Contact HotSkills
HotSkills
SEARCH
How to reach us: 800.507.4517 info@hotskills-inc.com

 

HotSkills launches Orange Parachute!
Orange Parachute specializes in ISO 27001 certification and information security program evaluation, design and implementation.
click here for more details

Information Security Management System (ISMS)

Services Company - Research Data

Business Motivators

The client was a data centric research firm. The value of their product (research) was directly tied to the unquestioned integrity of their research data.

  • They had been acquired by a holding company with no experience in the research firms area of expertise
    • The holding company did not understand the importance of the integrity of the research data.
  • The holding company had minimal information security expertise
    • Holding company control of the research networks was an unacceptable risk

The Challenge

The research firm faced challenges on multiple levels

  • The nature of the project created continuous power struggles that required political awareness
    • The parent organization demanded project oversight
  • Operational practices were relatively mature, but strategy and tactics ad hoc
    • There was minimal understanding of management systems or practices
  • While management objectives were clear, management support was variable
    • It was not inherently intuitive how information security management practices could be used to achieve political objectives

The Solution

An Information Security Management System (ISMS) was designed and implemented to manage security controls in one specifically selected domain. The resultant ISMS included:

  • A management framework that was sensitive to the cultural, political, and business environment unique to the political environment
  • A defensible risk assessment methodology
  • A tightly defined security domain definition tailored to achieve the required political objectives
  • Information security standards that clearly defined enforceable and auditable security requirements
  • Information security processes that clearly defined the methodologies required to provide the desired security functions
  • Information security roles that clearly defined responsibilities and authorizations
  • Information security plans that detailed management intent and go forward projects
  • A variety of management tools and dashboards to track information security status

The Result

The deployment of the ISMS resulted in the organization obtaining the following benefits:

  • The ability to justify and preserve the integrity of their security perimeters, ensuring the sanctity of their research data
  • A minimum baseline of information security was established throughout the enterprise
  • A mechanism was established to codify any type of technical, operational, or behavioral requirements
  • Individuals were both educated and empowered through clear definition of expectations and accountabilities
  • Documented diligence demonstrated management commitment to stakeholders

info@hotskills-inc.com
(800) 507-4517
 © Hotskills 2005-2008 All Rights Reserved. Privacy Policy 4801 Nicollet Ave S, Suite A
Minneapolis, MN 55419
Site Map Services Industries About Us Contact