0
Shopping cart
There are no products in your cart.

212-868-0688      516 247-7277

Ultratek Computers & Communications

IT Security Management

IT Security Management

We are a Certified Information Security Manager (CISM) and can perform the following tasks:

Information Security Governance

Establish and maintain a framework to provide assurance that information security strategies are aligned with the business objectives and consistent with applicable laws and regulations.

  • Create an information security system strategy aligned with business goals and objectives.
  • Line up information security strategy with corporate governance.
  • Create business cases justifying investment in information security.
  • Classify current and potential legal and regulatory requirements affecting information security.
  • Detect drivers affecting the organization (e.g., technology, business environment, risk tolerance, geographic location) and their impact on information security.
  • Acquire in senior management commitment to information and security.
  • Specify roles and responsibilities for information security throughout the organization.
  • Institute internal and external reporting and communication channels that support information security.

Information Risk Management

Identify and manage information security risks to achieve business objectives.

  • Create a process for information asset classification and ownership.
  • Devise a systematic and structured information risk assessment process.
  • Confirm that business impact assessments are conducted periodically.
  • Warrant that threat and vulnerability evaluations are performed on an ongoing basis.
  • Classify and intermittently evaluate information security controls and countermeasures to mitigate risk to acceptable levels.
  • Assimilate risk, threat and vulnerability identification and management into the life cycle process (e.g., development, procurement, and employment life cycles)
  • State significant changes in information risk to appropriate levels of management for acceptance on both a periodic and event-driven basis.

Information Security Program Development

Create and maintain a program to implement the information security strategy.

  • Create and maintain plans to implement the information security strategy.
  • Indicate the activities to be performed within the information security program.
  • Confirm alignment between the information security program and other assurance functions (e.g., physical, HR, quality, IT).
  • Classify internal and external resources (e.g., finances, people, equipment, systems) required to execute the information security program.
  • Certify the development of information security architectures (e.g., people, processes, technology)
  • Communicate, maintain and form information security policies that support the security strategy.
  • Create and develop a program for information security awareness, training, and education.
  • Certify the development, communication, and maintenance of standards, procedures, and other documentation (e.g., guidelines, baselines, codes of conduct) that support information security policies.
  • Combine information security requirements into the organization's processes (e.g., change control, mergers and acquisitions) and lifecycle activities (e.g., development, employment, procurement).
  • Create a process to integrate information security control into contracts (e.g., with joint ventures, outsourced providers, business partners, customer third parties).
  • Form metrics to evaluate the effectiveness of the information security program.

Information Security Program Management

Oversee and direct information security activities to execute the information security program.

  • Handle internal and external resources (e.g., finances, people, equipment, systems) required to execute the information security program.
  • Confirm that processes and procedures are performed in compliance with the organization's information security policies and standards.
  • Safeguard that the information security controls agreed to in contracts (e.g., with joint ventures, outsourced providers, business partners, customers, third parties) are performed.
  • Certify that information security is an integral part of the systems development process.
  • Ensure that information security is maintained throughout the organization's processes (e.g., change control, mergers, and acquisitions) and life cycle activities (e.g, development, employment, procurement).
  • Present information security and guidance (e.g., risk analysis, control selection) to the organization.
  • Present information security awareness, training and education to stakeholders (e.g., business, process owners, users, information technology).
  • Monitor, measure, analyze and report on the effectiveness and efficiency of information security controls and compliance with information security policies.
  • Confirm that noncompliance issues and other variances are resolved in a timely matter.

Incident Management and Response

Plan, develop and manage a capability to detect, respond to, and recover from information security incidents.

  • Create and implement processes for detecting, identifying, analyzing, and responding to information security incidents.
  • Form escalation and communication processes and lines of authority.
  • Create plans to respond to and document information security incidents.
  • Ascertain the capability to investigate information security incidents (e.g., forensics, evidence collection, and preservation, log analysis, interviewing).
  • Create a process to communicate with internal parties and external organizations (e.g., media, law enforcement, customers).
  • Combine information security incident response plans with the organization's Disaster Recovery (DR) and Business Continuity Plan (BCP).
  • Coordinate, train, and equip teams to respond to information security incidents.
  • Periodically analyze and refine information security incidents response plans.
  • Administer the response to information security incidents.
  • Conduct reviews to identify causes of information security incidents, create corrective actions, and reassess risk.
MJJT BLOG

IT Audit



Examine your IT
infrastructure.

More

IT Policies and
Procedures



Define your IT
controls.

More

IT Awareness
Training



Are your employees
IT aware?

More

IT Compliance



Keep your data
secure.

More