Sr. Security & Risk Managment Consulting
Savant Advisory Inc. was engaged to work directly with the CISO and the CIO to assess the security position and create a strategy on how to move forward.
In an attempt to move the IT Security group to a greater level of maturity, Savant Advisory Inc. was contracted to work with the CISO to: (A) understand the existing information security position of the organization relative to the security components of the COBIT governance model. The Assessment included a mechanism to clearly articulate risk for he organization, in conjunction with the Enterprise Risk Management group.
After the assessment was presented, an Information Security Strategy was created to provide a means by which any areas of lower maturity could be improved. This was also presented to both the CISO and CIO.
As a means by which to jump-start this process, Savant Advisory Inc. drafted a series of artifacts, and a process by which they could be vetted and then approved for use including: Information Security Policy, multiple Information Security Standards and a few important process documents.
In addition to this the following was undertaken:
- Designed a process to identify priority applications & services tied to business services
- Devised a Risk Acceptance Process to help ensure risk tolerances were considered
- Drafted an IT Risk Management Charter and provided a draft ERM Methodology
- Revitalized the Risk Register and the Risk Management process
- Drafted a Security Advisory Team Charter
- Drafted a Risk Assessment Process to streamline Risk Assessments