Assessment:  Cyber Security

Time Frame:  6 Weeks

Consultants:  2 Consultants

Cost:  $95,000

Activities:

Assess Current State

• Partner with Key internal resources spanning Security Compliance and Application SDLC to understand current security delivery approach

• Identify current existing policies & procedures

• Gather documentation including Identity and Access Management, Network and operations security protocols process in Dev and Production deploy

• Participate in daily standups to understand culture & daily practices of security delivery and assurance

• Audit entire tool suite spanning the security domain & provide detailed view into day to day activities & process flows

• Review current release process in place that are both understood & enforced

• Review software delivery model & any automated framework for deployment & testing

• Work in conjunction with Security and Compliance Operations to understand activities, responsibilities & expectations

• Infrastructure & Environmental review

Visualize Future Desired State

• Develop Access and Application Security Compliance Vision Statement

Deliverables:

• Access and Application Security Vision Statement

• Business Case with stated business drivers & challenges to include:

• Current State Assessment Document

• Future State Assessment Document

• High Level Gap Analysis & Recommendations for process improvements

• High Level RoadMap – Describes the recommended approach with proposed and optional rollout approaches

• High-Level (LoE) – Level of Effort

• High Level Project Plan – For Security Compliance Implementation

• Staffing Plan / Delivery Team – Proposed Team for Phase II Implementation

• 1 Day Customized Executive Workshop – Educate the Executive Teams on the Security Compliance Process, RoadMap, LoE, Project Plan & Delivery Team necessary for Implementation