YG3
Security Services
Security Services
YG3 helps its clients place information and cyber security risk management at the heart of business strategy and operations.
Assurance
We provide clients with independent verification and insight to the operational effectiveness of controls across the three lines of defence.
Compliance
Our approach is to simplify compliance so it can efficient, sustainable, and effective - keeping it simple so our clients can focus on growth.
Control Design
We provide more than point in time fixes, and work with our clients to design and operationalise innovative sustainable controls.
Strategy and Risk
We develop and operationalise security strategies and risk management practices into the very fabric of our clients operations.
Assurance
Obtain confidence and insight based on evidence
YG3’s proven approach is based on industry standards and can be tailored to assure specific internal client, or third party supplied products, systems, or services. This includes assurance over associated processes and environments (on-premises and cloud).
Compliance
Meet industry rules, regulations, and obligations
The successful approach of YG3 utilises the COSO internal control framework and other industry standards e.g. ISO 27001. YG3 works with clients to embed compliance within business service activities, enabling efficient access to evidence for regulators and competitive sale activities.
Control Design
Design controls effectively to manage intended risk
YG3’s control design assessment approach is based on evaluating six key critical independent factors using predetermined risks and industry standards. Where and when issues exist, YG3 provides recommendations to quickly address the gap and remediate root cause issues.
Strategy and Risk
Tailored security strategies to effectively manage risk
YG3 offers a range of tailored services including the development and management of new capability and service roadmaps; group wide integrated security risk and governance operating models; and strategies that manage security risk during merger and acquisition activities.
Industry Experience
Retail
Key Challenge:
Large mobile phone retailer requested assurance over its business-critical information and cyber security controls prior to launching a new product - the review was time critical and required completion to support an imminent seasonal campaign.
Outcomes:
Over an eight-week period, working with the client’s IT and security team, our specialist identified the assets underpinning the critical business operations and product launch services; performed a risk assessment; and derived and completed a treatment plan to close identified gaps. The new product was successfully launched on time.
Insurance
Key Challenge:
Global insurance firm required assistance, over a short period of time, to design and implement control improvements to enhance the compliance position of its divisional business entities in accordance with the Japanese Sarbanes and Oxley (JSox) regulations.
Outcomes:
Working with the client’s operational business and IT teams, our specialist designed and implemented improved information security controls across several complex services, without impacting live service. This included the design of technology segregation of duties for operational processes that underpinned regulatory financial reporting.
Legal
Key Challenge:
Legal firm required assistance to migrate and uplift its existing ISO 27001 based security operations to the NIST cyber security framework. This included the organisation wide cyber and information security incident security management operating model.
Outcomes:
Working with the client's IT and security team, our specialist designed new cyber security and information risk governance policies, standards, and procedural controls based on the NIST cyber security framework. This included a new cyber and information security incident management TOM; and its integration into the organisation wide crisis response service.
Financial Services
Key Challenge:
Global bank requested assistance to design, and implement, a new enterprise-wide information and cyber security compliance assessment and regulatory reporting service. The existing control process was fragmented and labour intensive.
Outcomes:
Working with the client’s business, IT, and security teams, our specialist delivered the requirement specifications whilst leading the design and build of new security controls and automated sources of MI. Scope of work included a review of dependent systems, process and the design of new control interfaces and data models, and an integration pilot prior to launch.
Government
Key Challenge:
The SIRO from a large government organisation requested assistance to design a single cohesive security and risk management strategy; and a detailed business case and implementation plan to deliver it across several disparate and autonomous business entities.
Outcomes:
Working with the organisation SIRO and a team from each business entity, our specialist reviewed the 'as-is' people, process, and technology involved in information and cyber risk management control services within each business. Then designed the 'to-be' target end state maximising use of existing resources and best practices identified via the review.