- by Andre Fernando - Cloud Sec Consulting Pty Ltd.
NEWSLETTER #1 - Simplifying security architecture development.
How much is enough?
How much security for your information, systems, and networks?
Information Technology Security is not just about technology problems. Security should be seen as an attribute of the organisation and its supporting systems.
We can assist you and your organisation identifying the relevant security requirements for your business process. The security requirements specification is driven by business contextual and conceptual requirements. What your organisation does, the required business process and risk appetite are considered during our analysis. Architects, designers, together with services operators play a key role in identifying requirements at different levels. You need the architecture that works for your organisation. So, what, where and how you and your supplier does matter.
We assist organisations creating business security plans that will enable security program development. The plan together with all supplied artefacts is the key enabler for your security program budget request.
The size of your organisation program doesn't matter. What it matter is the outcome. We assist your organisation in crafting the right program size. The program and its scope work will include all tasks required to develop, implement, test and operate the associated security services and supporting infrastructure. Architects, designers, project managers, testers, suppliers and service operators work together from the start to completion of tasks related to implementation. The program and its life-cycle in fact never end. The security service capabilities and associated resources require on-going oversight from management. We will assist on defining specific security capabilities services metrics.
The service's capabilities stood by the program are in fact part of your non-stop services required to support your business. The program includes technology, process, and personnel. It includes a collection of protective, detective, corrective and deterrent security logical, physical and personal controls. It is not about following industry standards as in many occasions they don't address your organisation challenges. We have experience with industry standards and frameworks, but we supplement with the crafted development of security patterns, user and security stories, and finally, security enclaves that are relevant to your needs.
The security plan, as well as the program, will require review and investments to accommodate organisational changes as required.
Security services and its process must be managed. Like any other organisation processes, it relies on people and supporting technology that is prone to failure.
Together with security architects and security services capabilities designers, the service operator is responsible for assuring that services are operating appropriately as per defined service level metrics. Some of those services might be provided by a 3rd party services supplier organisation, so it is critical to assure that suppliers are conforming with service agreement as per security policies and requirements clauses. Our security business analysts will work together with you to identify services SLA that can be impacted by operational security events, and assist you with proactive incident management tasks.
We have experience with security assessments, certification, and system accreditation. Our consultants will use business information from your security plan and assure all critical assets will be covered by security assurance program. The assurance program is supported by security situation awareness tools and methods used to deliver our consultancy services.
Our consultants can assist you to fulfil any security operational capability gap associated with implementing security policies and associated development of process and procedures. We also have experience defining contractual security requirements, performing 3rd party security reviews and supply chain security assessments.
by Andre Fernando - Cloud Sec Consulting Pty Ltd.