
How we do it
Proactively avoiding exposure from security threats
The lines between what's physical and digital are blurring... and the risks they face are converging.
Cybersecurity is a growing threat for many businesses as digital technologies are deployed across a huge variety of products and services. The Internet of Things (IoT) has brought about the use of a huge number of services that are revolutionising the way we go about our work and personal lives.
Importantly, the IoT allows us to digitally control 'things' that have real-world consequences - from 'smart home' security and audio systems, to enterprise access control and environmental systems, to 'smart city' traffic systems and electricity grids.
The benefits to be gained are potentially phenomenal, but in the haste to use or create these, security often isn’t top of the list. This creates points of vulnerability that others would use to exploit. Increasingly the lines between physical and digital threat vectors are blurring, as attackers deploy the full range of physical and digital weapons at their disposal to breach systems, steal the information they contain, or weaponise them and turn them on the employees, customers and publics they were designed to serve.
With the commercial and reputational fall-out from attacks bigger than ever, protection from attack has become a Board-level risk agenda item...think Enterprise Security Risk Management (ESRM).
Assessing the complete risk picture
No matter where you are on your physical and information security risk management roadmap, Optic can help you assess and remediate your risk. Starting with a consultation, our team will take the time to understand your current situation and what you want to achieve.
Optic works with over 1,000 clients across New Zealand and Australia, and we know from experience that there is no such thing as a ‘standard’ organisation and virtual businesses operate differently.
We work with your team to identify the physical and cyber - or converged - risks across your organisation, and recommend a customised plan to suit your situation.
We recognise that the increased use of digital technologies and assets has grown exponentially over the last decade and increasingly digital is part of the success plans for many businesses. This has changed how organisations assess ‘risk’ to their people, information and physical assets.
Along with an updated review of the security already in place, Optic can help test your converged (physical and digital) defences, giving you a broad overview of not just what might be an issue, but also how well protected you are. With that knowledge, it then becomes far easier to work on a plan and budget to suit your specific needs.
The Converged Leader
Optic has a 30-year history in Enterprise Security Risk Management.
We are specialists not only in the assessment of threats (e.g. penetration testing) but also in the people, process and technology solutions needed to remediate them.
Our converged security specialists can help you understand what you might not even be aware of today and work with you to assess your ability to proactively avoid exposure and to keep up to date with the evolving tactics of those looking to exploit the converged security environment.
Enterprise Security Risk Management (ESRM)
Our Enterprise Security Risk Management (ESRM) methodology is the cornerstone of our converged security offering. ESRM is the framework that informs what we do and how we do it. It is focused on ensuring the correct controls are deployed and monitored to deliver the appropriate level of security for an organisation. It is consistent with Enterprise Risk Management (ERM) concepts and aligned to the ISO 31000 Risk Management Standard.
ESRM is the management of any security risk using established risk principles, following five steps.
1. Identify and prioritise assets
2. Identify and prioritise risks
3. Mitigate the risks
4. Incident response
5. Ongoing risk assessment
Mapping our solutions to ESRM
The ESRM framework enables us to present our customers with an overview which puts them at the core of a holistic view of the risks they face, and the strategies and controls that can be recommended and deployed by Optic to mitigate these and protect their customers, information and people.
Optic structures its operations and security risk solutions according to the above five-step framework. The following table illustrates this with a small selection of our services:
Structuring our solutions on the ESRM framework assures our customers that the security solutions we recommend and install are commensurate to the risks they are designed to mitigate, fit-for-purpose, responsive to change, regularly serviced and future-proof.