Assessing the Adequacy of Security Governance

The Three-Layer Control Framework can be used to identify major gaps and inconsistencies in security governance. The scope of the assessment can be information security as a whole or can be limited to a single business line, geographical location or security domain such as cybersecurity, data protection, identity and access rights, etc.

We can help you assess your governance and management practices. Our services include:

    1. Assessment of the current and desired level of maturity in each of the nine areas of security governance.
    2. Identification of the main gaps.
    3. Proposals to improve governance.
    4. Development of a roadmap of projects to reach the desired level of maturity.
Enterprise and its context

Policy

Strategy

Organisation

Risk management

Program

Reporting

Assets management

Compilance

Metrics

Outcome Report containing findings, improvement proposals and priorities.