Strategic Security’s client had recently failed a compliance audit and the newly appointed CIO faced a task list from his CEO that was a mile long with less then one month to complete.
The tasks included:
- Develop a security awareness training program
- Develop a secure coding training program for the development team
- Develop a disaster recovery plan
Strategic Security Consultants worked with the entire IT staff (CIO, network admins, system admins, developers, techs, help desk) and HR to develop a full blown Information Assurance Program that far exceeded the initial regulatory compliance concerns.
Now the client’s IT security budget was aligned with its business goals.
A business continuity plan had been developed.Â The plan included a business impact assessment, a risk assessment and a disaster recovery plan.Â Each plan was created in a modular fashion so that the planÂ could be quickly updated.
Old policies and procedures were rewritten; and new ones were developed where applicable. All documents were created in a modular fashion so they could be quickly updated.
A change control board was developed and new processes were put in place to allow the new information assurance program to develop, grow and change as needed.
Of course, they passed their next compliance audit!