Security Operating Model Design and Implementation
ScottMadden has worked with a number of organizations to improve their cybersecurity solutions. Contact us to learn how we can help support your digital solutions projects.
At a Glance
Designed Operating Model
Designed and implemented new security operating model
Improved Transparency
Improved transparency of security cost allocation and overall risk reduction
Modernized Security Controls
Worked with the client to harmonize and modernize over 800 archaic security controls into 25 enterprise-wide policies
Challenge
A large U.S. energy company needed to standardize cybersecurity and become more transparent and deliberate in their methodology for securing the enterprise. External and internal pressures were requiring greater transparency of risk reductions and allocation of security costs.
Process
- Codified organization’s vision, core behaviors, and critical stakeholders
- Organized the security work into functions with a cross-functional team
- Identified owners of functions to codify the purpose, scope, and outcome as well as metrics for measuring and sustaining security vision
- Established roles and responsibilities and conducted training to ensure the security leaders could provide the necessary governance and oversight to ensure the security posture of the enterprise
- Designed a corrective action program to track remediation items identified through periodic oversight and self-assessments
- Worked with the organizational leadership to develop a gap-based business plan and formalized a methodology for assessing its periodic progress
- Identified and trained embedded security leaders from distributed business units to regularly participate in security assessments
Result
- As a result of moving to the proposed security operating model, the client harmonized and modernized more than 800 archaic security controls into 25 enterprise-wide policies
- Improvements created standardization in process and cost effectiveness, allowing the client to have greater transparency of security cost allocation and risk reduction
- ScottMadden designed and implemented a security operating model
Related Insights
Cybersecurity Operational Technology Program Development
Case Study
A large electric and gas utility’s enterprise IT cybersecurity group initiated the IT-OT program to address the increasing threat of cyber attacks against OT found in the operating environment.
Achieving Security Program Alignment with the NIST Cybersecurity Framework
Case Study
ScottMadden partnered with a large energy provider to align its security program with the NIST Cybersecurity Framework (CSF).
Managing Information Security Risks in a Shared Services Organization
Case Study
ScottMadden partnered with a multifunction shared service organization (SSO) in the entertainment industry to assess its security practices. This case study reviews managing information security risks in…
Let’s Work Together
We don’t solve problems with canned methodologies. We help you solve the right problem in the right way. Our experience ensures that the solution works for you.