IT & Information-Security Governance
IT and Information Security Governance plays an important role in securing an organization’s information assets and aligning business objectives with IT & Information Security. That is why we advise clients to define and implement cybersecurity and governance along with management frameworks.
Leading Frameworks that align with ARC Tech’s IT and Security Governance:
NIST Cyber Security Framework (NIST 800-53):
Established by the National Institute of Standards & Technology (USA), the cybersecurity framework sets guidelines for how organizations can identify, prevent and respond to and recover from cyber-attacks.
COBIT:
Control Objectives for Information and Related Technologies (COBIT) is an IT management framework, created and developed by IT Governance Institute and ISACA.
ISO 20000:
Developed in 2005, ISO 20000 is the first international standard for governance of IT Service Management (ITSM). This standard captures the best practices within the ITIL (Information Technology and Infrastructure Library) Framework and includes best practices and elements from, Microsoft Operations Framework and the COBIT framework of ISACA.Our Governance Services:
Risk Management:
A cyber security risk is a probability for threats to exploit a vulnerability thereby causing harm to an asset. We provide Risk Management Practices that are aimed to prevent the loss of IT assets or data disclosure while sustaining authorized access and maintaining a secured IT environment.
Our Risk Management Services:
Risk Identification:
Identification of inherent and external threats and vulnerabilities (e.g., Viruses, Criminal Activities, Internal Threats, Disgruntled Employees, Unauthorized Access, etc.) that can cause damage or unauthorized disclosure of data, software applications, and other IT infrastructure assets related to your organization
Quantitative Risk Analysis:
Estimating Asset Value, Calculating Exposure Factor, Calculating Single Loss Expectancy, Assess Annualized Rate of Occurrence, Derive Annualized Loss Expectancy, Perform Cost / Benefit Analysis of Countermeasures or Safeguards (Also referred to as ‘Controls’)
Qualitative Risk Analysis:
We use Delphi Techniques, Surveys, Focus Groups, Questionnaires, Interviews, etc. to conduct qualitative Risk Analysis
Risk Reporting:
We provide a comprehensive report to the management. The management can leverage the report to make decisions on countermeasure and Risk Mitigation strategies. Our Risk Report consists of the following details:- A complete and detailed valuation of all assets in the organization
- List of all threats and risks, the rate of occurrence, and extent of loss when a threat occurs
- Threat-specific safeguards
- Cost-benefit analysis of each safeguard.
Risk Mitigation:
We advise clients on Risk Mitigation strategies and provide necessary services for the implementation of various Risk Control Measures.Compliance
Compliance is involved in adhering to the rules, guidelines, contractual norms, or requirements of industry laid down by government regulators and/or industry associations or trade organizations.
Our Advisory and Implementation Services cover the following Frameworks, Laws, and Regulations.
