logo

Select Sidearea

Area for extra info, links, etc.
[email protected]
+(610) 816-010

[email protected]

610-606-1404

mobile-logo
 

PM – Policy Management

Policy Management is the natural extension to Controls Management. Acknowledging the controls that are to be followed is a first step– Policy Management is how you get there.

Policy Management does three things:

PM- Policy Management
  1. Policies are crafted or imported that align to controls
  2. Efforts to ensure polices are in place are documented
  3. Practices provide the process used to ensure Policies remain in effect.

Why do we provide the ability to do these 3 things? Without these, 3 things Policy Management is like a Grizzly Bear without claws or teeth. Adopt the policies. Specify how you will put the into effect. Specify how you will ensure they remain in effect.

An example of Policy Management:

Policy: The organization will ensure that a Policy of Zero Trust for accessing any server on premise or in the cloud is enforced.

Effort: To put this into effect, the XYZ offering by BigCyber Corp is to be implemented with the following schedule and guidelines. The effort is owned by PersonX, with PersonY verifying implementation meets the requirements of the Policy.

Practices: The following practice will ensure that this policy is in effect:

  • All new network and server devices will utilize the XYZ Zero trust offering. Prior to being commissioned, Commissioning must follow the 22.33.44 Device instantiation process.
  • The XYZ is evaluated daily against the Asset Management system. If any new Network or Server devices are discovered that do not exist in XYZ, a violation of the policy will be flagged.
  • The Asset system evaluates all Logon ID’s. If an ID is identified that does not map to the XYZ system, the Logon ID and IP address that the logon occurred through is registered and flagged.

Timeline

DM – Data Mapping

DM – Data Mapping allows the organization to associate key granular data with other data, making collected information more powerful and meaningful to pre-built and custom dashboards and representations.

CC – Cyber Culture

CC-Cyber Culture leverages included InfoSec Institute CyberAwareness Training to eliminate risk at a key CyberSecurity breach vector, people. CC starts with the rapid, engaging, and short training sessions. CC follows with testing progress using documented scores and Phishing simulation testing across the organization.

VAC – Vulnerability and Compliance

VAC – Vulnerability and Compliances provides the mechanisms to identify Software, hardware, and configuration based vulnerabilities through integrations and interfacing to IT Asset Management, IT-Pedia®data, Open Source Vulnerability Scanning, and SCAP Scanning.

ITAM – IT Asset Management

ITAM – IT Asset Management allows for the discovery, heterogeneous data source integration, data normalization, white listing, categorization, ownership, lifecycle management, and vendor management related to hardware and software assets.

RM – Risk Management

RM – Risk Management allows the organization to understand and manage the events, triggers, impacts, potential reductions, reduction progress, response plans, and documented testing of those plans.

AM – Audit Management

AM – Audit Management sets the ownership, governance, schedules, and processes for auditing that the policies and controls in effect.

PM – Policy Management

PM – Policy Management provides the ability to document and communicate how policy relates to organizational controls.

CM – Controls Management

CM – Controls Management aligns your organization to the frameworks and regulatory controls they have voluntarily, or are required to follow.

CMO – Cyber Management Office

CMO – The Cyber Management Office provides the ability to governance and manage the individual efforts your organization must execute to achieve continued improvement in CyberSecurity

M2 – Momentum Methodology

M2 is the bridge between Technology, Leadership, and Process. M2 provides a standardized method to understand, implement, and work toward continued improvement in CyberSecurity