We are increasingly reliant on the use of IT systems and mobile
smart phone platforms in our normal
day-to-day business and personal activities. It is of paramount
importance that these systems are sufficiently secure to protect and
secure sensitive, valuable and private data, and associated storage,
communications and transactions. Therefore the design and use of
such systems should be in accordance with best practices for
information security that have been developed by industry,
government and the worldwide expert community. However, it is also
important to realise that there are often practical and financial
constraints, especially with legacy systems and that a lot of effort
in information security is working with imperfect solutions.
Concerns about information security (or cyber security) have never
been greater with huge numbers of attacks and malware targeting our
personal platforms (smart phones, PCs, tablets etc) as well as
traditional servers and Cloud-based services. New apps and services
are often rushed to market with rarely enough attention given to
security threats, attack resistance and impact minimisation.
Crisp is extremely
active and experienced in providing highly expert security reviews
and risk assessment of complex IT systems, including those using
modern devices such as mobile phones, smart cards, NFC, RFIDs, PCs
and server systems. Crisp has reviewed a wide range of systems,
although the company is especially well known for its reviews of
international transport ticketing systems and references can be
provided on request.
Note that the Crisp
Director has many years of industry experience, but is also a
Professor of Information Security. The majority of Crisp employees
and/or expert associates also have strong backgrounds in advanced
The success of a product in many cases is dependent on international standards.
The ability to understand standards, identify key issues and adopt successful
strategy can have major effect. Equally important is to know what can be
realistically achieved within particular forums given the diverse business
interests of the participants.
For smaller companies the emphasis may be to passively monitor standards. Here
assistance may be required to explain the details, receive advance warning of
major changes or simply to have a presence at key meetings.
Larger companies may aspire to proactively influence the standards and this
requires a major step up in class and ability. International standards are
intended primarily as technically driven, objective work-groups, however
whilst this is still partly true, the key players attempt to drive strategy,
for commercial advantage. One person with a great solution, when faced with 20
organised people supporting a lucrative but mediocre solution, will probably lose.
To make progress in standards, Crisp can help you to understand the
players and develop an effective “street-wise” strategy that will lead to