|
| |
|
|
|
|
|
Information Security Services and Solutions
eIS³ |
|
| |
|
Advisory Services |
| |
| Information has become one of the key business assets of our society
- it assists organisations in building and maintaining market share; enables executives to make critical business decisions; increases operational efficiency. As such, an organisation's information assets need to be adequately and appropriately protected to ensure their continued value to the organisation. This level of protection can best be achieved through a comprehensive, flexible and integrated approach to information security that ensures that it becomes a sustainable and effective discipline in the organisation. |
| |
 eIS3 Advisory Services subscribes to an Information Security Management Framework that is designed to holistically address information security. It takes into account the various threats and risks - both internal and external - faced by an organisation with regards to its information assets, the legal requirements and the unique business drivers of an organisation to design appropriate information security strategies and related governance controls and structures. The framework furthermore encapsulates a people-centric approach to information security, enabled by relevant processes and technology.
Our approach to the implementation of the Exponªnt Information Security Framework is a collaboration between the Exponªnt advisors and the client to firmly entrench information security within the organisation. The approach is supported by international best practice guidelines such as ISO17799/27002 and the ISF's Standard of Good Practice. It is modular in its execution to break down the implementation into smaller manageable workstreams thereby allowing for visible and tangible results being achieved in a shorter timeframe and reaching a broader target audience. |
| |
| Information Security Profile |
| |
| Understanding the current information security profile allows for the focussed application of resources and controls and the addressing of the most pertinent issues and risks threatening the information assets. It is used to derive the most appropriate starting point in the detailed implementation of the controls required by the framework and guides all subsequent activities. |
| |
| eIS3 Advisory Services can assist in: |
| |
|
|
The execution of a Information Security Healthcheck to determine the information security profile of the organisation; |
|
|
The development of the
Information Security Strategy; |
|
|
The definition of the
Information Security Roadmap, addressing activities aimed at improving the overall information posture of the organisation. |
|
| |
| Information Security Organisation |
| |
| Because information security cannot exist or function in isolation, the various stakeholders and role players must be identified and structured in such a manner as to maximize buy-in and support for the information security drive. |
| |
| eIS3 Advisory Services can assist in: |
| |
|
|
Performing Stakeholder and Role Player Mappings, highlighting the interest, responsibilities and communication channels for the various parties; |
|
|
The definition of Mandates
for the information security governing bodies; |
|
|
The definition and development of
Communication Channels, e.g. pre-prepared communication packs, emergency reporting channels, Information Security web portals, executive reporting packs, threats and risks tracking. |
|
| |
| Information Security Governance; |
| |
| The governance controls are necessary to drive and guide the information security activities of the organisation. The governance controls include policies, standards, procedures and guidelines. |
| |
| eIS3 Advisory Services can assist in developing the governance controls by following a three-phased approach consisting of the: |
| |
|
|
Initialisation Phase, during which the controls are prioritised and draft content is developed for each document; |
|
|
Development Phase, which involves the critical evaluation and customisation of the draft content of the documents by key stakeholders; |
|
|
Approval Phase, at which stage the documents are finalised, prepared for signature and hand-over to the client for final approval. |
|
| |
| Information Security Operational Controls |
| |
| The operational controls are necessary to entrench information security in the organisation and focus on the people, process and technology thereof. |
| |
| eIS3 Advisory Services can assist as follows: |
| |
|
|
Manage and facilitate
Information Security Awareness Programmes; |
|
|
Develop and re-engineer
Information Security Operational Processes; |
|
|
Perform evaluations of the effectiveness of Current Information Security Technologies; |
|
|
Design Information Security Technology Architectures; |
|
|
Develop Information Security Technology Implementation Roadmaps. |
|
| |
| Information Security Compliance Monitoring |
| |
| Compliance monitoring holds the information security discipline accountable for their actions, tests the effectives of the various implemented information security controls and informs the various role players of the status of the information security discipline. |
| |
| eIS3 Advisory Services can assist in: |
| |
|
|
The development of Information Security Key Performance Indicators (KPIs); |
|
|
The creation of an Integrated Compliance Dashboard. |
|
| |
| |
