Typical example engagement

By Rob Dewing | 13/04/2019
  • Assist CISO to define an overall number of business. (Goals) .
  • Agree Program of Projects to successfully achieve the aims. (The Staircase to success).
  • Create an A-Team core group including 3rd parties. (Cross-Functional buy-in).
  • Create the core Framework with site representative full involvement (no surprises).
  • Carry out initial audits for each site with site involvement (site understand the aims).
  • Create framework compliance and gap reports with detailed plans (The Now and the Future).
  • Assist with Risk Assessments to define Risk Gaps according to Impacts and Risk Appetite of CISO.
  • Review Gaps and Plans and re-work the aims/goals and the Program/Project to suit the business.
  • Rough design Cyber Security Improvement Solutions with IT and OT Operations people.
  • Build initial designs for each Solution element including 3rd party and internals (The Jigsaw).
  • Security Designs to include Operation Sites, Management Sites and Local SOCS and Global SOCs.
  • Create Governance Policies and Procedures and OIs to meet the framework and best practices.
  • Ensure regular Design and Progress review with the A-Team. (No big bangs!)
  • Assist /Provide Training programs including the A-Team as backers. (Champions)
  • Re-run the assessments for each site after primary gap filling is complete and report status.

 

Phase1: Initial Engagement Assistance Study:

  • Team work with Client to understand initial business or regulatory compliance goals or to help define them.
  • Team work to engage Customer’s wider team and to create a core A-Team going forward.
  • Team and CISO define and agree the scope of engagement and success criteria and plan.
  • A number of small Working Groups engage each of the chosen sites and understand the core architectures, vendors, systems and status of governance.
  • Define the projects and programmes in sufficient detail for any fixed price work.
  • Define the scope, governance and commercial/financial boundaries for the ongoing programs and budgets agreed for the ongoing assistance work.
  • Customer agrees any quotes and T&M budgets and places any orders needed.

Phase 2:

  • Team engaged for governance of the programme, with the evangelist and steering group.
  • The coalesced group assists with or actions managing Vendors, Site’s activities, Corporate IT liaison, and carrying out all framework, assessment, audit, and design work. The Team can also carry out Training, Support, Compliance with other standards such as GDPR/NIS-Directive/ISO2700x, etc.
Posted in Uncategorized