In IT Organisations, it is critical that Cyber Security specialists can influence security issues across the IT delivery organisation, and to do this, the new Cyber Security Specialist must first gain the confidence and ‘buy in’ from ‘key stakeholders’ across the business. One of the main enabling factors here is the Consultant’s analysis of information that will support his/her discussion points in meetings and workshops.
There are various SaaS based Governance, Risk, & Compliance (GRC) tools out there, but effective and well configured GRC Tools are a rare find, they often don’t align well with evolving operating models, they are poorly set up, they are only partially used, they only track key actions, or the provider’s pace of support fails to match the speed at which the organisation is transforming its governance model. Often, cyber security consultants will find more efficient ways of collecting, tracking and presenting their project information.
The Cyber Smart Associates InfoSec Professionals Toolkit contains a set of tools that have been designed and built by practising InfoSec Consultants who have worked at all levels in various organisations as Interim CISOs, Independent Consultants, Cyber Consultancy Practice Leaders, Cyber Consultants in cross functional in-house consulting teams, Government systems Accreditors, and Information Security Managers. All these roles demand a high level of intellectual rigour, with constant analysis of their projects, identifying and researching vulnerabilities, issues, and looking to identify priority improvement actions and value add – and this is where toolkit helps. If you are an InfoSec specialist who is constantly spinning plates, are providing regular updates, and always looking to improve your effectiveness then you will find The InfoSec Professionals Toolkit immensely useful.
This dashboard helps Security Consultants who provide technical support to multiple Lines of Development (LoD) for Client Organisations & Businesses. It is particularly useful for project planning, stakeholder meetings where updates on deliverables progress and risk are discussed. It also combines attributes and characteristics of each project and combines them so that useful trends can be presented to support your security case.
The dashboard provides metrics on:
The Security Consultant’s Portfolio Dashboard combines these metrics to provide a single document that promotes meaningful and useful discussions between InfoSec Department Consultants and stakeholders in the project delivery environment.
Designed for Information Security Managers who are continuously improving the maturity of their process alignment, these assessment tools enable quantitative assessment of maturity in each principle function of the respective framework. They provide an auditable record of assessment with an automatically populated RACI that displays prioritised improvement actions. The tools are customisable to your framework requirements, but the frameworks included in this kit include the following:
A ‘Deep Dive’ assessment of the effectiveness of an Organisation’s Security. This tool is particularly useful to CISO’s who are new in the role and can be used to assess and identify their improvement priorities. Also useful to Consultants who may have been tasked with an external deep dive assessment of an organisation’s Information Security function.
The NIST Cybersecurity Framework provides a policy framework of computer security guidance for how private sector organisations can assess and improve their ability to ‘Identify’, ‘Protect’, ‘Detect’, ‘Respond’, and ‘Recover’ from cyber-attacks. This tool helps to expedite assessment of an Organisation’s alignment to the NIST CSF
This tool is particularly useful for Organisations that are seeking to mature their DevSecOps model. The tool includes assessment criteria that focusses on the solution security as well as the security of Product Team processes, and provides RACI Improvement output to guide your DevSecOps improvement Plan
This tool is particularly useful for Companies and organisations identified as either operators of essential services (OES) or Competent Authorities (CAs) within the NIS Directive. The NIS Directive has been implemented at the same time as the new General Data Protection Regulations (GDPR), which require holders of personal data to provide security assurances around that data, and to report on any incidents that might affect them. This tool includes the evaluation criteria for assessment and provides RACI Improvement output to guide your NIS Directive alignment
This tool is primarily designed for use by Procurement Team members but is also useful to InfoSec Consultants who frequently work with Procurement stakeholders. It helps to triage assess the likely level of engagement needed from the Internal InfoSec Team on newly procured services.