home
about us
products & services
analysis slash delivery slash testing slash operations slash awareness
news events
case studies
resources
contact us
* *
snapshot previous servicenext service

headlines

getting the priorities right for information security management is not easy

complexity of risk scenarios, and uncertainty of ROI, lead to organisations deferring action

assesses the organisation's susceptibility and attitudes to security risk

opportunity to discuss and "negotiate" information security priorities with an impartial expert, and includes:

a quick assessment of vulnerabilities

a "road-map" for a security improvements programme

tailored to client requirements

fast turn-around process helps cut through fear, uncertainty and doubt

a strong return-on-investment approach


issues

Getting the priorities right for Information Security Management is not easy. The return on investment for security is hard to express when competing for budget. The biggest risk is that the complexity of risk scenarios and the uncertainty of ROI, together lead to the organisation continually deferring action on Information Security.

Some of the issues:

  • comparing high probability - medium impact risks with major disaster scenarios (low probability - high cost)
  • understanding the costs and values of procedural controls
  • resisting a "flavour of the month" response to security threats
  • cutting through media and advertising hype
  • measuring return on investment
  • identifying where risk uncertainty is blocking business movement
approach

A snapshot security review assesses the organisation's susceptibility and attitudes to security risk. It involves a quick assessment of vulnerabilities and proposes a "road-map" for a security improvements programme. The review follows the essential ISO17799/BS7799 guidelines, but will be at a higher level than the detail of the Standard. In its shortest form, the review is conducted in a single intensive day.

The scope can be tailored to specific client requirements, but generally the elements are:

  • profile the customer organisation (business, culture and technology)
  • perform the controls review (interview and inspection- sampling)
  • complete the risk analysis and solutions options selection
  • host an Impact Review workshop
  • produce project plan (roadmap)
  • present results
customer benefits

commissum provides a fast turn-around process to help cut through Fear, Uncertainty and Doubt regarding Information Security. Clients get the opportunity to discuss and "negotiate" Information Security priorities with an impartial expert. commissum guarantees a strong return-on-investment approach to risk management which will ensure least impediment in the use of technology for the benefit of the business. Clients also benefit from the identification of the priorities for reducing risk exposure and the definition of the action and costs involved in reaching a level of risk acceptance in keeping with the business ethics and culture.

Note: You can download details of this service as a Adobe Acrobat PDF by clicking on the button above. If you do not already have Acrobat Reader, you can download it for free from the downloads page.
health
check		 ISO17799 / BS7799
gap analysis		 detailed
audit		 snapshot  
   
site map

slash

 terms & conditions © 2001-2008 commissum