IMPLEMENTATION OF INFORMATION SECURITY MANAGEMENT SYSTEM

BACKGROUND

  • A global data solutions provider looking to proactively identify & mitigate cybersecurity risks in alignment with ISO 27001 framework, GDPR requirements and practices of industry peers

APPROACH

  • Implementation of industry standard Information Security Management System along with benchmarking of technical requirements based on industry peer practices

VALUE

  • Reduction in residual risk and alignment with rigorous outsourced solution provider industry requirements

CHALLENGES

  • Culture of innovation seen as antithetical to rigorous information security environment
  • Unmitigated risks due to process and technology / tool gaps
  • Hybrid environment of cloud + legacy

SOLUTION ELEMENTS

Cybersecurity risk assessment and gap identification

  • ISO 27001 and GDPR alignment assessment
  • Benchmarking with peer organizations
    1. High security work area requirements
    2. Policy, process technology gap analysis
    3. Remediation planning based on cost-benefit and cost of no-action

Remediation and long-term sustenance

  • Leadership alignment and involvement in solution design discussions
  • Strengthened information security management system
    1. Risk governance enhancement
    2. Stronger alignment to business requirements
  • Enhanced reporting, monitoring and response through tool utilization/implementation; attrition management

BENEFITS

  • Significant cybersecurity risk reduction through programmatic approach involving tool implementation, process enhancement and people alignment
  • Proactive preparedness for customer /InfoSec audit and GDPR readiness

Positka deployed a fit for purpose solution to support this organizations’ need for identifying and implementing industry practices thereby proactively reducing risk