MTI CISO Service: Overview
The GSS Outsourced CISO can assist you to develop and maintain an information security management system (ISMS) that supports a holistic, risk-driven framework-driven approach to information assurance that will address all aspects of information assurance, protecting your critical information asset and ensuring compliance with all relevant regulatory requirements.
We put a wide range of skills and experience at your disposal with a single point of aggregation and accountability. By outsourcing the CISO role to GSS you can be assured that your organisation's Infomation Security Management is in safe hands.
Your Outsourced CISO Questions Answered
Q1. What are the elements of an effective Information Security Management System (ISMS)?
An effective ISMS has the following characteristics:
- Executive support
- Embedded into the organisational culture
- Risk-driven and proactive
- Aligned to a strategic framework
- Delivers legal and regulatory compliance
- A robust policy environment
- Supported by active training and awareness
- Solid technical controls
Q2. How can outsourcing the CISO role to MTI help my organisation?
By choosing to outsource this demanding role you can free-up your organisation to focus on its business objectives whilst simultaneously benefitting from MTI's experience and proven methodology for achieving the requirements of an effective ISMS within your organisation.
Our approach can be outline as follows:
- MTI determine what the current state of your organisation's information security program is. This is referred to as your information security 'baseline'
- MTI then work with you and your key stakeholders to determine what the ideal desired future state of information security at your organisation should be
- This process makes use of compliance (round-table, workshop driven) and substantive (eyes-on) assessment methodologies, globally accepted best practices and years of experience to benchmark your current security program and determine where future investment will deliver the most effective improvements going forward
- MTI then define a remedial roadmap that will map the path to the achievement of your organisations information security objectives
Q3. What will my organisation get out of it?
- An Information Security Assessment (ISA): A documented 'drains up' assessment of your current information security baseline against the contextualised requirements of ISO27001:2005, together with an evaluation of your Information Security Policy documentation.
- An Information Security Standard (ISS/SOA): A comprehensive list of applicable information security control objectives unique to your organisation prioritized and chosen to reduce your organisation's unique risk profile to an acceptable level. The ISS will serve as your organisationis information security audit standard which can be evolved into a formal Statement of Applicability (Mandatory output for ISO27001 Certification) going forward.
- A Strategic Information Assurance Plan (SIAP): A Risk Treatment plan that will close the gap between the current and desired levels of security over a period that may span up to five years allowing your organisation to budget for and address information assurance projects proactively, as well as measure progress over time.
- A Long Term Strategic Partnership: MTI will partner your organisation in a complementary manner and assist you throughout the implementation and remedial action activities and aid your transition from reactive, IT-driven information security processes to proactive, risk driven and business aligned information assurance appropriate for the delivery of your legal and regulatory compliance obligations.
If you would like more information regarding the MTI Outsourced CISO Service please contact the MTI security consultancy team to discuss your requirements.