HOME | SERVICES | ABOUT US | CONTACT

Fitzgerald InfoSec

We are an independent consultancy specializing in establishing and maintaining the availablility, integrity, confidentiality and privacy of information. We have an holistic approach and interpret this scope as encompassing logical, physical, and human based threats and vulnerabilities.

Since its beginning in 1975 Fitzgerald InfoSec has always practiced within its creed - "a problem well defined is a problem half solved".

For us, this creed means that significant emphasis is placed on understanding the client's problem and its implications. From our very first meeting with the client, we "actively listen" to the client's assessment of the problem, providing feedback and clarification until we are sure that the problem is clearly understood by both of us. Where necessary further research may be needed as part of the project to clarify the implications of the problem. In some of our services the need for this this research is already anticipated and is included as part of the project approach. It is also essential for the client and ourselves to understand the client's goals and the Key Performance Objectives of a proposed project. When both of these things are clearly understood and agreed we will know that the basis of a healthy relationship has been established.

Once agreement is reached more focused options can be developed and solutions devised before the best fit solution is recommended. This approach leads the client to Information Security solutions which effectively satisfy their business needs on a long term scale .

Although we operate within a technological environment our focus is primarily on satisfying business objectives within the client's technology framework, not on satisfying technological objectives alone.

In all projects that we undertake, we work with the client, assisting them to understand the problem and its solutions. We do not impose our ideas. We go with our clients on the journey so that our recommendations fit within the organisation's risk tolerance  limits, current and future needs, culture, budget, and management style.

You will gain much from exploring our website and understanding our approach. We look forward to hearing from you to further discuss your needs.

Fitzgerald InfoSec has worked throughout all Australian states, Asia and in many parts of the northern hemisphere. Projects have included all services listed here in all commercial, industrial and government sectors including: banking and finance, education, transport, mining, oil, telecommunications, manufacturing, wholesale and Federal, State and Local governments and agencies.

Our work involves independent consulting advice around the following specific topics within the Information Security, Computer Security, and Enterprise Security arenas:

Information Security Policies and Standards -  AS/NZS ISO/IEC 27001:2006, HB 221:2004, AS/NZS 4360:2004, Guidelines created and reviewed, Information Security Health Checks conducted;

Information Risk Management, Information Security Risk Management including Risk Analysis, Risk Mitigation and Risk Management and Mitigation Registers;

Enterprise Risk Management , Enterprise-wide Risk Management including Risk Analysis, Risk Mitigation and Risk Management and Mitigation Registers;

Business Continuity including: Physical Site Security Reviews; Emergency Management; Crisis Management; Recovery Command & Control; Business Impact Analysis; Contingency Strategies; development and co-ordination of Business Recovery Management including ICT Recovery Planning (DRP) and Business Recovery Planning; Training, Test and Maintenance for both Business and ICT recovery; as well as conducting Annual Tests with Independent Quantitative Assessments and Reports;

Human Aspects of Information Security (HAIS)  - creating a corporate security culture through assessing management, staff, contractor and visitor based risk exposures and exploring the contibution which the staffing life-cycle and other mitigation tools may have in the improvement of such exposures and the shifting of security awareness as a way of being while at work;

Information Security Training and Awareness - International Computer security Day, induction guidance, workshops, online tutorials developed;

Information Security Outsourcing  - Business Continuity Test and Maintenance, Annual Risk Management, Annual Physical Security Review and Mitigation, and Annual Information Security Standards Compliance.

Privacy Impact Assessment -  identifies in detail the use of personal information flows within a business system and analyses the potential impacts on the privacy of individuals. Options are recommended for managing, minimizing, or eradicating such exposures. This service is executed under government guidelines.