Information Security

Information Security


ABF provide detailed assessments of clients Information Security and Data Protection policies and strategies. Rather than simply guide our clients towards achieving industry standards or compliance against industry frameworks ABF leave our clients with a clear understanding and action plan for developing robust Information Security and Data Protection measures.

ABF focus on the 'how to' rather than the 'what to' do. Our team of Information Security, IT, Network and Cyber Security experts audit and review clients infrastructure and current practices and provide clear guidance on how to achieve industry best practice.


Information Security Review

5 day review - 2 days onsite - 3 days off site. Review covers the following areas of Information Security management:

IT Governance:

  • Align IT and Information Security to Business Objectives
  • Provide value for money whilst achieving the business and security goals

Define Responsibility and Develop Metrics:

  • Gaining Support of Senior Management, Line and Business Unit Managers
  • Developing Metrics - What can’t be measured can’t be managed!

Risk Assessment:

  • Cataloguing, Categorisation, Classification of assets
  • ID Risk, Threats, Vulnerabilities – Analysis and Evaluation
  • Risk treatment options and impacts

Controls and Outcomes:

  • Cost versus benefit analysis
  • Education and awareness material

IT Solutions

IT Technical Assessments

  • Assessment of current IT infrastructure and practices
  • Define the business requirements
  • Identify correct IT solution to meet client needs
  • Produce IT plan to aide business growth and development


IT Procurement

  • Leverage our extensive relationship with IT vendors
  • Define project scope
  • Tender document writing
  • Tender evaluation and assessment
  • Detailed reporting and recommendations


For further details download our information booklet



Data Protection Review

3 Day review: 1.5 days onsite, 1.5 days off site. Review covers the following key areas:

  • Discovery : Identification of what personal data is held, for what purpose and where it resides
  • Management: How the data should be used and accessed within clients organisation
  • Security Controls: Establish controls which can be put in place to protect the data
  • Reporting: Obligations for reporting incidents, standard formats prepared and actions plans