IT governance management strategy information security

Megaprime IT Governance IT Management Information Security Assessment & Training Audits & Capability Assessment Business Continuity Management SPIRIT

Information Security Management


    Conference Papers




    Useful Links

Megaprime deliver service oriented, standards-based information security architectures and systems that reflect recommended best practises, satisfy business requirements for information security and integrate with the IT management framework.

Megaprime has specialised in information security management since 1992.

We have international experience:

◊     Assessing information security risk
◊     Establishing information security requirements
◊     Conducting ISO/IEC 17799 (ISO/IEC 27002) gap analysis
◊     Designing and implementing ISO/IEC 27001 compliant Information Security Management
       Systems (ISMS)
◊     Evaluating, selecting and implementing information security products
◊     Designing and operationalizing information security strategy
◊     Managing the information security environment
◊     Conducting ISO/IEC 27001 ISMS compliance audits

Our approach to information security management enables you to:

◊     Implement an ISO/IEC 27001 compliant Information Security Management System
◊     Derive information security requirements from business needs on a
       case-by-case basis
◊     Use risk management methods to select and justify appropriate information security
       services and mechanisms
◊     Deploy information security consistently at distributed locations.
◊     Manage information security in either a centralised, decentralised or hybrid
◊     Devolve information security responsibilities to personnel who are best able to
       manage the risks
◊     Establish a comprehensive set of auditable information security services.
◊     Manage information security service quality using CSFs, KGIs, KPIs, CMM and balanced

We apply the principles of risk management, service management and system security engineering to deliver standards based services for:

◊     User security
◊     Network security
◊     System security
◊     Communications security
◊     Third party access
◊     Incident detection and response
◊     Business continuity and contingency planning

Information security is a process that must be managed. It is not just a complex technical issue that can be resolved in isolation from the business.

If you have information security concerns and run mission critical systems on interconnected computer networks, you should be talking to us. We can help your organization to secure its IT environment. Ask us how.

Best practise references

AS/NZS 4360 Risk Management

ISO/IEC 27001 Information Security Management System Requirements

ISO/IEC 17799 (ISO/IEC 27002) Information Security Management Code of Practise

Cisco SAFE Security Blueprints

Internet Engineering Task Force (IETF) Security RFCs

Microsoft .NET security

Microsoft Systems Architecture (MSA) for Enterprise, Internet and Departmental Data Centres

National Institute of Standards and technology (NIST) information security publications

WSS: SOAP Message Security (WS-Security 2004)

IT governance management strategy information security

Phone:  + 61 (0) 8 9447 8427
Fax:     + 61 (0) 8 9243 0369

15 Beach Road 
Marmion WA 6020


Date that the page was last edited: February 06, 2006