1 | Assess Risk Profile
- Understand cyber risk in the context of business objectives.
- Industry trends, known threats, vulnerabilities.
- Map people, process, and technology.
- Digital Asset Inventory & Sustainable Competitive Advantage.
- Other factors such as regulatory or third party risk.
2 | Control Environment
- Control environment should be informed by risk profile.
- Assess environment against best practices such as ISO 27001.
- Rank gaps based on risks and business objectives.
- Document gaps, recommendations, owners, & remediation plan.
- Articulate and visualize findings for decision makers.
3 | Mature
- Import procedures and documentation into inview (optional).
- With management buy-in, identify high ROI projects.
- Risk based remediation that aligns with business objectives.
- Provide road map and PMO for gap remediation.
- Re-test and measure risk to validate resolution.
4 | Monitor
- Internal Audit strategy to ensure effectiveness of controls.
- Ongoing measurement to track progress.
- Committee to ensure alignment with business objectives.
- Track risk reduction and ROI over time (via dashboards).
- Ongoing (at least annual) risk assessment.
What to Expect
- A team of expert security and compliance experts, so you can focus on business.
- An efficient security and compliance strategy that focuses on true risk management.
- Smooth onboarding and an up-front project plan that clearly communicates what to expect during each phase of the project.
- Weekly status reports with meaningful tracking metrics (real time status reports if you are using inview).
- Assistance communicating your security and compliance progress to auditors, customers, and business partners.
- Meaningful recommendations for security and compliance improvements at every step in the project.
- Security expert and auditor perspective to maximize risk management and compliance.