Cybersecurity Strategy and Operational Assurance

Cybersecurity Strategy and Operational Assurance

Keep moving forward

Designed to be final phase of the CCS Cybersecurity Development Program series, the CCS Cybersecurity Strategy and Operational Assurance offering can take the place of dedicated in-house cybersecurity expertise for the short, medium, or even long-term. Depending on client needs, the service can include:

  1. Continued alignment of cybersecurity to corporate strategy and business goalsOften called ‘virtual CISO’ or other buzz-phrase, it is nevertheless a fact that few organisations require a full-time employee at this level. The role must be fulfilled however;
  2. Cybersecurity representation in the Governance meetingsMost organisations already have representatives for Sales, Operations, Legal, HR etc, few have dedicated in-house cybersecurity expertise. It is critical that security is in on everything; and
  3. Operational Assurance / Internal AuditEvery Key Domain entails the periodic maintenance of some process, some have several. From quarterly vulnerability scans to annual penetration tests, security controls must be operationalised and measured in order to be effective.

The service is designed to be completely flexible in terms of tasks, deliverables and longevity. In an ideal world this service would not be required, so the service will provide only what is required, for as long as it is required and no more.

Our Methodology

Completely dependent on clients needs, it can nevertheless include the following:

  • GovernanceBi-weekly/monthly/quarterly Governance Committee Meetings;
  • Policy SetAnnual review of Policies, changes to Standards after patching etc.;
  • LegalReview of adherence to regulatory and contractual obligations;
  • Human ResourcesReview of on-boarding procedures, access control, SAT etc.;
  • Asset ManagementComparison of asset register to vulnerability scan results etc.