The following is a catalog of selected projects across a variety of clients. Externally we do not disclose the client names but will share selected references upon request.
ISO 27001 – 27001 Preparation
The project centered around preparing the client for an eventual 27001 certification by performing a governance and controls gap analysis. The ISO certification offers a high degree of assurance to clients that you are operating in a structured and properly governed manner with regard to Cyber practices as defined by the ISO 27001 and 27001 standards.
NIST Cyber Security Framework – Review and Consultation
The project required a focused view into the clients data stream and what NIST guidelines would assist in mitigating the high and medium risks as defined by the clients risk management initiative. The selection of policy documents, controls, and tools as well as continued consultation on roles and responsibilities allowed the client to achieve confidentiality and integrity within the predefined communication string.
Vendor 3rd Party Review and Framework Development
Developed a framework for 3rd party risk management review of low, medium, and high risk vendors that would have an impact on the clients Information Security Management System. Established a risk weighting system based on vendors exposure to the data governance and classification model.
ISO 27017 and 27018 Cloud & PII Security Controls
We designed and analyzed the ISMS for a cloud service entity ensuring compliance with proper controls and implementation of proper documentation for client attestation. We focused on the ISO 27017 and 27018 standards and utilized ISO 27002 Controls to adhere to client requirements for protection of PII data stored in the cloud.
NIST - 171 Control Review
As the deadline approaches for the implementation of the NIST - 171, Control of Unclassified Information, Citadel has helped defined the controls and definitions for several clients. While the deadline looms there is still much that can be done to discuss the controls and understand the risk analysis needed to map in the proper response to NIST - 171 "Compliance."
NIST Cyber Security Framework - Risk Scoring
Using the COBIT maturing model for rating maturity of control sets, we conducted an analysis of the client's current profile and worked to determine a target profile. Using a weighted scoring model we then created heat maps to focus efforts on the controls that needed additional work to mature the ISMS program.