Level 3: The Process Leads To The Program
-
Step 1: I&A
We start an engagement with our Inventory & Assessment (I&A).
The Inventory is a list of what to protect. We use the NIST CSF to define the output so that the Inventory is useful going forward. Adding the how to protect is a large part of the rest of the engagement.
The Assessment is about who is doing the protecting. It focuses on who and also why they would keep doing the (job descriptions and performance reviews). Linking the protecting and the protectors is is what makes a program self-sustaining and provable.
-
Our Method
We cannot fit a detailed description of our process into this web page. To do that we would need an overview of the process, an explanation of why we combine cyber security policy, procedures with job description upgrades and performance review support into a cyber security program tailored to your needs and your staffing and your budget and your timeline. All of that won’t fit here.
But we can, and did, fit all that into a white paper which is available to prospective clients.
-
Our Process
If our conversation proceeds past the early stages, we off our white paper on our method.
If our conversation proceeds past abstract discussions of our method then we offer a white paper which describes our method in action, which we call our process. In essence this white paper is an annotated sample deliverable.
The sample deliverable is for a fictionalized engagement with a fictionalized company but shows both CSF-based work product and our valued-added work product.