The Citadel Guide to Project Management
We follow a standard but flexible project management philosophy which allows us to tailor the project parameters to our clients needs. We follow this methodology on every project in concert with client input to ensure the project is scoped properly to meet client requirements. We pride ourselves on being advisors to our clients and working with them continuously to ensure the security of their environments.
Initial analysis of the current program, business model, and risk appetite. We start from your current security stance baseline, even if you have no baseline. With your help we incorporate your business model and general risk appetite based on interviews with executives within the organization. We then set the stage for the framework analysis.
- Statement of Work
- Program assessment review document
- Risk Statement document
This process determines best approach to the available standards. Using data from the planning phase we then work with you to suggest the best Cyber Security framework to choose for your organization. We strive for a right fit model that is appropriate for your business model and risk appetite defined in the planning phase.
- Framework Selection Document
When the framework model is determined the proper standards model is analyzed against the current security program. We will set the firms current profile in this stage
- Gap Analysis document
- Team Scoring document
- Firm “Current” Profile document
- Firm “Target” Profile document
The findings are presented, and specific action steps are reviewed for implementation consideration. The recommendations are heavily based on quantitative and qualitative data gathered during the previous phases.
- Recommendation Findings
The chosen standards are implemented, and controls are designed and put in place. This phase is specifically meant to move the firm towards their “target” profile defined above.
- Statement of Work
- Risk analysis document
- Statement of applicability document
- Multiple project implementation milestones based on the SOW
The controls output is collected, and the program is reviewed annually. Once the implementation is completed the program is placed in a maintenance mode where Risk Analysis has at this point been instituted as part of the over compliance program. Operational metrics are collected and analyzed by the ISMS program practitioners and used to monitor the existing control set and continually enhance the program.