On a regular basis we are helping organisations, which may even already have ISO27001 accreditation, to identify and mitigate considerable security risk. A badge isn’t enough if you want to protect your organisation – through this review you will receive expert, frank feedback and practical advice on the steps you can take to reduce risk and, very often, considerable cost all at the same time.
There is no one-size-fits-all for security, nor is there a single-fix product you can buy that solves it all. It is easy to think you are protected when you are not – and it is easy to pay too much for unsuitable products and tools. We will help you determine what is the most appropriate set of tools and approaches for you and we will help you implement them.
Through this process, we will use the below matrix to build your plan from:
External Actors | Internal Actors | |
---|---|---|
Prevent | How do we keep relevant external actors out of the system? | How do we prevent internal actors from accidentally or maliciously leaking data? |
Detect | How do we know if an external actor is attacking the system right now? | How do we know if internal actors access data they shouldn’t be? |
Mitigate | How do we reduce the impact of a successful attack? | How do we reduce the impact of a successful attack? |
What do you need the product to do, by when, and what budget are you working with?
Risk exposure
Assess current setup
Plan your response
Implement the plan
Each step is outlined in more detail below, with example questions. We will ask you many more questions during the consultation. Do bear in mind that many of the questions are over the top for many scenarios; we will evaluate the appropriateness with you based on your specific context.
ExposureRisk exposure
Assess current setup
Plan your response
Implement the plan
What obligations are on you? What is the real risk to you and your customers?
Data Breach | Denial of service | |
---|---|---|
Contractual | What do you have in your customer contract or terms of service? | What is your SLA? |
Legal (inc. GDPR) | What types of data do you store on how many people? | Would the system being down have an impact on your GDPR obligations? |
How interesting a target are you? | Is your data valuable in itself? To whom? Could it have ransom value? | Do people have reason to want to hurt you? Is there a ransom scenario? |
What kind of actors are likely to want to attack you?(from drive-by up to state actor). | Similar questions to above. | Similar questions to above. |
What would the real-world consequence of one of these types of attacks be for... | ||
Your customers | ||
You | ||
Users and/or subjects of the system |
Risk exposure
Assess current setup
Plan your response
Implement the plan
Area | Example questions |
---|---|
What is your application architecture? |
|
What does your infrastructure look like? |
|
What is your code like? |
|
What monitoring do you have in place? |
|
What processes do you have in place? |
|
We will fill this in with the specific initiatives that are appropriate to your scenario.
Risk exposure
Assess current setup
Plan your response
Implement the plan
External Actors | Internal Actors | |
---|---|---|
Prevent | ||
Detect | ||
Mitigate |
Risk exposure
Assess current setup
Plan your response
Implement the plan
NewOrbit can help you to implement part or all of the plan:
Discover how our Azure services have helped clients across industries tackle challenges and innovate faster:
One of the biggest misconceptions in AI today is how well it can actually predict things – especially things that are rare. This is most directly applicable to Machine Learning (as they are just statistical models) but the same principle applies to LLMs. The fundamental problem is the same and AI is not magic. In reality, AI’s predictive power is more complicated. One of the key challenges? False positives—incorrect detections that can significantly undermine the value of AI-driven decision-making. Let’s explore why this happens and how businesses can better understand AI’s limitations.
A quick case study on how I went from a Figma presentation to a working Svelte page in less than an hour – with the help of AI and some clever tooling.
As the European Accessibility Act (EAA) approaches its enforcement date on June 28, 2025, businesses must prioritise accessibility to ensure compliance and inclusivity. The EAA sets new standards for software, e-commerce, banking, digital devices, and more, aiming to make products and services accessible to all, including people with disabilities and the elderly. Non-compliance could lead to significant penalties across the EU. At NewOrbit, we believe that accessibility is not just a legal requirement—it’s good design. Take advantage of our free initial review to assess your compliance and stay ahead of the deadline.
020 3757 9100