Our security practitioners follow a phased approach to Cyber Security Policy/Governance, which includes:
- Data gathering and analysis: Determining all applicable laws, policies, and standards at the federal, agency, and organizational levels, and develop the Systems Security Requirement Traceability Matrix (STRMx).
- Policy development: Developing and documenting policies and standards to address gaps in the Systems Security Requirement Traceability Matrix (STRMx) or the changing security landscape.
- Implementation: Assisting with implementation of policies, standards, and governance processes. Developing implementation-level procedures to enable with consistent implementation. Leading working groups or developing whitepapers or other intellectual capital in support of implementation.
- Monitoring: Defining and tracking measurable goals for policy implementation and monitoring the impact of changes to policy and governance structures. Developing executive reports or briefings.
Our approach to developing the Systems Security Requirement Traceability Matrix (STRMx) :
- Ensures governance and compliance are balanced with risk management
- Captures the flow through of existing baselines
- Defines a formal implementation planning process
- Addresses the manner by which programmatic controls are evaluated
- Encompasses programmatic security compliance requirements traceability for applicable laws
- Includes performance measurements and metrics
- Drives policies and procedures that govern day-to-day operations