Sense of Security's IT security strategy services aid our clients in working towards a cost effective secure IT environment.
Typical steps to building a strategy include the:
definition of control objectives
identification and assessment of approaches to meet the objectives
selection of controls
establishment of benchmarks and metrics; and
preparation of implementation and testing plans
We assist our clients in identifying the building blocks to be established and maintained at key technical levels. Examples are data classification and zones of trust, local and wide area networking security, patch management, wireless networking, build guidelines, etc. These should be underpinned by a strategic focus on risk management and complemented by an effective vulnerability lifecycle management program.
Business risks must be clearly identified and appropriate controls established to mitigate these risks. Prescriptive standards and guidelines will provide the baseline against which systems can be configured and audited for compliance. Security management should be aligned to the change, configuration and release management processes to provide the appropriate due care and diligence to common activities on the network. With all these systems running in harmony the exposure of the network is greatly reduced thereby bringing security, reliability and availability to the enterprise network.
To develop an information security roadmap, the architectural framework first needs to be established. For further information on our approach to information security architecture, please click on this link.