SecureState will begin by performing a baseline assessment that includes an Enterprise-Level Risk Assessment and Strategic and Operational Planning. The Enterprise-Level Risk Assessment will conform to the methodology found within the ISO 27005 standard. This assessment will provide a qualitative assessment of information security risks across the enterprise in a form that can be used by SecureState to baseline your organization's security controls, vulnerabilities, and threats. The Enterprise Risk Assessment is designed to identify areas for improvement, leaving a long list of remediation recommendations for organizations. Without a full understanding of your organization, it is difficult for SecureState to provide meaningful recommendations for timing and prioritization. To address this issue, SecureState will partner with your organization to co-develop the steps necessary to achieve security transformation.
This Strategic and Operational Planning Review will include:
- Financial Analysis
- Organizational Growth Projections
- Personnel Assessments
- Industry Comparison
- Strategic Goals
- Asset Inventory
- Cyber-Liability Policy
SecureState leverage information gathered in the baseline assessment to begin the five-phase process to transform your security organization. This process includes:
Phase 1 - Categorization: SecureState will work with your organization to categorize data by how critical it is to the business. Once categorized, SecureState will prioritize the high value data for further analysis.
Phase 2 - Controls/Framework Development: SecureState will review the existing and recommended controls applicable to the segmentation and protection of this data. SecureState will give recommendations concerning how existing controls can be modified to increase the effectiveness of these controls, and how new controls can be incorporated with minimal business impact.
Phase 3 - Assess Against Control Framework:Once the governance and control frameworks are in place and datasets have been narrowed to a manageable number of high risk items, SecureState can assess the effectiveness of controls. SecureState will perform testing coupled with validation to identify any security exposures or threats that are being missed.
Phase 4 - Implement Roadmap and Assess Effectiveness: SecureState will then work with your organization to implement the improvements identified in the remediation roadmap. This will include leveraging the governance framework to ensure that activities and issues are communicated to stakeholders, timelines are adhered to, and projects are well managed.
Phase 5 - Transition and Manage: After controls are implemented and validated and security processes are in place, SecureState can begin transitioning security and governance processes to your organization. SecureState will accomplish this through staff training and transition of responsibilities to a security steering committee.