Project Initiation
At the outset of every project, GSS diligently establishes clear safety objectives. This includes a comprehensive understanding of the company's profile, offering a high-level view of its business organization and processes. The project scope is thoroughly confirmed and refined to lay a robust foundation.
Safety Risk Survey
GSS conducts a meticulous safety risk survey, compiling exhaustive asset registers encompassing hardware, software, and data. The existing governance framework, especially the Information Security Management System (ISMS), is scrutinized. This involves a deep dive into policies, procedures, roles, responsibilities, controls, configurations, and adherence to regulatory requirements. Additionally, GSS conducts an in-depth mapping of the network architecture.
Safety Risk Capability Assessment
GSS evaluates the current safety protection level, considering both security level and maturity/tier level. Simultaneously, the assessment determines the existing security level of the network architecture. A thorough threat assessment is conducted, leading to the establishment of both target protection and network architecture security levels.
Safety Risk Assessment
Leveraging methodologies such as the Information Risk Assessment Methodology (IRAM), GSS follows a structured approach with six phases. This includes scoping (part of Project Initiation), business impact assessment, threat profiling (building upon the work in the Capability Assessment), vulnerability assessment, risk evaluation, and risk treatment.
Implementation
GSS takes a proactive stance in implementing safety measures. This involves determining the requirements for the governance framework (ISMS) and creating a draft for approval. The team conducts data classification and finalizes control measures based on the output of the risk assessment, ensuring compliance with the established governance framework. The documentation of the governance framework is meticulously reviewed and finalized before the actual implementation of control measures.