Scope of Service: CO-delivered with Citadel Information Group, Our Total Systems Approach to the protection of critical information assets integrates the securing of critical information assets into our clients' business, providing clients maximum protection consistent with their unique business realities. The service includes the integration of a technology vulnerability review, review of management and employee practices, and external penetration testing.
Objective/Possible Outcomes: A more thorough understanding of a client's information security weaknesses with improved opportunities to comprehensively mitigate the client's risks. Recommended countermeasures and controls customized to our client's needs and budget-constraints, resulting in greater security "bang for the buck."
Process/Methods: Use of industry standard evaluation methodologies, providing clients with a benchmark of their security controls against emerging standards. Senior management involvement through a review and the decision-making process, so that information security capacity improvement plans are appropriate, realistic, affordable, and achievable.
Deliverable: Findings and recommendations presented at a summary level so as to be understandable to senior management, while detailed enough for implementation by technical personnel. All recommendations prioritized, resulting in more effective sequencing of information security capacity improving activities. Plans are integrated into the client's culture, so that change management issues can be more effectively managed.
For more information on Ironwood Advisory's performance improvement practice please contact us.