Case study: Humberside Police

Organization: Humberside Police
Industry sector: Law enforcement
Head Office: England
Employees: 2,900

Humberside Police need to comply with the BS7799-based Community Security Policy (CSP) defined by the Association of Chief Police Officers. One of the policy’s requirements is that all information systems must be subject to a risk assessment process and that the identified risks must be actively managed.

In the past Humberside Police had used external consultants to help with risk assessment for key systems but had found this an expensive and unwieldy approach.

Humberside’s Information Security Officer, Mick Adair, chose Citicus ONE as a way of carrying out the risk assessment and management process internally. Citicus ONE’s built-in BS7799 standard of practice has allowed Mick to assess the extent of compliance of Humberside Police’s critical information systems through a series of risk workshops involving system owners, users and technical staff.

Mick Adair comments:

“Citicus ONE is an exceptional risk management tool that enables the system owners, managers and users to see immediate results from their input. The product has been well received by all who have been involved as the simplicity of the methodology provides non security people with a clear picture of the risks to their system.”

“Involving the system owners and users to identify the risks and getting them to decide on a risk action plan makes managing and monitoring the risks much easier both in the long and short term.”