Do you deem it necessary to retain an increased focus on core competencies and strategic business processes but also improve internal information security awareness and competency in information security matters?
Is it likely you can make available one to two people in your organisation who have a broad and deep understanding of the organisation and also possess most of the following skills?
• ability to understand the business processes and the underlying infrastructure of the organisation
• problem-solving ability
• analytical ability
• ability to work in a team
• leadership skills
• ability to spend a few days working on this method
• they are going to be on a longer term employment
Do you have a complex and a relatively large IT infrastructure but a relatively simple business model?
Do your business and service offerings include financial transactions?
Do you operate a business that is highly subject to strict Domestic Legal and Regulatory constraints and/or mandates?
Our next installment – IT Risk & Security : Approach & Methodology