Security & Risk Management
“Security is an inconvenience acceptable to stakeholders”
In this context implementing security acceptable to stakeholders and business is quite a challenging task. It involves a great deal of trade-offs, stakeholder management and regulatory compliance mapping. SNA provide consulting service in security architecture, planning & Implementation. In Cyber Security or Security Standards, we assist in creating end to end governance frameworks in implementation, validation and prepare for external audits. SNA delivers Open Fair- Risk treatment plan training services worldwide through the internet, directly at client sites, and leadership conferences around the world. Security is about identifying the assets and proactively protect them from the perceived risk, threat and vulnerabilities. To evaluate the threat, threat capability, vulnerability for an asset the probability based on subjective data is the righteous way. The measurement then can be mapped with financial loss for decision maker to take a trade-off for the risk identified. The framework is
SNA provides following services in security and Risk management
- Cyber Security and Physical Security: In this SNA caters to threat analysis metrices and threat profiling. Based on profiling it suggests type of controls to be used.
- Risk assessment and trade-offs: Based on Monte Carlo method risks are simulated based on past data captured and loss of magnitude to perform a trade-off on risk treatment plan.
- Security Controls implementation: Controls are suggested on different assets and monitored and verified. The response controls have to be a proactive assessment and measure for security in terms of business continuity planning and disaster recovery.
- Security governance as per standards applicable: As per organization adopted standards like ISO, NIST etc SNA developed statement of applicability and creates a plan for each applicable asset and perform internal audits and verifies that controls are in place or it requires further improvements like VAPT.
- Security Audits (Cyber and Physical)- These are quarterly internal audits planned with PMO to check the established security policy and controls w.r.t its effectiveness.
- Trainings: SNA provided Open Fair training so that organization effectively use security trade-offs and plan for it.
- Security Blue print: SNA create CoE for enterprise security which caters to all most all aspect of security committed by an organization and creates an over all plan and execution methodology for it.
In enterprise security, the area is not only confined to afore mentioned segments but also in compliance w.r.t to Green IT, Resource conservation plan, Co2 emission and Physical security.