expert
Your Falanx consultant will then make contact with you to both introduce themselves and understand your business logistics, including office locations and the types of data your business holds, such as customer contact information. This information will be re-validated a couple of days prior to the engagement.
Your Falanx consultant will discuss the nature of the consulting activity and explain to you the typical requirements associated with the consulting. This will allow both you and your consultant to understand who the best person to engage with is within your organisation; this can range from IT staff, senior GRC representatives, HR, Finance and Operational management, through to front of house retail staff and exec level board members. Your consultant will then use this information to propose a schedule of meeting for the duration of the consulting, which will help you to organise internal resources in advance.
Education for us and for you
The first day of your consultation typically begins at 9.30am. Your Falanx consultant will often start the day with an awareness session, engaging with key stakeholders in your business to articulate the approach that will be taken, bespoke to your requirements. This is an opportunity for key stakeholders to learn more about compliance obligations (such as GDPR, PCI-DSS or ISO-27001), and for Falanx to learn as much as possible about your organisation to understand the implications and requirements of a cyber security consultation for you.
Your consultant will then break off into analysis mode. For example, if they are performing a compliance analysis, they will meet with business managers, observe business processes, interview staff, review documentation, and inspect configuration. All these activities will help your Falanx consultant understand your current requirements and how your cyber security posture aligns with the requirements defined in the compliance standard.
Helping you with next steps
Finally, your consultant spends a period of time offsite in order to document your customer report. The timescales associated with the production of this report will be made clear by your consultant on the last day of delivery. The report is aimed at both senior management and departmental representatives, as it will outline your obligations and define a roadmap to improve your security posture or meet your compliance obligations by providing solutions and options. The detailed element of your report will articulate the technical observations identified whilst the consultant was onsite.
Once your report is completed, it will pass through Falanx’s Quality Assurance process. The purpose of this process is to ensure your report meets the objectives defined within the proposal and our strict quality requirements. Once you receive your report, we will give you the opportunity to read and digest the material, and then propose a follow-up debrief session to give you the opportunity to discuss the findings in more detail with your consultant and get the help you need to make any necessary changes to your business’s cyber security practices.
If your business has compliance requirements, or you simply want to improve your practices, get in touch with Falanx Cyber to book one of our expert consultants.