Cyber Security GRC Consulting

As part of our Governance, Risks and Compliance consulting assignments we assist our customers in designing/implementing/reviewing/improving/auditing their Information Security Management System (ISMS).

An ISMS is a structured approachtowards managing information security risks and ensuring continuity of business operations by pro-actively mitigating such risks. It aims at limiting the impacts of a security breach and encompasses the systematic management of people, processes and technology risks. Implementing an ISMS provides assurance to various stakeholders on the ability of the organization to securely manage it’s IS risks.

image

The GRC consulting from SecurEyes is provided in the following modes based on the requirements of the customer:

  • Designing and Implementing of new cyber security GRC / ISMS initiative
  • Review and Improvement of existing cyber security GRC / ISMS
  • Internal Audit of existing cyber security GRC / ISMS

We have a vast experience in assisting our customers in setting up/improving/auditing their ISMS to ensure compliance against the following global standards:

  • ISO/IEC 27001:2013 standard
  • PCI Data Security Standard
  • NIST Cybersecurity Framework

Our overall flow for an ISMS design & implementation of an ISMS project is as follows:

  • Developing a detailed project plan and conducting a workshop with key stakeholders
  • Conducting a Gap Assessment
  • Performing a Risk Assessment
  • Design and Documentation of the ISMS Framework
  • Implementation Guidance & Training
  • Internal Audit & Assurance

The details of the above steps are as follows:


1. Developing a detailed project plan and conducting a workshop with key stakeholders

Our team prepare a detailed project plan, so all stakeholders are aware of their respective responsibilities - it clearly prescribes who is responsible for which task and by when the task is to be completed. In addition, we conduct an in-person workshop with all key-stakeholders to clearly develop a consensus on the work-plan. In the workshop we also discuss our understanding of your organization, your business, and your existing IT security operations and have a detailed walkthrough of our plans to structure it according to the chosen ISMS.

2. Conducting a Gap Assessment

Our team conducts a detailed gap assessment against the chosen standard. It reviews the requirements of the standard and evaluate the current state of each of the management system requirements/domains/sub-domains/control objective/controls/functions/categories. The team then documents the results of the gap assessment with clearly a defined roadmap for moving from the "As-Is" state to the "To-Be" state of the organization against the chosen standard.

3. Performing a Risk Assessment

Our experts gain a detailed understanding of the current-state of the organization and identify all the tangible and intangible information assets/processes/services. We then ascertain all the possible risks (with corresponding probability & impact) that may arise in case of loss of confidentiality, integrity, and availability of these assets. Based on this, a set of prioritized risks are listed after considering the current control environment. A detailed Risk Treatment Plan (RTP) along with clearly assigned risk owners and the timeline is then documented.

4. Design and Documentation of the ISMS Framework

Our experts design and develop the ISMS framework which consists of Information security strategy, IS governance framework, IS policies, IS procedures and other relevant documents as required for implementation of ISMS based on the chosen standard. Our team conducts sessions to facilitate internal reviews from key stakeholders to ensure the desired alignment across all stakeholders within the organization.

5. Implementation Guidance & Training

In continuation to the internal review sessions conducted by our team, we provide implementation guidance to the relevant stakeholders with the objective of assisting them in implementing the ISMS as per the intended design. Our team ensures that all the new security controls (technology/process) are understood clearly by the team and are implemented accordingly. Our team further provides end-user awareness trainings to the relevant target user groups to ensure they are made aware of the implemented ISMS. The various groups considered for training include end-users, IT users, business users and senior management.

6. Internal Audit & Assurance

Our team conducts an internal audit as part of the ISMS certification roadmap. The internal audit is conducted by a different team of consultant(s) which is not a part of the implementation team. This activity results in publishing of the Internal audit report along with recommendation for closures and improvement. The internal audit report is presented in the Management review meeting to inform the leadership team on the current design and operating effectiveness of the ISMS within the organization.

image

Why Choose us?



  • Successfully completed ISMS projects for multiple customers across industry sectors including BFSI, Manufacturing, Healthcare, Information Technology, Logistics, Government, Retail, etc
  • We deploy our elite team of experienced consultants armed with global certifications (ISO 27001 LA, CISA, CISSP, CISM, CRISC, etc)
  • Our experts ensure that the ISMS is highly customized as per the business environment of our customers while considering all the applicable risks within that environment
  • Our experts ensure that all aspects of people, processes and technology controls are considered as part of the ISMS implementation

You can get in touch with us at sales@secureyes.net to utilize our Cyber Security Advisory & Consulting services for your organization today.