IMPLEMENTATION OF INFORMATION SECURITY MANAGEMENT SYSTEM
BACKGROUND
- A global data solutions provider looking to proactively identify & mitigate cybersecurity risks in alignment with ISO 27001 framework, GDPR requirements and practices of industry peers
APPROACH
- Implementation of industry standard Information Security Management System along with benchmarking of technical requirements based on industry peer practices
VALUE
- Reduction in residual risk and alignment with rigorous outsourced solution provider industry requirements
CHALLENGES
- Culture of innovation seen as antithetical to rigorous information security environment
- Unmitigated risks due to process and technology / tool gaps
- Hybrid environment of cloud + legacy
SOLUTION ELEMENTS
Cybersecurity risk assessment and gap identification
- ISO 27001 and GDPR alignment assessment
- Benchmarking with peer organizations
- High security work area requirements
- Policy, process technology gap analysis
- Remediation planning based on cost-benefit and cost of no-action
Remediation and long-term sustenance
- Leadership alignment and involvement in solution design discussions
- Strengthened information security management system
- Risk governance enhancement
- Stronger alignment to business requirements
- Enhanced reporting, monitoring and response through tool utilization/implementation; attrition management
BENEFITS
- Significant cybersecurity risk reduction through programmatic approach involving tool implementation, process enhancement and people alignment
- Proactive preparedness for customer /InfoSec audit and GDPR readiness
Positka deployed a fit for purpose solution to support this organizations’ need for identifying and implementing industry practices thereby proactively reducing risk