Delaney Consulting Ltd - Case Studies

Case Studies

Delaney Consulting is committed to delivering the highest quality advice and guidance to our clients and associate partners. Through our extensive relationships, we have assisted many companies in improving the information security and governance processes and delivered improved management oversight and control, complaince with best practice and improved information security controls. For example, some of our projects have included:

Information Security Dashboard, Multi-national Investment Bank

Delaney Consulting delivered significant improvements in the management control, risk remediaton and reporting of information security risk assessments.

We achieved an improvement of 40% in the outstanding information security risks, by working alongside the in-house information security team to refine the management process in order to track and monitor the mitigation of information security risks. In addition, we improved the monthly management report which was noted by the CIO as being an outstanding example of management information.

ISO27001 Information Security Policy & PCI DSS Compliance, Public Sector

Delaney Consulting, on behalf of our associate partner, delivered a detailed management report on the gap analysis of the current information systems security profile against the ISO27001 and PCI DSS standards. As follow-up, we delivered a further report on how to prioritise the required remediation work based on COBIT.

We carried out a top down and bottom up review of infrastructure security though desktop policy review, selective sampling and internal penetration testing. A detailed map of ISO27001 requirements and gap analysis was provided, as well as recommendations on the remediation work required. Similarily, for PCI DSS requirements a detailed map of the requirements and remediation work was detailed in the management report. Delaney Consulting prioritised the risks to assist management in scheduling the remediation action.

Portable Data Security Review, Multi-national Financial Services

Delaney Consulting delivered an internal audit report, on behalf of the internal audit committee, covering the management and technical controls around portable data devices such as laptops, blackberry devices and USB keys.

In accordance with the internal audit departments procedures, we designed the audit scope consisting of an audit schedule and test plan. Through detailed discussion with staff, we confirmed the internal controls design and implementation in place and verified them via a risk-based sample. The audit report was issued to management for comment and factually reviewed, before being issued to the audit committee.