Cybersecurity Risk and Control​

Client Challenge:

The Client is a highly federated organisation and were struggling creating a global holistic view of Cyber and IT Risks, Controls. They asked us to review their capability and to help them create a common and consistent view of Risk and the creation of minimum control standards that all federated business could adhere to.

What we did:

We assigned a TORI Cyber team to:​

  • Establish a baseline view by Interviewing key stakeholders (and documentation) across the business and determine the commonalities, divergences and best practice found​
  • Creation of Minimum Control standards taking the best of what we found with relevant best practice view​
  • Engaged the stakeholders and helped gain their alignment to the standards​
  • We also, as a separate stream helped integrate the risks into an IT Risk Reporting structure and governance​
  • Bullet point list of key deliverables


  • The client was delighted with the work we did and have implemented the MCS’ as well as our ideas on how they should enhance their IT Risk reporting and how they should approach the use of cloud. The client has recently engaged with TORI on other projects.