Tel: 08449950077 / E:mail: enquiries@elitecybersec.co.uk

Elitecybersec
Elitecybersec
  • Home
  • Services
    • Strategy & Policy
    • Risk Assessment
    • Compliance
    • Penetration Testing
    • Audit
    • CISO-as-a-Service
  • Sectors
  • About
  • Contact
  • More
    • Home
    • Services
      • Strategy & Policy
      • Risk Assessment
      • Compliance
      • Penetration Testing
      • Audit
      • CISO-as-a-Service
    • Sectors
    • About
    • Contact
  • Home
  • Services
  • Sectors
  • About
  • Contact

Strategy & Policy

image2

Cyber Security Strategy Development

Our strategy services are varied to ensure that cyber security solutions are properly aligned to business objectives, such as 'cloud first'.  All of our strategy work follows a simple 4-step process:

  • Learn – Understand the organisation, review extant documentation including business strategy, IT strategy, plans and transformational documentation.  Review security policies, risk documentation and audit and assurance obligations. This develops an essential understanding of the business operating environment;
  • Discuss – Normally through a workshop process, obtain stakeholder buy-in to the concept of a cyber security strategy and its focus.  Consider corporate objectives, stakeholder objectives, risk, security effectiveness and what should follow the creation of a cyber security strategy;
  • Draft – Create the first iteration of the cyber security strategy and seek stakeholder review and comment.  Retain buy-in and obtain ongoing ownership by the business;
  • Present – Present and articulate the strategy rather than simply publish and hope that people will read and understand it.

Services include:

  • Drafting of subject specific strategies in areas such as, Cyber Security, Cloud Security, Cyber Risk, Identity Management, Security Monitoring, BCP and DR;
  • Objective Setting and Measuring Effectiveness against Objectives;
  • Creation of corporate governance and cyber security management structures;
  • Planning and implementation, including market engagement and procurement advice;
  • Executive level training and mentoring for Board, CISO, SIRO and senior leaders computer security

Policy

Having identified a Cyber Security Strategy, the next step is to ensure that security policies directly support that strategy.   Policies need to be relevant and tailored to your organisation and security operating profile. Of course policy templates are useful as there is no point reinventing the wheel, but wholesale copy and paste will definitely get you into trouble. Here are some of the things we do:

  • Confirmation of corporate Cyber Security Policy requirements;
  • Alignment of policy objectives to support business objectives, taking full account of business vision;
  • Creation of policy documentation both strategic in terms of top-level policy and focus area specific to underpin the identification of technical security control requirements;
  • Development of user and system specific policies and security operating procedures;
  • Review of supplier security policy and effectiveness of its application;
  • Integration and alignment of new policies with existing internal documentation;
  • Policy communication and awareness.

Copyright © 2020 Elite Cyber Security - All Rights Reserved.