Improve

TUC_cog line.png

Organisational gaps

Ferg cog Improve.png
 
 

Once assessments have been undertaken and reported, the CAP will further engage with the stakeholders to build a constant improvement framework that can be checked for progress at defined milestones. This will include remediation strategies and the updating of risk management plans.

Defining strategy and guiding improvement. These exercises include development of:

  • Technical and organisational remediation plans

  • Cyber risk registers with integration into enterprise risk registers

  • Partner and 3rd party service provider cyber risk management processes

  • Cyber incident response plans

Enterprise strategies for the organisation to provide services including:

  • Internal ongoing assessment and testing services

  • Security operations centres

  • Patch and vulnerability management strategies

  • Vendor on-boarding and testing

  • Incident response planning and testing

  • Compliance management

Analysis of products and recommendations for:

  • Cyber risk profiling and insurance

  • Incident response service providers including IT forensics, legal and communications

Virtual Chief Information Security Officer: Many organisations do not have the scale or budget to employ a full-time Chief Infomation Security Officer (CISO). The CISO role or CISO function creates a critical bridge between IT and leaders. CAP consultants can be contracted to perform this role on a flexible basis as a Virtual Chief Information Security Oficer (VCISO) often with both fixed-term and incident response arrangements. These engagements are usually heavily front-loaded until the VCISO is satisfied with the progress of operational maturity. Some of the tasks that can perform include:

  • Direct the establishment and implementation of policies and procedures

  • Preparation and presentation of status reports and recommendations to risk committees and boards

  • Assist staff in identifying, developing, implementing, and maintaining processes across the organisation to reduce cyber risks

  • Tracking compliance obligations and preparing reports to regulators

  • Any of the CAP services scoped within the VCISO engagement structure as required

The VCISO can also assist the customer with finding a full-time CISO.

These are examples of core improvement services. The CAP will work with the customer to define outcomes and design improvement strategies to achieve them.