Governance and Strategy
Developing the right strategy for IT governance can be the difference between success and failure as organizations become increasingly dependent on information systems. The heightened concerns of regulators and consumers over the correct use and protection of personal or sensitive information is being driven by growing external and internal threats. Many organizations find that external advice is critical to their ability to evolve a cohesive and business-focused governance and security strategy - particularly when that advice is based on practical experience of other successful projects.
Our approach
Security Strategy and Business IT Alignment
- Alignment of business with IT
- Defining strategy roadmap for two to five years
- Building business cases for security investments
Policies and Procedures
- Designing frameworks for policies and procedures
- Writing policies and procedures
- Implementation of policies and procedures
- Optimization - resources and cost
Awareness and Training
- Development of the awareness collateral
- Running awareness workshops (management buy-in)
- Managing awareness programs
- Compliance management
Security Organization
- Defining information security hierarchy
- Identifying functions for security management
- Establishing RACI matrix and auditing mechanism
- Outsourcing information security governance
Identity, Access and Authorization
- Defining business and technical requirements
- Designing and profiling
- Developing solution architecture
- Process consultancy for efficiency and reduced costs
Frameworks
- CoBiT
- COSO
- ISMS
- ITSM
- TOGAF