Security Strategy Assessment
As a security leader, you must navigate an ever-changing security landscape. To chart a successful course
it is imperative to align operational excellence and security priorities, meet overarching business objectives
and articulate a clear vision of how your program maps to the realities of your business.
The Security Strategy Assessment is a collaborative and strategic service designed to give you the tools
to reach a business aligned, threat aware program no matter where you are on your security journey.
As an engaged partner, you will gain in-depth knowledge and insight into the threats and risk that impact your organization
Align Security Initiatives with Your Business Goals – Interview key business stakeholders to gain
insights into the products and services that generate revenue.
Document Your Business Relevant Threats – Determine specific threats to your organization.
Identify requirements to elevate your defense and response posture.
Map Controls in Place to Protect Your Business – Examine current security program structure and maturity.
As a result, create an actionable and prioritized program roadmap.
Build a Business Aligned Security Program – Review key findings and results during a facilitated discussion and
receive a board-ready presentation.
Strategy and Planning
Assist organization in understanding the context and leadership commitment,
roles and responsibilities for Information security, organization of Information security,
contact with applicable authorities, resource allocation, Information security objectives etc.
Assist organizations in data classification, labeling of data, protecting organization records,
data protection and privacy of personal information, cryptographic controls and key management, protection of log data,
administrators and operator logs, etc.
Assist organizations in identity and access management, user registration,
privilege management, security of credential systems, access reviews, removal of access rights, secure log-on procedures etc.
Assist organizations in information systems continuity plans, trainings, maintenance and testing etc.
Personnel and Physical Security
Assist organizations in human resource security, screening, terms and conditions of employment,
disciplinary process, termination responsibilities etc.
Assist organizations in secure areas, designing perimeter security controls, physical entry controls,
securing offices, rooms and facilities, protecting against external and environmental threats, public access and delivery,
supporting utilities, cabling, etc.
Governance, Risk and Compliance
Assist organization in developing Policies, Procedures, Standards and Guidelines (Information Security Policy,
Supporting Policies for Information Security, Confidentiality Agreements, Internal and external communications, documentation etc.)
Assist organization in Identification of Risks related to third parties, Addressing security when
dealing with customers, Addressing security in third party agreements, Risk Identification, Risk Analysis, Risk Treatment,
Identification of Controls, Risk communication and consultation etc.
Assist organization in compliance policy, compliance with Information Security Legal requirements,
Intellectual property rights (IPR), regulation of cryptographic controls, Compliance with technical and non-technical requirements etc.
IT Infrastructure Security
Assist organizations in inventory, ownership, acceptable use, return of assets, security of bring your own devices,
media handling, disposal and reuse of assets, securing off premises assets, etc.
Assist organizations in network architecture review, network optimization, configuration baselines,
network segregation, security of network services, ecommerce and transaction security, network access controls, remote access, teleworking etc.
Assist organizations in securing wireless networks, wireless network infrastructure review,
configuration baselines, wireless access etc.
Assist organizations in preventing misuse of Information systems, configuration baselines,
security of unattended systems, malware controls, publicly available information systems and accessible content,
sensitive system isolation etc.
Assist organizations in securing and configuring databases as per industry standards,
database security review, information management etc.
Assist organizations in security requirements for cloud environments, delivery agreements and
responsibilities with cloud providers, etc.
Assist organizations in configuration guidelines and baselines, standard operating procedures,
change management, segregation of duties, capacity management, backups, audit logging and monitoring, time synchronization,
end user messaging security etc.
Software Development Security
Assist organizations in identifying information security requirements during software development,
input / output data validation, internal processing, message integrity, test data, access to source code, OWASP Top 10,
SANS Top 25 vulnerabilities, restrictions on software package, information leakage, outsource software development etc.
Technical Compliance Testing
Assist organizations in conducting Internal and External Vulnerability Assessments
Assist organizations in conducting Internal and External Penetration Tests
Assist organizations in secure code review, application security, application architecture review,
information flow, baselines etc.
Assist organizations in their Internal Audits based on risk, infrastructure, compliance needs or adhoc basis.
Third Party Security
Third Party Security
Assist organizations in conducting third party audits based on specific compliance need or adhoc basis,
service delivery, outsource software development, supplier reviews etc.
Assist organizations in Incident classification, monitoring, analysis, evaluation, Incident response plan,
incident documentation, evidence collection, situational awareness and learning from incidents etc.
Security Trainings and Support
Education and Awareness
Assist organization in creating awareness and training program, Identification of required trainings,
training implementation plan, executing trainings, analyze training results and records, run awareness
campaigns, developer trainings, incident response trainings, etc.
Assist organizations in remediation and closing the audit findings and charting a roadmap for continual improvement.