The Long-Term Approach for Security Programs
As Slate continues to grow as a trusted partner with our clients, it has become evident that most organizations are looking for the “check the box” approach. In most cases, it is not due to the organization trying to just get by with the minimum required actions, but rather their lack of knowledge with what is required for organizations to comply with. The breadth of knowledge needed to fully understand the changing landscape of regulatory compliance that organizations are forced to meet is quite vast.
When we are asked to come into an organization and provide pricing for a specific project, we always take a step back and engage in a full discussion to determine their true needs. A hand full of times, the project will change direction once the client understands what regulatory and family of controls they are trying to satisfy. We typically ask customers if they have a Security Program in place and if they do, how often is it maintained and adjusted based on their business needs. Most of the responses we receive fall into the category of “No Security Program”. Once we see that they lack the basic security management, we work to provide a long-term approach to implementing a Security Program that aligns with their business needs. After a stable and mature security program is in place, it is at that point where we can provide quick reaction type audits or penetration tests, which help satisfy the controls AND assist with validating our Security Program is functioning as intended.
This approach, the long reach, is based on our firm building a long-term relationship with each client that we engage. It is our belief that security firms should become part of the client’s business functions. Taking the time to fully understand the business needs and functions of the client is the only way a proper security program can be developed and deployed. Skipping the evaluation portion will create havoc while deploying a security program since it will not align with the business functions. The misaligned security program can potentially cause issues with day to day operations, which can cost the client financial strain.
The long-term approach that we have developed, with our first 100 days framework, is in the heart of Slate’s vCISO program. We have developed this system with our client’s best interest in mind – as the tag line states, we are exceeding your expectations, while enhancing your security posture…
Make sure to reach out and see how we can help…