Service For the past 36 years, we have been providing consulting services to address information security and cybersecurity challenges for companies in a diverse range of industries across Latin America and the USA. To initiate a process for improving the management of information security and cybersecurity in any organization, one of the most crucial elements is to determine the current state of affairs and the level of risk that the organization is currently accepting, consciously or unconsciously. In this regard, the first task is to define the baseline or audit criteria against which we will evaluate ourselves. Different reference frameworks are applicable based on the organization’s type or sector. Based on the findings of the diagnostic phase, the identified level of risks, and taking into account any constraints the organization may face, it becomes possible to define an action plan. This plan aids in identifying the primary actions based on their cost-benefit ratio in contributing to the organization’s information security and cybersecurity. The action plan includes setting deadlines, identifying involved actors (using a RACI chart), and accounting for other necessary resources. For each scenario, the deliverables and expected results will be determined based on the predefined criteria. This could involve achieving a specific maturity level or maintaining an acceptable risk level. Finally, once the action plan has been approved, it becomes essential to take action by implementing the various controls -administrative, technical, physical-, whether they are dissuasive, preventive, detective, or of any other nature that has been identified. Depending on the chosen framework, the implementation process could be highly structured and defined, or it might allow a certain degree of discretion for the organization. Ultimately, this phase might conclude with an audit or certification process, verifying the achievement of the established objectives. Compliance Assessment + Consulting
Compliance Assessment
Diagnosis
Some examples are:
Consulting
Action plan
Implementation support