Security Program Development 

Designing security policies, procedures, and architectures can be a complex and difficult endeavor. Ensuring that the governance structure and technical architecture of your security program are designed and implemented correctly is paramount to protecting the organization. Often times organizations do not have the resources in house to design an effective set of controls for their unique situations. Through a Security Program Development engagement you can rest assured that secure, cost effective, and productivity efficient controls are designed and implemented.

A Security Program Development engagement can include the creation of governance structures and technical architectures for an entire organization, a specific department, physical location, or security function. This offering is suited for organizations that have already undergone a Risk Assessment or have some prior understanding their objectives/scope for a security implementation.

This engagement consists of three main phases:

1. Requirements Analysis

   The expectations for performance of the new or modified security controls must be documented and agreed up on before beginning the design phase. Well documented requirements will ensure that the controls meet the needs of the organization and mitigate the intended risks in an effective and cost efficient manner.

2. Design

   The controls are created according to requirements and are supported by detailed documentation. Internal staff at your organization are involved in the design process to ensure that knowledge is transferred of the full solution and not only how to operate it.

3. Implementation

   The new or modified controls are put into production use and internal staff begin regular operation and maintenance. Staff are trained on the proper operational use of the controls to ensure effectiveness of the solutions.