IISZON operating model is aligned and anchored to NIST framework principles as defined within the GOVERN function.
Circumstances, mission, stakeholder expectations, legal, regulatory, and contractual requirements surrounding an organisation’s cybersecurity risk decisions are understood
Priorities, constraints, risk tolerance and appetite statements, and assumptions are established, communicated, and used to support operational risk decisions
Processes are identified, established, managed, monitored, and improved by organisational stakeholders
Security roles, responsibilities, and authorities to foster accountability, performance assessment, and continuous improvement are established and communicated
Security policies, processes, and procedures are established, communicated, and enforced
Results of organisation-wide security risk management activities and performance are used to inform, improve, and adjust the risk management strategy
Circumstances, mission, stakeholder expectations, legal, regulatory, and contractual requirements surrounding an organisation’s cybersecurity risk decisions are understood.
Priorities, constraints, risk tolerance and appetite statements, and assumptions are established, communicated, and used to support operational risk decisions.
Processes are identified, established, managed, monitored, and improved by organisational stakeholders.
Security roles, responsibilities, and authorities to foster accountability, performance assessment, and continuous improvement are established and communicated.
Security policies, processes, and procedures are established, communicated, and enforced.
Results of organisation-wide security risk management activities and performance are used to inform, improve, and adjust the risk management strategy.
INNOVATIONAugment engagements with technology and security innovators seeking to reduce security risks |  |
INFORMATION ASSURANCEOperational technology services focused on assuring NIS systems, data and site based security controls |  |
V-CISO CONSULTANCYFractional C-Suite consultancy centred on driving appropriate and proportionate security strategies aligned to risk appetite |  |
