Ensure your security programme is aligned to business objectives
Progress Distribution’s security programme assessment helps ensure you are addressing the most significant threats to your organisation and delivering cost-effective solutions that will benefit your business and reduce risk. It provides a detailed assessment of your programme along with actionable recommendations for improving it, to ensure it delivers clear strategic value alongside risk reduction.
The importance of getting your security programme right
IT security is a quickly-evolving area with new risks and threats appearing on a daily basis. Your security programme needs regular review to ensure it adapts and changes to meet these evolving threats. This involves understanding the latest threats to your organisation, mapping these to vulnerabilities within it, and prioritising your response accordingly.
It is also important to ensure your programme is correctly aligned with business objectives. This allows you to prioritise and action your security posture more effectively.
Finally, with budgets constantly under pressure, you need to ensure your security programme is delivering cost-effective solutions that will work well within your organisation. Toolsets need to integrate well with each other and with your existing teams and processes; many firms make the mistake of deploying individual best-of-breed tools that are of limited value due to poor integration and operational processes. The optimum route to take is to deploy a holistic best-of-breed solution, offering the highest, yet most cost effective, security posture.
The assessment scope can be customised to meet specific requirements. It generates fast results, delivered by experienced security consultants who are able to quickly assess the programme as a whole and to identify specific areas that need more investigation.
We use an interview-based approach for discovery that minimises the time required by your team. The assessment is backed by ISO27001 and Cobit to ensure alignment with recognised standards. Continuous review and feedback throughout ensures alignment with your specific business objectives and organisational risk posture.
This service evaluates the maturity of your information security programme. It provides an understanding of potential exposure to information security risk, resulting from gaps within that programme. It supports enterprise executives by evaluating, prioritising and managing their portfolio of security controls. It maps current security capabilities, establishes the desired state of security maturity, and develops an overall programme strategy and roadmap for achieving enterprise information security goals.
Using a well-defined methodology, Progress Distribution consultants provide advice in the context of both business and technical goals. Progress Distribution’s extensive information security knowledge base underpins examination of specific areas of control design through structured interviews, documentation reviews, threat modelling, and focused workshops conducted with both business and technical stakeholders. The service provides guidance on the optimum deployment of resources so as to raise the organisation’s level of information security maturity against your business needs.
Progress Distribution security management model
The security programme assessment is based on the Progress Distribution security management model. This was developed this service to address the real-world needs of our customers. Although clearly aligned to established standards, such as CoBIT and ISO 27002, it provides a simpler model to help rapidly assimilate, understand and evaluate your existing information security environment.
The model is based on seven focus areas:
- Security strategy
- Security organisation
- Secure operations
- Business continuity
- Network and system security
- Application security
- Data security
These are subdivided into 42 elements, each of which is evaluated on multiple axes to provide a complete picture of information security for the customer.
This model allows you to benchmark your organisation against others in your sector. It also helps you to visualise and measure your overall information security programme. For each of the elements, Progress Distribution has developed a set of good practices to help achieve the level of maturity that your organisation requires. This is done by showing five maturity level controls for each element, how each element relates to others, and the potential risk if an element is not in place.
The output from the assessment allows you to:
- Benchmark the current and future security posture against recognised industry standards.
- Better target investment to address specific threats to your business.
- Gain a holistic view of security enabling more informed decision-making and prioritisation of risk treatments plans.
- Identify both strategic and tactical opportunities to improve security and underpin the business case for further work streams.
- Establish a unified view and priority of control gaps against business needs and regulatory requirements.