Security architecture is the design of information systems that have suitable security controls in place to mitigate a given level of risk while supporting business functionality and objectives. Arculus consultants are experienced in the use of security architecture approaches including SABSA and TOGAF.
Penetration Testing enables organisations to identify and address vulnerabilities in their information systems before they are exploited and result in a breach.
Arculus is a specialist, independent provider of penetration testing services. We are a member of key security assurance schemes including CREST Security Penetration Testing, and are a Cyber Essentials Plus certifying organisation. Services include:
Compliance frameworks and standards are useful tools for achieving and maintaining a level of security management. Crucially, a recognised certification enables the holder to demonstrate this level to all stakeholders. Arculus are experts at supporting organisations in achieving compliance and certification against key standards including ISO/IEC27001, NIST, SOC2 and the Payment Card Industry Data Security Standard (PCI DSS).
We use principles-based guidance such as the NCSC Cloud Security Principles to assess systems and services and provide reports which can be used to demonstrate how the organisation meets those principles in their own context.
We engage with business and technical stakeholders at all levels to evaluate the governance processes, technical, physical and personnel level security controls. We provide pragmatic support and guidance to build information security management systems that are compliant with ISO/IEC 27001 and can be certified by the chosen certification body. We have a successful track record of achieving certification for clients from small to medium enterprises right through to large corporates operating on many sites with thousands of users.
Effective information risk management is fundamental to successful information security. At Arculus we have in depth experience of using widely recognised information risk management methodologies and processes including ISO/IEC27005. IRAMM, IS1&2. We have designed and implemented custom risk management processes to meet the needs of our customers and have been used in successful ISO/IEC 27001 certification.
Our consultants are qualified to provide information risk management advice under the NCSC Certified Professional Scheme.
Many cyber security incidents can be prevented and mitigated against using good practice and basic security controls and techniques.
Cyber Essentials is a government-backed, industry supported scheme which provides guidance to help all sizes of organisations measure their defences against common forms of cyber-attacks.
The systems that fall under the scope of the Cyber Essentials scheme include internet connected end-user devices (desktop PCs, laptops, tablets and smartphones) and Internet connected systems (e.g. email, web and application servers).
Arculus can provide you with expert consultancy to help you achieve Cyber Essentials and Cyber Essentials Plus certification.
Contact Us