What is Security Governance?
The process of establishing and maintaining a framework to provide assurance that information security strategies are aligned with and support business objectives, are consistent with applicable laws and regulations through adherence to policies and internal controls, and provide assignment of responsibility, all in an effort to manage risk.
Security Consulting and Compliance Assessment
Sometimes you need an independent review of your security framework, to ensure it is aligned with your organisation’s strategic aims and its operational risk management practices.
Using structured interviews and documentation reviews, Counterhack will evaluate your security governance framework against industry benchmarks and reference frameworks. We will cover:
- Security Policy
- Supporting Standards
- Risk Management
- Decision Rights
- Governance Forums
- Roles and Responsibilities
- Assurance, Reporting and Compliance
The deliverable is a report that rates the maturity of your security governance framework in the context of alignment with other organisational activities such as risk management, audit, HR, operations, development and marketing. It provides a gap assessment identifying priority areas for improvement – both quick wins and those may require further business case development.
These improvements are focussed on delivering the following outcomes:
- Clear accountabilities for the management of infosec risk
- Risk decisions made in a structured and consistent manner
- Baking security into the project lifecycle
- A common understanding of the threats facing the organisation