Sr. Security & Risk Managment Consulting

  • slide
Client: Insurance Services
Savant Advisory Inc. was engaged to work directly with the CISO and the CIO to assess the security position and create a strategy on how to move forward.

In an attempt to move the IT Security group to a greater level of maturity, Savant Advisory Inc. was contracted to work with the CISO to: (A) understand the existing information security position of the organization relative to the security components of the COBIT governance model. The Assessment included a mechanism to clearly articulate risk for he organization, in conjunction with the Enterprise Risk Management group.

After the assessment was presented, an Information Security Strategy was created to provide a means by which any areas of lower maturity could be improved. This was also presented to both the CISO and CIO.

As a means by which to jump-start this process, Savant Advisory Inc. drafted a series of artifacts, and a process by which they could be vetted and then approved for use including: Information Security Policy, multiple Information Security Standards and a few important process documents.

In addition to this the following was undertaken:

  • Designed a process to identify priority applications & services tied to business services
  • Devised a Risk Acceptance Process to help ensure risk tolerances were considered
  • Drafted an IT Risk Management Charter and provided a draft ERM Methodology
  • Revitalized the Risk Register and the Risk Management process
  • Drafted a Security Advisory Team Charter
  • Drafted a Risk Assessment Process to streamline Risk Assessments