Cybersecurity Strategy and Operational Assurance
Keep moving forward
Designed to be final phase of the CCS Cybersecurity Development Program series, the CCS Cybersecurity Strategy and Operational Assurance offering can take the place of dedicated in-house cybersecurity expertise for the short, medium, or even long-term. Depending on client needs, the service can include:
- Continued alignment of cybersecurity to corporate strategy and business goals – Often called ‘virtual CISO’ or other buzz-phrase, it is nevertheless a fact that few organisations require a full-time employee at this level. The role must be fulfilled however;
- Cybersecurity representation in the Governance meetings – Most organisations already have representatives for Sales, Operations, Legal, HR etc, few have dedicated in-house cybersecurity expertise. It is critical that security is in on everything; and
- Operational Assurance / Internal Audit – Every Key Domain entails the periodic maintenance of some process, some have several. From quarterly vulnerability scans to annual penetration tests, security controls must be operationalised and measured in order to be effective.
The service is designed to be completely flexible in terms of tasks, deliverables and longevity. In an ideal world this service would not be required, so the service will provide only what is required, for as long as it is required and no more.
Completely dependent on clients needs, it can nevertheless include the following:
- Governance – Bi-weekly/monthly/quarterly Governance Committee Meetings;
- Policy Set – Annual review of Policies, changes to Standards after patching etc.;
- Legal – Review of adherence to regulatory and contractual obligations;
- Human Resources – Review of on-boarding procedures, access control, SAT etc.;
- Asset Management – Comparison of asset register to vulnerability scan results etc.