Security Program Management
The objective of managing the information security program is to maintain an appropriate level of security and manage resources so that targets can be met.
The information security program must be reviewed and adapted each year according to the "Plan- Do-Check-Act" process defined in ISO 2700x.
We can help you set up or adapt your security program management. Our services include:
- Development of a catalog of controls with defined responsibilities and levels of maturity.
- Definition of the security program review process (who, when, how).
- Proposal of reporting on the state of security and deviations from targets.
- Definition of new objectives and project planning.
Report
Strategy
Assessment of completeness of current program and decision -making about new initiatives and improvements.
Outcome
List of measurable objectives for security program improvement.