Our approach for securing information
- starts on a strategic level by elicitating and consolidating clear objectives for security goals. This allows to device goals and constraints for the internal stakeholders, and takes into account strategic and financial goals, and expectations by external stakeholders and legal entities,
- continues on tactical level by integrating information security into project and operations management. This normally mandates introduction or strengthening of an information security management system, and starts by creating an inventory of valuable information assets and an analysis of informational risks. This in turn allow to consolidate a prioritisation of projects for risk reduction,
- is being controlled on project portfolio level based on the previously mandated priorities, and takes into account current requirements and influences from operations,
- will be implemented and integrated on operational level by adapting processes and systems with respect to performance, efficiency, usability, and compliance.
Typically, controlling processes run in plan-do-check-act cycles, involve organisational and technical reporting and auditing, and are designed to maintain a sustainable information security at the desired level throughout the organisation.
Our consulting services are holistic and covers all level – or selections thereof. Many successful organisations already have similar control systems in place.