Laying the groundwork
Designed to be the next logical step after the completion of a CCS Cybersecurity Gap Analysis, the Cybersecurity Program Development offering achieves the following three main objectives:
- Lays the foundation for IT/IS to enable the business under Governance – IT/IS Governance in its purest/simplest form is the ‘technology’ side and the ‘business’ having meaningful conversations. IT/IS are enablers, nothing more, so the business side needs to share the goals as defined by the highest leadership;
- Oversee the development of an appropriate Policy Set – An organisation’s Policies, Standards and Procedures are its culture, operating baseline, and corporate knowledge respectively. Without a formal process in place to create and maintain this Policy Set, no security program will get off the ground; and
- Implement an appropriate Risk Management program – From Risk Assessment, through Vulnerability Management and Incident Response, to Business Continuity, there’s no point being in business if you don’t intend on staying in business.
The remaining aspects of security (as defined by the Key Domains), are ALL secondary to these foundations.
Note: Optionally, CCS can help draft both the Governance Charter and a full set of Information Security Policies.
The above foundations represent a very significant investment in not only up-front resources, but a long-term commitment to the establishment of a sustainable security program. In all likelihood it will be many months, or even a number of years before the foundations laid here are intrinsic to the culture. The process is difficult and there are no shortcuts.
project plan definition