Virtual Information Security Office
Does your organization struggle with hiring and retaining information security professionals?
Steps to Producing a Successful Information Security Office
Dean Dorton’s information security office professionals can augment your organization’s information security team or design a strong program on your behalf.
1 – Security Program Maturity Review
We’ll provide a baseline of the current state of your information security program. We’ll review each of the following security domains and rank them on a maturity scale:
- Information security management and culture
- Information security planning
- Compliance, audit, and accreditation
- Budget and resources
- Security awareness training and user education
- Life cycle management
- Incident response
- Security controls
- Cyber insurance review and compliance
2 – Security Roadmap
The goal of the roadmap is to provide a crisp picture of your cyber risks and to clearly communicate what your organization needs to do to mitigate these risks going forward. The roadmap is often a combination of tactical items that need to be fixed right away and strategic items identified through the security program maturity review.
3 – Security Program Management
Our team of information security professionals will ensure that your information security program is successfully designed, implemented, and maintained. We offer a comprehensive line of security program management services, or you can select individual a la carte services.
- Security risk assessments: We’ll leverage the output to update your security roadmap.
- Security policies and procedures: We’ll create or update these procedures to support your efforts in maintaining a mature program.
- Security awareness program: We partner with KnowBe4 to offer a comprehensive security awareness solution.
- Security monitoring: We’ll perform a high-level review of existing reports to ensure that processes are in place for proper security event escalation and response.
- Technical security solutions: We’ll implement security controls to minimize the risk of unauthorized access to confidential information.
- Incident response: We’ll provide expert opinion to prepare for an incident or to assist with the containment and remediation of the incident.
- Security reporting: We’ll provide you with a scorecard that contains a high-level summary of where your information security program stands, your key risks, and education on the short- and long-term improvement opportunities.
