CIMA offers end-to-end Information Security program support, beginning with laying the foundation for and development of your organizational-wide information security management system (ISMS - more commonly referred to as "program"). For purposes of illustration, immediately below this text, we have included a representation of the typical infusion points we help customers in the design, development, roll-out and maintenance of information security programs.
Service Area Highlights
Gap Assessments
ISO 27001 - NIST CSF - HIPAA / HITECT - GLBA / FFIEC - NERC / CIP
Assessing security program elements for compliance with key standards and regulations is a foundational activity for strategic minded organizations. Our gap assessments not only provides a qualified understanding of what is and is not in place against defined requirements, but also assesses the controls that are in place against our (or your custom) capability maturity model.
Information Security Program Strategy Development
Following a structured methodology, we will work with key business and technology leaders to understand your organizational goals and develop a custom business focused information security strategy. Our approach ensures investments in information security are directed in a manner to ensure the success of the organization.
Policy & Standards Development
Using our DIRECTION Methodology, CIMA leverages your initial efforts to understand the scope of your program, and develop a custom information security policy and standards for compliance with your relevant standards and regulations.
Information security Incident Management
Leveraging your standards and regulatory requirements, we proactively build a custom information security incident management process for your organization, process training to educate your process users and stakeholder, and an optional information security incident exercise.
In a reactive situation, CIMA provides information security incident management services to help clients organize and respond to incidents in a controlled fashion.
Information Security Metrics Program Development
To ensure an information security investments are optimized, strategic thinking organizations establish measurements and monitor information security control that can help them determine if the information security program is achieving defined program objectives and supporting the success of the organization's business strategy.
At a control level, establishing the measurements and performing the follow up monitoring can help information security leaders understand the effectiveness and efficiency of an individual control.
We work with clients to help define program objectives, and establish a performance management program and reporting capabilities.
Virtual & Fractional
Chief Information Security Officer (CISO) / Data Protection Office (DPO)
On occasion clients find themselves in need of temporary assistance of a seasoned CISO / DPO to help:
a. build their initial information data privacy & security program;
b. fill a void for an interim period until a replacement can be found and come on board;
c. serve as a part-time resource to represent the client in meetings and discussions with external customers; and
d. other reasons
CIMA has been helped clients for term roles for periods of six (6) to twenty four (24), including helping to identify suitable full-time candidates, interviewing, and controlled transitioning into their new role.