Control Environment - Part 1 - Welcome

2 minute read

Hello and welcome to the RM Information Security blog

Our blog is a collection of thoughts, templates and ideas that can be adopted by organisations to improve information security.

We decided to produce this blog based on more than 10 years of experience carrying out penetration tests and security consultancy for a wide variety of different clients of all sectors and sizes. Whilst we can’t comment on the individual projects we have drawn conclusions from our findings and decided to created several blog series to address some of the common flaws we see.

Whilst the principals we discuss form the basis of any robust security programme, each series is purposely focused on simple concepts and practical guidance for implementing changes. Our aim is to demystify a complex subject and hopefully inspire and empower businesses to improve security.

Security Control Environment

Who should read this blog?

We have intentionally focused our attention on the practical solutions that impact corporate IT Security and will step you through a number of key principals, based on our findings, that will help you to either start your information security journey or improve on the controls currently in place.

People who will find this blog a useful resource:

  • Business owners and executives
  • IT Managers / Project managers / Developers
  • Technology Students
  • Technology Journalists

A little bit about me

Having worked in various IT Security roles for large organisations (including Head of IT Security within a FTSE 100 business) I am well placed to provide proven advice on what works. My approach to security has always been about technical action over documentation and as such these posts contain realistic recommendations that can be implemented into practically any type of business. The controls and advice contained in each series have been implemented, tested, and improved over years and years.

I am fortunate to have co-founded RM Information Security where our passion is delivering business focused, high quality security assessments. Our experience spans all aspects of Information Security including traditional penetration testing and more complex application security testing, security consultancy, architecture reviews, security programme development, firewall rule audits, security configuration reviews, policy reviews and delivering educational workshops.

So here’s what you can expect

Going forward, you’ll hear from me about once or twice per week with new blog articles, information security news summaries, free information security templates and security advice to help you improve the information security of your business!


To keep up to date on all our posts in the series and others go to today.

Get involved

We would love to hear from you! What subjects would you like us to cover? What are the biggest information security challenges your company faces right now? Or just let us know what you think of our blog.

Please don’t hesitate to contact us –

Mark Wityszyn