Learn more about each step
Focus is to provide holistic view of gaps and security issues. The intent is not to be exhaustive but to identify items that require immediate remediation. After this, further assessments will identify outstanding gaps and vulnerabilities.
This stage of the process includes:
- Analyzing the maturity of your information security program, as well as identify gaps, weaknesses, and opportunities for improvement. Evaluation of technology-related processes and procedures.
- Assessing risks associated with 3rd party vendors.
- Identify high-level vulnerabilities and assess real business risk as it relates to compliance requirements.
Collaborate to identify & document the high-level constraints that everything that is engineered must align with.
This stage of the process includes:
- Collaboration between the vCISO and organizational leadership to determine the strategic organizational goals.
- Identify the compliance requirements and objectives of the organization.
- Develop a procurement policy for technology-related purchases.
- Establish that budgeting is a collaborative process between vCISO and organizational leadership.
- Create a paradigm shift related to the 'bid out' process as this process is not able to deliver properly engineered solutions.
Engineer solutions to close the gaps & resolve the issues consistent with the constraints identified in the Strategic Plan.
This stage of the process includes:
- Identify products and services, which will be implemented in phases, to deliver on the desired outcomes.
- Establishes the recurring annual costs and the one-time implementation costs.
- Focus on technologies which will reduce long-term TCO.
- vCISO and executive management meet and collaborate on Engineering Plan.
Create budget to support the Strategic & Engineering plans.
This stage of the process includes:
- Establish a 1, 3, 5, 6, 8-year budget.
- Establish a capital reserve account.
- Identify lifecycle of items in the budget so that the replacement date can be projected, and the corresponding estimate of engineering, acquisition, and implementation costs also accounted for.
Funding & start dates are established to delivery on the Engineering Plan.
This stage of the process includes:
- vCISO and executive management agree on start dates.
- Client funds acquisition of supplies and labor retainer to deliver projects.
- End dates are projected but acknowledgement is given to delays which can be caused by supply chain issues or scheduling conflicts with the implementation team.
- Cadence meetings are held with vCISO and executive management to review status and adjust timelines if needed.