Services

Governance | IT Architecture | Development | Analysis

The offered services can be divided into three main roles. The following describes what IT security services each role provides and who the typical clients are.

1. Management Consultant

The management consultant service is normally requested in situations where IT security is in focus from a  business point of view. Typical tasks incl:

• Setup an Information Security governance incl. Roles & Responsibilities, processes and performance metrics.
• Conduct a Security Risk Assessment and deliver security control catalogue with a practical roadmap.

The overall security control deliverables are strategically aligned with the long-term business roadmap. Each security controls is prioritized based on a risk assessment and a business case. The in-depth technical knowledge is not needed in this service because the main focus in on governance.

2. IT Security Architect

This service is desired when the client lacks time or competence whilst evaluating or designing a new solution.

Typical tasks include:

• Design, evaluate and/or implement an IT solution that may take business, infrastructure, data and application into consideration (TOGAF) with focus on IT Security.
• Create company specific IT security strategy or policy. Align the company with an acknowledged framework i.e. ISO 27000 series or NIST framework or author and implement IT Security standards.

Normally the project ends with a hand-over to operations, the moment the solution is up and running. However, it is recommended to keep the project running for some time after hand-over to ensure all use cases have been identified and dealt with.

3. Analyst or Developer

This service is solely in the operational domain where the end-goal is always well-defined and easy to navigate after.

Typical tasks incl:

• Analyze and implement security controls based on audit findings, security incidents, threat management or strategy.
• Develop a tool, script or customize an IT system.