Capability Statements

Service Category Explanation






Security Planning




Business Continuity



Security Training


Performance Metric Creation



Board and Senior Management level activities to establish good corporate governance handling technology; creation of information security framework

Alignment with business strategy, strategic objectives, strategic imperatives, strategy tree etc.

Strategic, Tactical and Operational planning including direction setting, budgeting, phase development and program-project creation

Legal & regulatory requirement assessment, compliance requirement and compliance roadmap development

Contingency planning; Business continuity, Disaster recovery Business resumption design and planning, including the development of MTO, MAO, RPO, RTO, etc.

Training is available at Board & management level as well as generic and technology specific training

Establishing performance targets and metrics types (Balanced Scorecard, etc.); metrics development and implementation


Temporary CISO, CRO, CCO



Security Programme Management

Information Security Lifecycle Management

Risk Management


Incident Management

Compliance Management


Technology Implementation



Management of C level (senior, executive) management activities e.g. (e.g. identifying drivers such as technology, business environment, risk tolerance, geographic location) and their impact on information security

Overseeing enterpise level information security programme creation and execution

Integrating information security programme requirements into organisational life cycle activities such as the change management process; service provider management.

Overseeing the risk assessment and risk mitigation cycles, baselining; evaluating and managing effectiveness

Overseeing incident prevention, incident handling and recovery, post incident, forensic and law enforcement activities;

Identifying current and potential legal and regulatory issues affecting information security, assessing their impact on the enterprise and ensuring compliance with requirements

Full technology life cycle establishment and management including the development of business case, RFI, RFT etc.


Security Posture Analysis


Security Audit



Security perspective (focus, scope, approach, ownership, funding) assessment; baseline creation, role and organisation creation, architecture appropriateness, etc.

Information security control applicability, currency and implementation effectiveness, applied practices, security posture maturity, regulatory compliance; vulnerability assessmen


Security Architecture




Technical Architecture



Business Process (Re)Design



Conceptual architecture, including information security framework (governance, policy-standard hierarchy, administrative processes and procedures), internal and external reporting and communication channels, separation of internal-external service provision and measurement (SLAs)

Detailed information security solutions for specific areas (i.e. infrastructure, identity management, privacy, application integrity etc.) either for a point solution or for overall business solutions (i.e. ERP, CRM, TPS etc.)

Assessment and analysis of existing business processes; quality checking; process mapping (multi-level); process innovation and transformation; process objective creation and design



Security Policy






Security Standards


Security Awareness

Document Development



Development of information security policy framework and policy document, that is compliant with

  • ISO/IEC 17799:2005,
  • AS/NZS 7799.2:2003 and
  • ISO/IEC 27001:2005


Standard development based on the 11 ISO/IEC 17799:2005 domains and purpose specific standards (i.e. antivirus, password management, etc.)

Development of awareness material (posters, training documents, intranet, etc.) and security awareness campaigns and training courses

<back to top>