Corporate Information Security Program Development

Establish a Resilient Corporate Information Security Program

Dell SecureWorks’ Corporate Information Security Program Development service helps businesses assess their current security practices and develop a strategic plan for a corporate-wide security program. The program includes development of program descriptions, charter development, policy development and standards mapping. The service helps organizations accelerate their security program development, establish charters and policies, identify and prioritize their risks, and heighten their overall security posture.

The service includes development of: 

• Program Descriptions
• Governance Charters
• Policies & Programs
• Standards Mapping

The Corporate Information Security Program Development service helps you:

Speed up development of your corporate information security program

Building a solid foundation in your corporate security program is critical to protecting your organization from unauthorized access of systems and facilities, and inadvertent disclosure of your data. Unfortunately, IT is often overburdened just keeping the lights on and meeting operational demands that stretch resources.

Our consultants can help IT accelerate development of a stronger security posture. We bring the knowledge and experience needed to help you develop a corporate security program that includes best practices and a security program designed to your organization’s needs. 

In a few short weeks, you can have a corporate security program in place versus the months and even years it can take to develop in a resource-constrained environment.

Obtain a true understanding of your security posture and exposure to risk 

The Corporate Information Security Program Development service identifies security gaps and risks in your organization. Dell SecureWorks uses a proprietary risk ranking methodology that is easy to understand. This methodology presents risks as Critical, High, Medium, Low and Informational priority, based on many factors, including ease of exploitation, business criticality of the host and prevalence of the threat.

Our consultants know and use several risk and vulnerability ranking methodologies, including CVSS v2, DREAD, FAIR, OCTAVE and others. If you would like us to use one of these models or your preferred model, we can usually accommodate that request.

Establish key charters and security programs

The Corporate Information Security Program Development service does not just give you insights and best practices for how you might develop your corporate security program. We know IT organizations operate on limited resources and need more than just guidance. We help you actually develop your security programs and charters, so your program plan is in hand when we are done. 

Depending on your organization’s particular needs, you may need items including a Corporate Information Security Committee Charter, Audit Charter, Technology Steering Committee Charter, Change Management Committee Charter and a Vendor Management Committee Charter.

Learn how to and prioritize your risk

Our consultants take great efforts to inform and educate your organization on how to identify and assess risk. As part of the Dell SecureWorks Corporate Information Security Program Development service, we show you how to:

• Obtain and create listing of information systems and assets
• Determine threats to assets 
• Identify organizational vulnerabilities 
• Identify technical vulnerabilities
• Document current controls and security processes
• Identify security requirements and considerations per regulatory requirements
• Measure initial and residual compliance, reputation and direct loss risk

Make compliance part of your corporate security program

Meeting compliance mandates adds an additional layer of complexity to organizations already grappling with laying the proper foundation for security across their organization.

Through the Dell SecureWorks Corporate Information Security Program Development service, our consultants will ensure that your corporate security program addresses compliance mandates, subject to your organization’s needs.  

Our Process & Approach

The Corporate Information Security Program Development Service includes:

• Project Planning & Rules of Engagement
• Engagement
• Gap Analysis vs. Best Practices
• Program Development
• Program Descriptions
• Governance Charters
• Policies & Programs
• Standards Mapping
• Delivery of Corporate Information Security Program Document that includes:
• Charters
• Policies
• Standards

Other Resources

Based on your interest in our Social Engineering Service, you may also be interested in:

• Computer Incident Response Plan (CIRP) Development
• Penetration Testing