An integrated Approach to Managing Enterprise Security
Enterprise Wide Security Architecture Framework
Our approach to delivering an Enterprise Security Architecture supports the CISO with contextual insight into the Enterprise Risk and Threat Profile. The power to deliver analysis for planning and insight, together with management control to prioritise activities to meet the enterprise's appetite for Risk.
Some of the Challenges we address:
- Enterprises are inherently complicated with many inter and intra connected dependencies which are challenging to identify
- Organisations have a moment in time static view of Cyber Risk, which does not reflect current "as of today" view of the Enterprise Risk as threats and attack profiles evolve
- Modelling the Enterprise Architecture to help determine prioritised and proportional controls in line with ROI
- Making sense of which industry standards you want or need to comply with, whilst retaining the ability to add your own standards, for business, market or regulatory reasons
- The length of time (and cost) it takes to conduct a Risk Assessment
Industry Standards and practices included
- ISO27000, ISF SoGP, CSA TCI, ISO, COBIT, PCI, ISO22301, CIS, SABSA, SAMM, ISSM, GDPR
Some of the topics covered in each Architecture Dimension.
Includes Technical capability model, architecture, CIS top 20, maturity Assessments and technology vendor data.
Business Security Architecture, maturity model which includes information on Resilience, Infrastructure, Software Assurance, Enterprise Architecture and information Systems Security Management.
People & Process Architecture
Process controls, your choice of framework (PCI, ISO, SOGP, ISF etc), comparison with Peers.
Business Impact Assessment Status
Business Impact Assessment (platforms, applications, infrastructure and code), Business Continuity on an Enterprise and Business Unit level.
A prioritised threat model, combined with threat intelligence feeds, delivering a prioritsed enterprise threat event by threat group and asset.
Vulnerability & Control
Vulnerability and control strength assessment and modelling.
Supply chain risk, due dilligence GDPR.