Trusted Client, Manufacture industry
Security Operation, IT Services
December 31, 2016
Organizations has different needs and budget funds for a permanent full time CSO/ CISO. CSO-as-a-Service provides part time security management based on the actual needs in an organizations. Obejctives is to assist and raise improvement and overall visibility and governance of security by identifying opportunities to increase security posture & reduce complexity in daily management of security services.
CSO support for an orgnizations Cybersecurity Strategy and Governance also needed to include responsibility for client relationsships, serve as advisory for clients and internal executives board, escalation point for internal secueity matters, work to improve cybersecurity, monitor ISMS, manage department resources and budget.
A globally spread organization had no local presense for managing escalations and monitoring one of the organization core sites. The CSO/CISO Consultancy role was to act as a stand-in CSO responsible for daily operation.
There was a need for regular reporting on security status and operations to the corporate CCSO covering operational security, governance, risk and compliance.
The role also included a need for someone taking responsibility for local management of security resources, partners and vendor agreements.
In order to test that local security was performing according to globally Cybersecurity strategy and policy, an initial assessment of its maturity was performed. Post assessment led to an action plan for enhancing the current cybersecurity posture including processes, tools and resources wihin the whole organization.
Any descripency detected was listed and actioned as activities to me remediated with a detailed plan. The internal reporting was changed and followed up on weekly basis. The general report content was driven by the Global CCSO's request for status reporting and updates of current risk and threats.
The CSO support for an organizations Cybersecurity Strategy and Governance involved:
Manage Client Relationship & Security Roadmap Planning
Trusted advisor and escalation contact point for client CISO (Chief Information Security Officer)
Helps CISO identifying opportunities to increase client security posture. Manage Client Expectations/Satisfaction for Security Services
Provide advice an guidance for implementing ISMS (Information Security Management System)
Provides executive advisory support for business executives, delivery executive and security manager for improving security services delivered
Apply Planning Techniques to develop and enable Client Security Strategy
Apply Business Control Requirements for Security services
Apply Financial Management and Forecasting Techniques for new Security Services
Manage Contract Transition and Change for Security Services. Governing Quality Process Metrics for Security Services
The Executive Management bussines security reports of cybersecurity metrics included:
IT consulting service with support for development and maintenance in the form of consulting advice with focus on
IT and Information Security and Risk Management, adherence to Compliance (legal and regulatory requirements), and leading implementation of management systems for control of IT and Information Systems (ISMS/LIS).
© Copyright. All Rights Reserved