
Information Security
Program Development
The security and protection of information has become a critical priority for organizations. Nearly every industry has regulations defining standards and guidelines for the management and security of information, and many information security frameworks exist to provide direction (NIST Cybersecurity Framework and ISO 27000 are two examples of industry agnostic frameworks). BluTinuity can assist your organization with developing or optimizing your Information Security Program in a way that is risk-focused and right-sized.
Information Security Programs may include the following components:
-
Governance Structure such as a Security Risk Management Committee
-
Information Security Strategy
-
Information Security Program Roadmap
-
Risk Assessment
-
Identification of Roles & Responsibilities
-
Security Infrastructure & Architecture Design
-
Security Awareness & Training
-
Policies & Procedures
-
NIST System Security Plans (SSP)
-
Risk Management
-
Vendor Security Management
-
Incident Response & Management
-
Business Continuity & Disaster Recovery Management
-
Tabletop Exercises
-
Asset Management
-
Security Program Metrics & Monitoring
-
Virtual / Fractional Information Security Officer / CISO