Security
Strategy
Workshop
Overviews
Testmasters,
Inc. has formulated a series of
workshops to assist our clients
in establishing and maintaining effective information security.
At Testmasters, we believe successful security
programs start with good policies.
Our workshops will help your organization establish
an effective game plan that will provide balanced protection. What
needs protection? How much protection is needed? And for how long?
We help you apply risk
management to make decisions about what to do and the priority of each step.
|
Security Strategy Workshop |
|
|
Target customer: |
Enterprise with no formal
security program in place and who wants to jump-start the process. |
|
Purpose: |
To quickly develop an Action Plan
and build consensus for initiating a formal security program. Identifies tasks, schedules, and assigns
responsibilities for performance of tasks.
At the end of the Action Plan, the customer should be well down the
path to implementing a security organization, policies, procedures, etc. |
|
Products: |
Charter Document (minutes of
workshop) and Project Plan (Action Plan). |
|
ADDME Life-cycle: |
Early in ASSESS, usually
following a Pen Test, Vulnerability Assessment, or other activity that raises
the requirement for real security |
|
|
|
|
Security Policy Workshop |
|
|
Target customer: |
Enterprise with no effective
Security Policy (could have an outdated policy). |
|
Purpose: |
To quickly develop a strategy and
build consensus for development of a set of Security Policies appropriate to
the operational environments of the Enterprise, e.g., a Corporate Security
Policy and a set of Network Security Policies. Identifies security domains (draws boundaries), sensitive
systems, value of information, ownership, milestones, responsibilities, etc. |
|
Products: |
Charter Document (minutes of
workshop) and Security Policy Roadmap. |
|
ADDME Life-cycle: |
Early in DESIGN, usually the first
step leading to a Security Policy Development task (or set of tasks). |
|
|
|
|
Security Deployment Workshop |
|
|
Target customer: |
Enterprise seeking to rapidly
deploy a security technology. |
|
Purpose: |
To quickly develop a plan and build
consensus for deployment of a security technology, identifies site and
hosting issues, defines tasks and schedules, assigns responsibilities. |
|
Products: |
Charter Document (minutes of
workshop) and Deployment Plan. |
|
ADDME Life-cycle: |
Part of DESIGN leading up to
DEPLOY, could lead to ISS support for deployment. |
|
|
|
|
Security Management Workshop |
|
|
Target customer: |
Enterprise deploying new
security technologies or procedures. |
|
Purpose: |
To quickly develop a plan and build
consensus for post-deployment management of the new security measures. Identifies tasks and assigns
responsibilities. Defines schedules
as appropriate. |
|
Products: |
Charter Document (minutes of
workshop) and Management Plan. |
|
ADDME Life-cycle: |
Part of DESIGN leading up to
MANAGE immediately following DEPLOY. |
|
|
|
|
Security Review Workshop |
|
|
Target customer: |
Enterprise with an on-going
security program. |
|
Purpose: |
To identify issues in the effectiveness
of the current security program and to develop a strategy for addressing
those issues. Defines tasks and
schedules, assigns responsibility for task performance. |
|
Products: |
Charter Document (minutes of
workshop) and Action Plan. |
|
ADDME Life-cycle: |
Part of MANAGE. |
|
|
|
|
Workshops
Answer the Following Critical Questions |
|
|
Planning Component |
Workshop Component |
|
WHY are we doing this? |
Objectives |
|
WHAT is involved? |
Scope |
|
HOW will we do it? |
Approach |
|
WHO is involved? |
Roles |
|
WHEN will we do it? |
Plan |
|
HAVE we considered everything? |
Assumptions,
Constraints, Risks, Organizational Impact, Procedures |
|
|
|
|
|
|
