Improve
Organisational gaps
Once assessments have been undertaken and reported, the CAP will further engage with the stakeholders to build a constant improvement framework that can be checked for progress at defined milestones. This will include remediation strategies and the updating of risk management plans.
Defining strategy and guiding improvement. These exercises include development of:
Technical and organisational remediation plans
Cyber risk registers with integration into enterprise risk registers
Partner and 3rd party service provider cyber risk management processes
Cyber incident response plans
Enterprise strategies for the organisation to provide services including:
Internal ongoing assessment and testing services
Security operations centres
Patch and vulnerability management strategies
Vendor on-boarding and testing
Incident response planning and testing
Compliance management
Analysis of products and recommendations for:
Cyber risk profiling and insurance
Incident response service providers including IT forensics, legal and communications
Virtual Chief Information Security Officer: Many organisations do not have the scale or budget to employ a full-time Chief Infomation Security Officer (CISO). The CISO role or CISO function creates a critical bridge between IT and leaders. CAP consultants can be contracted to perform this role on a flexible basis as a Virtual Chief Information Security Oficer (VCISO) often with both fixed-term and incident response arrangements. These engagements are usually heavily front-loaded until the VCISO is satisfied with the progress of operational maturity. Some of the tasks that can perform include:
Direct the establishment and implementation of policies and procedures
Preparation and presentation of status reports and recommendations to risk committees and boards
Assist staff in identifying, developing, implementing, and maintaining processes across the organisation to reduce cyber risks
Tracking compliance obligations and preparing reports to regulators
Any of the CAP services scoped within the VCISO engagement structure as required
The VCISO can also assist the customer with finding a full-time CISO.