Designing IT Solutions
16 Lindsay Gordon Place
Heathcote NSW 2233
T: +61 2 8001 6324

General Consulting Approach

Data security has to be taken seriously at every level of the organisation, from the board room to the back room. Defensive layers need to be implemented so that they compliment and overlap each other, but this can only happen after a careful consideration of exactly what needs to be defended, and who the potential enemies are. For example, for most companies it would be far less damaging if details of their suppliers were leaked than if they unintentionally disclosed customer details.

For many organisations, none of this is treated seriously until a breach actually occurs, and then there are reviews, finger pointing and damage control, but the cost to reputation, not to mention direct cost, loss of competitive advantage and impact on brand can never be recouped.

Often, some of the more important aspects of security are overlooked. The focus is on intrusion prevention, but equally important are: detection, reaction and recovery from breaches. Another important issue is the handling of data to minimise exposure to threats. Customer privacy must be enforced not only against external threats, but also against internal dangers.

The company's overall security and privacy policy needs to be a focus of the board and executive layers of the company. How this policy is implemented in the everyday procedures and processes of the company falls on the shoulders of line management. Ensuring that the appropriate controls and defences are in place to enforce policy and protect company data assets generally falls to the IT department.

Designing IT Solutions is able to help right across the spread of data security, from policy to procedure to protection. Our consultants have experience across all levels of the business spectrum, from having been CIO of an ASX 100 listed company, to working as an auditor down at the lowest level of detail. We have experience across a broad range of industries, including government, banking and finance, manufacturing, distribution, R&D, mining, consulting services, telecommunications, education and publishing.

We are constantly refining and developing our methodologies. We keep up with the latest research and evaluate when to incorporate new thinking into what we do. It's important to stay ahead of the game, but we have no interest in being on the bleeding edge either. We continue to refine what information we present to our clients, and how that information is presented. Too often, information is presented in a format that is so technical that the audience cannot really understand it. If you can't understand it, then you can't really sign off on it, and you certainly can't implement it. We aim to ensure that all information is pitched at the correct audience, without skimping on the needed detail.