SECURITY - GOVERNANCE - RISK - COMPLIANCE
Security projects, Multi sectors
April 30, 2012
$200,000 / $400,000 / $800,000
3 / 6 / 12 months
An organization within Payment Industry with services for payment transaction needed to establishment and implement new processes for daily operation of IT Security delivery (e.g. system security & vulnerability scanning, security patch management, harmful code and systematic attach detection).
There where needs for development and implementation of PCI (Payment Card Industry) process to ensure requirement and regulatory compliance for daily operation management and maintenance of handed over services in steady state. There where also need for assessment and evaluation of implemented organizations security strategy, policy and processes as part of handover to steady state/daily operation included a detailed evaluation and lessons learned report.
Organization was undertaking a large transition and needed a new ISCD/ISMS Project set up as to be part of IT Security Transition Program work stream and function as a sub-project. Project scope was to produce ISCD/ISMS main body document (policies) and Security Technical Specification for system setup of new servers in cooperation with client. Client requirements documented and evidences that y were implemented, prior to client agreement were considered in ISMS Implementation Manual (identified technical specifications, derived from ISMS main body document were produced aside with ISMS main body document).
Contact Fogel Consulting through the contact form to receive further information and possibility to present your own case and business needs.
At first, a Security Assessment was completed to understand client’s level of Security requirements. Security Risk Assessment was shared with client as a deliverable. Base lining of client system as a “Security finger print” as of when it was taken over by a Service Provider in operation mode. Base lining resulted in a Security Threat Executive Summary Report for client analysis.
The project identified needed Security Processes for daily operations, including client specific processes for Compliance, including Payment Card Industry Data Security Standard Compliance, (PCI/DSS) as part the new business operations.
Security project deliverables included:
- Education and introduction to Service Providers resources in Transition/ Transformation Project Tower for PCI/DSS awareness.
- Evaluation and analysis of PCI/DSS requirements towards client contract and Service Providers Processes and Procedures.
- A PCI/DSS Checklist for Competency Assessment and requirement for services needed for Service Provider to deliver according requirements for PCI/DSS Compliance.
- A gap analysis between Current values, IT standards recommended and, client requested values, resulted in ISMS Risk Threat Report presented to the organization.
The project also documented risks with not implementing ‘agreed to values’ if left “as is”.