SECURITY PROGRAM DEVELOPMENT
CISOSHARE professional services are delivered as one-time consulting engagements with specific customized scopes of work.
- Our team wrote one of the first methodical approaches to building a security program published in 2005.
- Our methodology has been implemented thousands of times by others and hundreds of times specifically by our team in some of the world’s leading organizations.
- We specialize in security program development and not simply performing an assessment. We focus on measurement to aid in crafting and then implementing the right path forward.
Common Professional Services Projects:
Below are some common professional services projects performed by CISOSHARE.
Security Program Specific Initiatives
Best Practice Environment, Process & People Gap Analysis
Measures the existing environment against client selected security best practices such as ISO27001, NIST, etc.
Security Program Review with Security Program Governance Options
Begins with a review of key environment variables within the business, in a collection of on-site interviews with stakeholders. Once information is collected it is then utilized to fuel potential options for a security program governance model at the business.
Security Policy Framework Development
Begins by using the information from the environment reviews to fuel the development of a security policy, standard & guideline categorical architecture that aligns to the selected security program structure. During this process, existing policies, standards & guidelines will be measured against this framework for alignment, gaps, or duplicated areas.
Development of Multi-Year Remediation Roadmaps
Environment findings from either our review or existing inputs will be aggregated and organized into a multi-year roadmap. This roadmap will present both capital and operational cost projections associated with each work element.
Development of Reporting Frameworks and Dashboarding
The design of repeatable process and supporting dashboard tools for demonstrating performance, metrics, trending, and execution of the security program.
Business Continuity Program Development
Initiatives associated with Business Continuity and their relation or inclusion within the security program.
Process Development Initiatives
The development of processes in core security program development areas such as:
- Risk Management
- Vulnerability Management
- Security Program and Project Management
- Incident Management
- Security Policy Management
Tactical Incident Management
Response services for specific incidents and the implementation of tactical and foundational security program corrective action plans.
Security Architecture Specific Initiatives
Identification of Security Zones & Data Map for Organization
Seeks to understand the security architecture and associated security zones within the environment across the environment.