Security Strategy

banner2.png
BAE Systems Detica works closely with stakeholders to derive a set of foundation principles for the new security or ICT capability.
More than ever, information security strategy is inter-connected with business strategy, and broader IT strategy. As a result, the Detica approach to framework and strategy development is closely aligned with traditional business strategy development.

Policy and Documentation

Principles are grouped into three disciplines:

  • Governance Principles: The definition of the business rules governing the new security or ICT capability;
  • Assurance Principles: The processes that will provide confidence in the ongoing effectiveness of the new security or ICT capability to meet the needs of the business; and
  • Enabling Principles: The specification of solutions and controls that describe the procedures and technologies that will meet needs of the business.

Our methodology ensures that security documentation is linked to security risks faced by our clients, compliance requirements and is fit-for-purpose given the intended audience. As part of our development methodology, Detica tests security documentation produced to ensure:

  • coverage of the security risk and compliance requirements for the client;
  • that policy, guidelines and procedures are understandable; and
  • that policy statements are measurable such that compliance can be easily determined.

Detica delivers security documentation in accordance with suggested documentation frameworks in Australian Government security publications such as ISM or can develop documentation in accordance with specific documentation frameworks used by our clients (e.g. ISO 27001).

We use a similar framework for the review of ICT security and related policy documentation. Our review of policy documentation links policy back to risk and compliance requirements and considers whether policy documentation is both understandable and measurable.

Strategy and planning

The Detica approach to security strategy development is closely aligned with traditional business strategy development and can be used in the consideration of any new security and/or ICT capability including:

  • ICT Strategy;
  • ICT Security Strategy;
  • Identity Management Strategy;
  • Vulnerability Management Strategy; and
  • Continuity Management Strategy.

Our approach ensures that executives are empowered to make strategic decisions in relation to security based on response to five key business questions:

  • What is the capability need?
  • What is the current state of the capability within the organisation?
  • What are other organisations, industries and competitors doing?
  • What should the organisation be doing? and
  • How should the organisation get there?

The Detica methodology for strategy development is illustrated in the figure below:

strategy.gif

Contact us at australia@baesystemsdetica.com or on 1300 027 001 for more information.

To find out more about the security strategy products and technical services we offer across the globe, visit the BAE Systems Detica website here.