A program assessment management, risk management groups, and information security management teams to evaluate your security program's alignment with and support of business processes and goals. Our assessment ascertains that your program complies with the necessary legal and regulatory requirements and that it supports the overall risk management program. It also evaluates your security management program components, including policies and procedures, security strategy, the selection of solutions, and the collection and management of metrics.
Strategy and Planning
The goal of an information security strategy is to mitigate risks by complying with legal, statutory, contractual, and internally developed requirements, and to do so at a cost that is commensurate with the value of reducing those risks. Typical steps to building a strategy include the definition of business objectives and assets, the conducting one or more risk or program assessments to identify risks, the identification and selection of controls, the development of benchmarks and metrics, and the preparation of implementation and testing plans.
Every company encompasses a unique set of objectives, business and operational realities, and a specific cultural context. Developing a security strategy is dependent upon an understanding of these factors. Information security is most successful when the tenants of "best practice" are tailored to the organization.
The identification and selection of controls is typically grounded in a cost comparison of different strategic approaches to risk mitigation. The cost comparison typically contrasts the costs of various approaches with the potential gains a financial institution could realize in terms of increased confidentiality, availability, or integrity of systems and data. Those gains could include reduced financial losses, increased customer confidence, positive audit findings, and regulatory compliance. Any particular approach should consider: (1) policies, standards, and procedures; (2) technology design; (3) resource dedication; (4) training; and (5) testing.
Virtual positions offer a way to fulfill the need for a specific focus or expertise while avoiding the cost of hiring a full-time employee.
New Officer Support