North America

+1 866 442 0565

Asia

+632 886 04215

SECURITY SERVICES

Governance and Compliance

GOVERNANCE AND COMPLIANCE

GOVERNANCE AND COMPLIANCE

Security Governance / Operations Review
This phase will leverage information gathered initially to perform a detailed assessment against industry best practices, taking into account your considerations.

At a high-level, the security operations review consists of:
a. Review of documented policies and procedures:

  • Security policies
  • Security standards
  • Operational security procedures
  • Organizational charts
  • Network architectural diagrams
  • Asset inventories
  • Risk registers
  • Other relevant documentation

b. Analyze information gathered via interviews, including practices related to:

  • Vulnerability Management
  • Technology Supply Chain
  • HR/Personnel Security
  • Privileged access management
  • Change Management
  • Security Monitoring
  • Incident response

c. Assess the current implementation of controls across all control categories of listed here:

  • Asset Management
  • Security Governance
  • Awareness and Training
  • Protective Technology
  • Access Control
  • Security Monitoring
  • Response Planning

d. Using standard capability maturity model, assign existing security practices a maturity level ranging from 0 (Non-existing) to 5 (Optimized).