Establish a strategy for your information security

Adapt best practices for better information security management.

This service is intended for:

  • Security administrators or IT experts who are in charge of developing a security system
  • CISOs/CSOs who need to enhance their security approach and guarantee its effectiveness against the latest cyber threats.

This service will help you:

  • Better understand the practices, capabilities and performance of today’s security
  • Better understand the imperatives, scope, limits and responsibilities associated with your security.
  • Set goals for your security state tailored to the context of your organization
  • Devise a plan and milestones enabling you to reach your security state goals

This service will also assist:

  • CEOs and other business leaders who need to know the components of a solid security strategy.

This service will allow them to:

  • Appreciate the value and importance of best security practices.

Our framework for information is built around many best practices and international standards

ISO 27000 series

comprehensive standard providing best practice associated with each controls

PCI-DSS

provides more detailed instruction than most other best practices but not much breadth

NIST SP800 series

provides a detailed list of security controls a long with many implementation best practices intended for federal information systems and organization

COBIT 5 for security

comprehensive standard providing best practice associated with each controls

SANS Twenty Critical

security controls provides a great list of controls for effective cyber defence

Step 1: Determine security needs

Introduce Security Management
Template: Information Security Strategy Workbook Template
Understand business and IT strategy plans
Template: Information Security Strategy Workbook Template
Define security imperatives, scope, and limits
Template: Information Security Strategy Workbook Template
Define risk tolerance level
Template: Information Security Strategy Workbook Template
Assess security risk profile
Tool: Security Pressure Posture Analysis Tool

Step 2: Carry out a gap analysis

Assess current security capabilities
Tool: Information Security Program Gap Analysis and Roadmap Tool
Review penetration test results
Prerequisite: Penetration Test Results Report
Define security target state
Tool: Information Security Program Gap Analysis and Roadmap Tool

Step 3: Devise initiatives to close the gap

Identify security gaps
Tool: Information Security Program Gap Analysis and Roadmap Tool
Build initiatives to bridge the gap
Tool: Information Security Program Gap Analysis and Roadmap Tool
Estimate resources needed
Tool: Information Security Program Gap Analysis and Roadmap Tool
Prioritize gap initiatives
Tool: Information Security Program Gap Analysis and Roadmap Tool
Determine start time and accountability
Tool: Information Security Program Gap Analysis and Roadmap Tool

Step 4: Put together a Transition plan

Finalize the security roadmap and action plan
Tool: Information Security Program Gap Analysis and Roadmap Tool
Build a security charter
Template: Information Security Charter Template
Build the security program organizational structure
Template: Security Governance Organizational Structure Template
Create a change and communication plan
Information Security Communication Plan Template
Develop a metrics program
Tool: Security Metrics Tool
Develop a security services catalog
Template: Security Services Catalog

We provide you with different levels of assistance to best meet your needs

DIY Toolkit

You team already considers this highly important project as a top priority and is dedicating the necessary time and expertise to it, but some support down the road would be extremely useful.

Guided deployment

Your team is aware that there is an issue with a process that needs to be addressed. However, you need support to figure out where to focus. Some verifications throughout the process would help us remain on track.

Workshop

You have to tackle this project at full speed. Your team have the expertise to assume control as soon as a framework and a strategy are set.

Consulting

Your team does not have all the required expertise and time to tackle this project. You need support throughout the entire project.