A multinational organization looking to benchmark their cyber security risk mitigation practices to those of other industry leading organizations. They are interested in knowing how their organization compares to others when it comes to identifying and mitigating their cyber risks based upon industry best practices.
APPROACH
- Repeatable methodology rolled-out across Information Security services, based on industry frameworks (ISO27001, NIST, Financial Industry regulations and Lean-Six Sigma)
VALUE
- Reduction in residual risk down to risk tolerance levels; increased efficiency
CHALLENGES
- High turnaround times
- Inefficient / redundant processes
- Unmitigated risks due to process gaps
- Unreliable metrics, lack of reporting base
SOLUTION ELEMENTS
- DIAGNOSTICS: E2E and Multi-dimensional
- Lean Six Sigma
- Risk assessment NIST, Financial Industry regulations ISO 27001
- Industry benchmarking
- Policy Gap Analysis
- Process Gap Analysis
- Implementation Gap Analysis
EXECUTION
- Delivery excellence with agility
- High-powered cross-functional core team
- Reduce TAT; Succeed early / fail fast
- Time-boxed solution modeling
- POC’s & Pilot
- Early benefits through quick wins
- Effective project/program management
BENEFITS
- Strengthening of InfoSec procedures, leading to significant risk reduction and improved efficiency
- Proactive preparedness for InfoSec audit need
- Redirect efficiency gains for investment in further risk reduction.
