4 phases to design IT security tailored to your company.
Preliminary Evaluation
The objective of this phase is to identify together the needs and the most important criticalities in terms of IT Security to estimate the service and the project times.
Sharing of the organization's objectives in terms of Information Security and Resilience
Estimation of the initial situation
Understanding of the organization.
Definition of the scope of intervention and the internal resources involved.
Identification of the main criticalities
Estimate of the number of days required for the second phase "Definition of the Security Program".
Safety Program Design
Definition of the intervention and maintenance programs that will form the basis of the service contract
Understanding of the organizational / business model
Knowledge of organizational structures
Acquisition of the main processes
Asset assessment (identify what needs to be protected)
Vulnerability analysis e risk assessment
Proposal of interventions and priorities
Sharing of goals
Formalization of the Security Program
Service contract proposal
Implementation of the Security Program
The essential condition to be successful in a transformation process like this is to establish a relationship of mutual trust and understanding between the CISO and the organization.
Implementation of the agreed Security Program
Periodic meetings with the heads of operational functions
Implementation of the techniques and tools identified
Staff awareness and training program
Verification of the results and evolution of the Safety Program
Maintenance and evolution of the Information Security Program.
Continuous verification and adjustment of risks and solutions in the field
Management of service levels of security solution providers
Support to business functions
Periodic reports on deviations and recommendations for repayment plans
Constant and direct involvement of the Management
Security is the result of processes that include people, skills, behaviors, tools and services and that require effort and time to function properly.
