Information Security Program Management
IntelliGRACS Group provides expert consultants to assist with nearly any Security project. Information Security Program Management involves activities that relate to the protection of information and assets against the risks of loss, misuse, disclosure or damage.
- Conduct gap analysis of environment against ISO27001/27002 standards
- Develop a security strategy aligned with business goals and objectives
- Review security architecture (including policies, standards, procedures, and controls) to ensure the confidentiality, integrity, and availability of information assets.
- Develop business cases justifying investment in security resources or initiatives.
- Identify current and potential legal and regulatory requirements affecting security.
- Ensure that processes and procedures are performed in compliance with the organization’s security policies and standards.
- Ensure that information security is maintained throughout the organization's processes (e.g., change control, mergers and acquisitions) and life cycle activities (e.g., development, employment, procurement).
- Provide information security awareness, training and education to stakeholders
- Evaluate and report on the effectiveness of information security controls with information security policies.
- Create security incident response and recovery plans
- Evaluate the logical access or physical access controls to ensure the confidentiality, integrity, availability and authorized use of assets.
- Evaluate network infrastructure security to ensure confidentiality, integrity, availability and authorized use of the network and the data transmitted.
- Evaluate the processes and procedures used to store, retrieve, transport, and dispose of confidential information assets.
- Review or Implement comprehensive Business Continuity and Disaster Recovery Plans to provide assurance that in the event of a disruption the BCP/DR processes will ensure the timely resumption of IT services while minimizing the business impact.