Information and Knowledge Management
Risk-Centric Security Management
A risk-centric security management approach requires the organisation to establish a proactive information security management framework. The critical steps for this are:
- Undertake an effective risk assessment
- Establish the Security Organisation
- Create a culture of security across all levels of the business
- Implement effective personnel security measures
- Practise strategic technical design and development
- Establish Security Architecture Design Principles
- Establish and maintain a Security Baseline
- Implement Operational Security Processes
- Establish effective incident response and recovery procedures
Cornwell consultants work with our clients to apply techniques for engineering change to a new security culture. Our approach involves working with senior management to establish a corporate security strategy. We analyse the impact of technology on the business to assess:
- Technology that increases corporate exposure
- The effectiveness of technology solutions deployed to protect assets
- New business initiatives (e-enablement of existing business processes)
- The communication of corporate information security strategy to devise and implement security awareness programmes for senior management and staff, involving them in corporate outcomes and results
Our consultants can then design and implement corporate-wide security improvement programmes including incident monitoring and response. We create metrics for baselining corporate security prior to the implementation of improvement programmes and conduct post-implementation assessments of the effectiveness of these programmes.
Cornwell consultants are highly skilled in undertaking asset classification and risk assessments for corporate information assets and use industry accepted methods of analysis in addition to specific approaches tailored to client requirements.
For further information please click here to complete an Information Request Form.
Top
Home