About Us

The highly effective solutions we offer cover security, governance, risk and compliance, to help you balance risk and achieve your strategic objectives.

Why choose Sigmatak

In the current economic climate, it's important to keep costs down. Our business model has lean overheads so you get maximum expertise at minimal cost.

Our approach

When you choose Sigmatak as your trusted information security provider, you'll find we take a collaborative and proactive approach. We work closely with you to deliver measurable results in managing and mitigating risk.

Our background

Our experience in information security is deep and broad. We have access to an extensive portfolio of interrelated security consulting services, and can leverage proven technologies according to your requirements.

Our values

• Professionalism
• Integrity
• Honesty
• Trust

Sigmatak Film Competition (SFC)

Sigmatak is pleased to announce the launch of its first global film making competition aimed at children between 11 and 16 years of age.
There will be a prize for the winning entry.

The aim of the competition is to raise awareness of the importance of internet security in the current environment where young people are being exposed to the subsequent dangers associated with their online activity.

Competition Requirements

Objective: Produce a film of not more than 5 minutes (including credits) to increase awareness of the importance of internet security. The film will need to highlight internet risk and appropriate measures children can take to ensure a safer internet experience.

The film can focus on one particular risk, or a variety, at the discretion of the film maker.

Entry Criteria: The competition can be entered by individuals, groups, or on behalf of a school at which the entrant studies.

Prize: If the winning film is a School entry, then the School will win one Desktop Computer. If the entry is an individual entry, then the individual prize will be the new iPad. Group entries will be awarded a £100 gift voucher for each group member, up to a maximum group size of four people.

Deadline: The competition closes on 30th April 2013.

Please refer to the Terms and Conditions of the Sigmatak Film Competition and the Frequently Asked Questions for more information.

Participants must complete the Entry Form to enter.

Governance, Risk & Compliance

It is likely that the performance of your organisation is entirely dependent on your IT.

You need to comply with regulatory requirements, align your IT and business goals, and implement an effective strategy for IT governance including frameworks such as COBIT and ITIL.

Your IT department should work alongside supporting departments with a plan that covers mission, vision, priorities, strategies and technologies. That way, risks are reduced and your business has the best chance of success.

• Information risk management
  • Risk assessment
  • Security strategy/policy
• Business continuity/disaster recovery
• Compliance & governance

More about our information security services

Security Consulting

You can safely turn to Sigmatak to help reduce your risks and meet compliance requirements.

Maybe you want to understand your current security position, assess your risks, and identify specific security gaps, weaknesses and flaws.

Or maybe you want to develop and implement practical security solutions to defend against and respond to attacks.

Whatever your requirements, our security experts will work with you to ensure the solutions you put in place are effective and in line with your overall business objectives.

• Security Assessment
• Gap Analysis
• Security audit
• Penetration Testing
• Web Application Testing

More about our information security services

Team

"Meet the experts behind Sigmatak."

Our key consultants can demonstrate over 25 years' IT security experience between them. They are among the best known and most respected people in the industry, and their expertise is constantly in demand.

Our team includes recognised leaders in security and risk management, together with expert consultants and trusted associates. They have all been hand-picked for their experience in information security and have a wide range of hands-on experience to benefit our clients.

Working for Sigmatak

"Recruiting first-class people is one of our top priorities."

We're looking for people with top quality skills. Do you have experience in the following areas?

• PCI
• Penetration testing
• Technology consulting
• Business continuity/disaster recovery
• ISO27001 audit
• Identity and access management

If yes, there may be a place for you in our expanding team.

You'll need the ability to present creative solutions within client constraints, and be driven to achieve excellent results when fulfilling assignments. You'll be a proactive person who listens for and seizes opportunities. You should also show respect and concern for individuals, work well within a team, and be passionate about your profession.

We will want you to demonstrate professionalism, integrity, honesty and trust. If you are an experienced professional who shares our values, please send us your CV.

Information Risk Management

Sigmatak offers a comprehensive suite of interrelated risk management solutions. With a thorough and methodical approach, we will assess the risks to your critical information, develop policies, implement remediation measures, and provide ongoing monitoring and management.

Our education services are totally flexible according to your needs. Simply tell us your objectives and we will design and implement a programme that supports them.

• Advise the risk profile for your business, stakeholders and partners, technology and vertical industry
• Find out the requirements for information confidentiality, integrity and availability
• Identify what controls you need
• Establish mechanisms for enforcement, monitoring and response
• Put effective measurement and reporting capabilities in place

As with all our flexible services, you can opt for our complete, end-to-end solution, or select specific services to complement your existing efforts.

Contact us for information risk management

Business Continuity/Disaster Recovery

Your business needs to operate continuously, but is at constant risk from system failures, destructive security breaches, natural disasters, war, terrorism, human error, human tragedies and criminal acts such as theft and sabotage.

Using appropriate technologies combined with effective policies and practices and well-trained staff, we can help you reduce these threats within a realistic budget.

While minimising capital and operational costs, our consultants will provide experienced, knowledgeable, and creative solutions for maximising system availability.

If you already have plans in place for business continuity and disaster recovery, we will:

• Assess your existing disaster recovery plan to ensure it is complete and adequate
• Develop a strategy to implement the technical infrastructure for your existing plan

If you would like to develop new plans for business continuity and disaster recovery, we will:

• Work with you to develop plans that are functional, effective and customised to your needs
• Design and implement the technical infrastructure that fulfils your plan requirements

Either way, we work with you to establish a plan for proactively avoiding disasters, reducing the impacts should one occur, and for helping your business return to normal as quickly as possible. And we provide this concerted and well-developed effort without breaking the budget!

Ask us about business continuity/disaster recovery

Compliance & Governance

We have the appropriate technologies to ensure your IT infrastructure is designed, deployed and maintained in accordance with relevant regulations and your business objectives.

Some of the ways we can help:

• Information Risk Management Lifecycle
• Strategies and tactics to address Regulatory Standards
• Asset management: people, information, processes, technologies, and intellectual property
• User security review
• Security monitoring and audit
• Security controls and metrics
• Policies and procedures
• Vulnerability and change management
• Incident handling and response
• Information Lifecycle Management (ILM) and rights management (IRM)
• Encryption at-rest and in-motion
• Awareness of Security Standards
• Compliance testing
• Reporting
• Compliance management and measurement

Ask us about compliance and governance

Security Assessment

With our comprehensive suite of technical security testing, you will be able to establish the effectiveness of your existing security measures.

• Scan your whole IT provision from top-to-bottom, from operating system to application code
• Employ vulnerability and penetration tests
• Validate the strength of your technical security elements
• Address wired and wireless infrastructure as well as unified communications and Voice over IP (VoIP) security
• Address testing requirements of regulatory mandates and industry best practices
• Correlate vulnerabilities to uncover risk and impact
• Isolate specific weaknesses

You can order a security assessment as a one-off consulting engagement or as part of an ongoing assessment.

Book a security assessment

Risk Assessment

We go beyond basic risks and vulnerabilities by incorporating a top-down business view of your organisation coupled with bottom-up analysis of your operations.

• Determine your business objectives, goals and constraints
• Identify the risks of greatest concern within your industry, and the regulatory compliance and governance requirements that apply
• Carry out in-depth 'best-practice' review of your operations, security systems, policies and controls
• Interview your staff to establish whether they are adhering to your security policies, gaps they have identified and problems they experience
• Check whether your security documentation is up-to-date, complete and understandable
• Recommend any necessary technical security assessments such as penetration testing, web application testing and others

Book a security assessment

Security Strategy & Policy

You need to carry out best practice in security in order to stay competitive, meet your compliance requirements and mitigate any risks that may lie ahead.

We go beyond basic risks and vulnerabilities by incorporating a top-down business view of your organisation coupled with bottom-up analysis of your operations.

• Define roles and responsibilities
• Identify key assets
• Compile an inventory of sensitive information, physical security, network security, security in systems development, user education and compliance
• Establish sound security policies aligned with global and local industry standards
• Identify the most effective risk mitigation and regulatory compliance options
• Implement methods for simplifying ongoing analysis, management and reporting
• Review existing policy frameworks against business requirements for security
• Audit existing policy against PCI and ISO/IEC 27001 for evidence of compliance
• Develop and author a structured policy framework
• Author new policies and revise existing policies
• Develop and author supporting procedures to ensure security supports your key business processes

We will develop a strategy that includes both immediate actions and longer-term objectives.

We also work with you to communicate our recommendations clearly to the people they affect, with executive summaries for your decision-makers and include necessary details for your technical staff.

Book a security assessment

Security Standards

Our comprehensive ISMS services complement and support the ISO/IEC 27001 : 2005 standard.

Our security experts will work with you to identify your greatest risks and develop strategies to mitigate them, so you can implement a standards-compliant ISMS:

• Gap analysis to identify compliance gaps in the context of your business operations
• Assess your current security strategy & policy
• Evaluate your existing security systems with penetration testing and web applications testing

If you already have your own ISMS implementation, you can pick from our comprehensive suite of standalone services:

• Gap analysis to find out where you are and where you need to be
• Security audit to see if your existing ISMS implementation is compliant
• Consulting services covering risk assessment and remediation

You need more than security expertise, you also need your IT structure to support your business objectives and scale as your business grows. We can recommend effective solutions for protecting your operations, your assets and your reputation.

Ask about security standards

Regulatory Standards

There is a maze of regulations and standards and it can be a significant challenge to ensure your IT infrastructure meets its obligations while supporting business objectives and adapting to growth and change.

Sigmatak can help you develop a sound strategy to efficiently achieve compliance for your business. Our comprehensive approach covers information security strategies, data management, tracking and control, reporting and audit.

Ask about regulatory standards

Gap Analysis

The scope of our Gap Analysis report is clearly defined, and covers every part of your operations. We will:

• Review your current security practices and tools and compare them against relevant regulatory mandates and industry standards
• Conduct personal interviews with relevant employees to uncover how your procedures, policies, and processes are implemented and used day-to-day
• Review relevant documents that describe your current risk mitigation and security practices, including privacy policies, security procedures, and hardware and software documentation
• Carry out a physical inventory of your systems using the latest software tools to audit the wired and wireless devices and software currently on your network, and to identify any unauthorised connections or devices
• Check your security defences including firewalls, intrusion detection and prevention systems (IDS/IPS), and security software
• Test application vulnerabilities including web applications
• Review and analyse your systems for optimised implementation of security measures including identification of problem areas such as mis-configurations

With this comprehensive report, you will gain a complete understanding of your current security gaps and compliance status, and receive prioritised recommendations to remedy them and mitigate the risks.

Contact us for a thorough Gap Analysis

Security Audit

Would you like to know how security in your organisation compares to mandates, standards and the latest best practices in the industry?

We will work with you to understand your organisation and its operations, and then do a realistic, systematic, technical assessment of your information security.

Our comprehensive approach includes:

• Carry out personal interviews with relevant staff to understand how security policies and procedures are actually used
• Conduct a manual review of your operating system settings, applications and network-connected devices
• Use the latest technology and automated tools to perform vulnerability scans and other tests

You will receive a complete picture of your security status including your threat history and how your security profile relates to industry trends. The report prioritises your assets and vulnerabilities, and recommends solutions that balance risk and cost.

Ask us for a security audit

Penetration Testing

With our penetration testing service, we identify whether unauthorised intruders will be able to exploit any known or unknown vulnerabilities from a technical or business perspective.

Using the latest tools and technology, our tests include your:

• Wired and wireless networks
• Unified communications including Voice over IP (VoIP)
• Key systems
• Applications
• Internet connections

Our expert security consultants will carry tests both on-site and off-site, and then do a detailed manual analysis and correlation of the results. We will provide you with a comprehensive report that addresses vulnerabilities, and recommends what needs to be done in priority order.

Testing Web Applications

Communication between a business, its customers and its staff is increasingly carried out via web applications. We can test any kind of web application, and give you a comprehensive review of any vulnerabilities and related risks.

We combine the latest automated tests with manual examination of your web applications, including a detailed analysis of any custom logic and code.

We test across the full spectrum of potential vulnerabilities, including the top ten threats identified by the Open Web Application Security Project (OWASP):

• Cross site scripting (XSS)
• Injection flaws
• Malicious file execution
• Insecure direct object reference
• Cross site request forgery (CSRF)
• Information leakage and improper error handling
• Broken authentication and session management
• Insecure cryptographic storage
• Insecure communications
• Failure to restrict URL access

Contact us to test your web applications