The critical IT assets represent significant business investments and their usage needs regulation and continuous monitoring, while law also requires maintaining privacy of data. Our methodology is as follows:
Identify the Assets
Identify Threats
Use frameworks and industry-specific guidance to select and implement controls to mitigate the threats.
* Policies and procedures
* Technical controls
* Administrative controls
Monitor compliance and effectiveness of controls (Metrics).
Periodically review and update controls.
Through our holistic approach, we aim to protect an organization’s assets based on your unique people, process and technology requirements. We can assist you with:
* Formulating Generic and Specific Security Policies that would set out security rules applicable to organization as whole or specific domains
* Establishing Standards and procedures designed to structure and guide implementation of the policy
* Documenting and implementing Baselines and guidelines for specific technology / domain
We draw upon frameworks such as ISO27001, ISO17799, ISO20000, COBIT, ITIL, BSI and our experiences for policy definition. On an ongoing basis, we work closely with clients to carry out periodic review of existing policies and procedures for ensuring compliance, evaluating adequacy and re-designing policy to address any newer concerns or requirements.