Cybersecurity Maturity/ISO 27001:2013

Challenge

The COO and CIO in an American Law 100 firm with over 600 attorneys in 9 geographically dispersed offices required an Assessment and Roadmap to assist the firm in attaining ISO 27001:2013 Certification. Specific services included conducting an ISO Gap Analysis, developing recommendations, developing staff and executives briefings, developing a roadmap for attaining ISO and maturing security practices, and advising on the design of a PMO to oversee the effort.

Core Services

  • Cybersecurity Standards and Best Practices
  • Compliance Frameworks, Controls and Processes
  • ISO 27001 Controls Assessment
  • Audit and Risk Analysis

Approach

  • Developed a project orientation briefing and ISO primer
  • Developed an assessment instrument that was tailored for the firm’s environment
  • Conducted interviews with legal, technology, human resource, physical security, cybersecurity, accounting, finance and C-level personnel; also reviewed documentation and applications used across the firm
  • Developed a maturity rating scale as well as a rating for each ISO Clause and Sub-clause
  • Discussed changes with Senior Leaders for their consideration
  • Developed Recommendations and a detailed Roadmap for the firm to attain ISO certification and evolve its security practices

Brilliant Outcome Resulted in a Long-term Cooperation

Results

  • The firm was able to evolve its security governance practices
  • The cybersecurity team was able to identify areas for improvement and commence investments in personnel and policies to evolve the firm’s security posture
  • The firm is in the process of developing the requisite policies in preparation for ISO certification

Want to Bring your Ideas to Life?

Lets discuss how to do that

Explore More Case Studies

  • PMO

    Program Management Office

    Read More
  • Capability Development

    Capability Development

    Read More