CREATING INNOVATIVE SECURITY
Building information security for a privacy-aware world
TECHNICAL ASSESSMENT OR PRE-AUDIT
FTR Solutions will conduct a simulated regulatory assessment or pre-audit of technical and organisational security controls. The aim of the service is to highlight issues that might be identified in a regulatory audit or investigation, but to do so in a safe, confidential environment.
FTR Solutions has unique experience conducting audits of this type for organisations of all sizes, up to and including the largest global multinationals.
INCIDENT RESPONSE ANALYSIS
The ability of an organisation to effectively detect and respond to security incidents is essential to demonstrating that appropriate technical and organisational security controls are in place.
FTR Solutions will analyse an organisation’s incident response capability, determine the extent to which it is likely to match regulatory expectations and, if appropriate, make recommendations for how incident response policy and organisation can be improved.
DATA BREACH INVESTIGATION AND ANALYSIS
Data breaches inevitably arise and, in some cases, these data breaches will lead to regulatory investigations. FTR Solutions will conduct an investigation into a specific data breach, identify root causes and make recommendations for remediation.
In cases where a regulatory investigation has been initiated this service can help anticipate and prepare for potential findings. Acting on the outcome of such an investigation can help to advance arguments for mitigation of regulatory action.
PREPARATION FOR REGULATORY AUDIT OR INVESTIGATION
Large organisations often have difficulty demonstrating all of the good security work that they do. FTR Solutions will help an organisation align their technical and organisational security controls with regulatory expectations.
This is achieved by identifying and organising available technical and legal material and making recommendations arising from analysis of the material. This service also provides the organisation with an opportunity to identify in advance technical and organisational gaps that the regulator might focus on.
Dave O’Reilly is Chief Technologist at FTR Solutions, a consultancy he founded in 2012, specialising in the technical aspects of security and data protection. He has been working in the technology industry for over twenty years, fifteen of those in the areas of information security, cybercrime and financial crime.
He is internationally recognised as an expert in cybercrime and cybersecurity, having supported judges, prosecutors and law enforcement in sixteen countries. Dave advises national, multinational and governmental clients on issues such as regulatory compliance, audit methodology and appropriate implementation of security controls.
In this section you will see a list of recent publications by FTR Solutions and Dave O'Reilly.
The need for individual right to privacy and the need for law enforcement to be able to effectively investigate crime are sometimes portrayed as being irreconcilably in direct conflict with each other. Both needs are legitimate and ignoring the challenges presented by areas of conflict will not make the problem go away.
The document presents a conceptual model that allows for both sets of requirements to be met simultaneously. The reason for this publication is to show that, with some creative thinking, it is possible to identify win-win solutions that simultaneously achieve both privacy and law enforcement goals.
Published by the IETF, May 2018
We want to help you build the right information security programme to meet your regulatory obligations.
If you want to have a conversation to find out what we can do for you, fill out our contact form and we'll get straight back to you, or you can contact us using the details below.
+353 87 231 3257