Just as working with any client, a discovery and understanding of the environment, an aerial view of the organization is critical to devise the best practice approaches to develop and recommend a best practices solution to an organization. Just as you enter into another country to visit, it is always a best practice to enter in as a student, and to learn about the culture and environment to provide working solutions that will provide a return and metrics for key performance indicators. Prior to engagement, the discussion on defining the scope and objectives is critical to nail down the specifics of a Contract. Just as Contracts in John Wick, the mark should be measurable for all Consulting Work, and Return On Investment defined.
Security Compliance is a broad realm that encompasses an organization, and the following example is a series of areas that need to be considered for Network Security.
Just as one example, Network Security is critical in dealing with network devices, and the following is a suggested approach to harden in sequence. Methods are flexible, since the overall goal is to provide a ROI and best practice implementation for a organization. Conducting a discovery and white boarding the organizational operational and transitional flows helps to clearly define the targets and action plans to assist an organization. Some of these areas cover the WAN, the core network, firewall, VPN, Cloud, and any means of how data traverses back and forth through an organization.
Presence, from stationary locations, datacenters, remote offices, to cloud presence for AWS/Azure/Google/Oracle, each configuration involves different criteria and defined security/compliance/auditing reviews.
Security
- Administration
- Physical Security
- Network Security
- Management of Security Services
- Access Security
- Use Authentication Security
- Routing Protocol Security
- Firewall Filter Security
- Endpoint Security
- Reinforced Training for Security Across the Organization – to address Spear Phishing and loss of business due to compromise/breach.
The methodology also requires the ability to stay on target throughout the duration of the SOW and periodic updates to insure on time delivery and client satisfaction.
It also takes work to understand the culture of an organization to get the buy-in required to make changes that are going to be implemented, since the objective is to not be part of an organization, but to augment the organization and staff to be better and provide what they do best to their clients.
