TelaFortis - Information Security Governance, Risk & Compliance

Home Services About TelaFortis Contact Us

    

Security Policy Design; Risk Management; Governance & Compliance

Information Security Governance, Risk Management & Compliance

TelaFortis's services are aimed at supporting information security and cyber security governance: ensuring that security management balances business risk and regulatory compliance so as to be both effective and cost efficient.

The pillars that support effective security governance and an effective cyber/information security management system are

  • a rational and justifiable security policy structure that meets regulatory requirements as well as the organization's self-imposed risk tolerance;

  • organizational structures for executive cross-function and cross-business decisions on strategic security goals and processes, and for executive security oversight;

  • risk assessment processes that are understood and regularly applied, and are built around business risk, not just technological IT risk;

  • compliance processes that ensure that regulatory requirements are met along with the organization's baseline mandatory requirements; and

  • staff awareness of security responsibilities, supported by management at the highest level.

Our security services support these pillars.

Rational Security Policy Design

A cyber security management framework (or Information security management system) has to identify what's necessary for the security of the organization, who is responsible for doing the relevant things, how they can go about finding out what has to be done, and how "doing what's necessary" will be measured and enforced.

Business-Focused Information Security Risk Management

Businesses profit by knowing when to take risk. Knowing how to assess what's risky (and how risky) is a core business skill. IT risk (or cyber risk) is just one element in the "Assess - Prioritize - Act - Check - Review" risk management cycle. Failing to include IT security risks in the process can be just as damaging as perceiving them from naive, "the sky is falling" ignorance.

Security Governance & Compliance

SOX audits, NERC audits, PCI-DSS audits, privacy audits, corporate policy audits, .... What is actually mandatory? And isn't it possible set out what has to be measured and recorded in a way that lets the measuring be done once? Or is "Measure once; satisfy many" just a dream?

 
• Home • Services • About TelaFortis • Contact Us •
TelaFortis: Calgary, Alberta, Canada
Send mail to info@telafortis.com with questions or comments about this web site.
Copyright © 2009 TelaFortis
Last modified: 08/03/09