With the Navigator Program, CSO Compass will proactively manage your security program and delivery acting as an extension of your organization. The program will be configured to meet your specific needs and priorities. Included in this offering is a Program Office which provides the core activities of your company's security program at a fraction of the cost of a full time employee.
Industry data suggests that a large company has about one Information Security employee for every 100 software developers. Smaller companies simply do not have the luxury of employing a full time staff for Information Security. That's where we can help.
The initial meeting between our staff and your company will provide both with an understanding of roles as well as provide a complete review of your company's current Information Security status. This usually takes two days on-site and provides input CSO Compass needs to recommend a road map.
Back to the top
Based on our understanding of your company's current status, goals and products/services CSO Compass will provide a prioritized set of recommendations as the basis of you Information Security Road Map. It will identify requirements and activities needed to protect your business and will clearly define prerequisites to all security-related activities. The Information Security road map will address all aspects of your company that affect Information Security (e.g., HR policy, IT policy or development of software features).
This Road Map will then be discussed with your staff and your company will provide scheduling information to complete the Road Map. When this step is completed, there will be an agreed to road map for Information Security changes to your company and it's products or services.
The goal of this Road Map effort is to identify the required changes that you need to protect your company's information. It will not insist that everything that can be done is done. This is what we mean bySensible.
Back to the top
While CSO Compass cannot replace your staff's expertise in your business, we can provide assistance that will reduce the effort your team must expend in addressing the items on the Information Security road map. Our staff has extensive experience in the architecture, design and implementation of the features that will appear on the Information Security road map.
As part of the Program office, a member of our staff will be available for regular on-site visits during which we will work with your staff on the road map items or any other Information Security issues you may have.
Finally, you can always contact us for additional help through our customer support organization.
Back to the top
As with any change you make within your company or to your products expertise and experience can be assets that ease the transition. Our staff is available to support the deployment of the changes agreed to in the road map. This may include activities such as employee security training, product updates of new security features or any other change specified in the Information Security road map.
Back to the top
Most data breaches that occur in production are attributable to either lack of security planning, smallchanges that have cascading effects on the production environment or new threats that arise.
The Program Office monitors various aspects of your production environment watching for changes to the environment and indications of new threats.
Back to the top
Things change. Information Security certainly has new best practices, threats, products, etc. That change has to be accounted for in the Program Office to assure an up to date plan that fits the changes of your company and the Information Security world.
Annual re-assessment is a standard part of our Program Office service. It provides an abbreviated version of the initial assessment and results in the same kind of road map experience as the initial engagement.
Back to the top
The program office manages the implementation and provides expert security consultancy and support across your organization to maintain a secure environment, as well as supporting your marketing and sales efforts in response to security requirements of your customers and prospects.