top of page
Cyber Security Development.jpg

Cyber Security Program Development

The information security framework is the first core element of any information security management program and governance service.

Organisations need a framework for establishing an information security management program. NSAA Security’s streamlined framework provides structure and identifies activities which include:

Design

  • Identify information security objectives and ensure alignment with business objectives.

  • Understand the organisation, environment, and information systems types. Along with the applications, system interconnections, information sharing, and related laws/regulations/policies.

  • Identify the scope, boundaries, and applicability of the information security management system.

  • Identify organisational roles, responsibilities, authorities, and assignment of security responsibilities.

  • Select a minimum set of security Controls (Management, Operational, Technical). Base them on security objectives and applicability. Consider the organisation environment, business, threats, and regulatory requirements.

  • Refine controls using a security risk assessment procedure.

​​

 Implement

  • Implement selected security controls.

  • Document all information and the controls in the Information Security Management Plan Document.

 

​Operate and establish the process

 

Monitor

  • Monitor implemented controls.

  • Conduct Security Risk Assessment. Implement security controls. Test their effectiveness. Determine risk to the organisation.

 

Review

 

Maintain and apply Information security risk treatment

 

Continual Improvement

  • Evaluate performance, monitor, measure, and analyse security controls on a continuous basis

  • Conduct management reviews and communicate established metrics with stakeholders.

 

Experienced NSAA cybersecurity consultants develop and implement comprehensive security programs and framework. They’ve had experience in small, medium, and large companies. And, they’ve operated in a wide range of industries. These include healthcare, education, E-commerce, financial, government, and enterprise.

tirad.png
bottom of page