what is it?
For many organizations, the ability to take an information security improvement plan and run with it themselves may be difficult. There may be staffing issues, competing priorities, staff knowledge deficits, and other roadblocks that get in the way. Or, perhaps you’ve decided to use an outside IT firm to help but need some extra eyes to make sure things are done according to plan. This is something I regularly help clients accomplish.
Some things to consider about plan implementation:
Information Technology (IT) vendors and contractors are not security professionals. Even if they claim to handle security, their methods need oversight and validation.
Internal staff that wear many hats and fulfill many different job roles into one might not have the time or expertise to implement a security improvement plan.
The urge to cut corners will be strong, but having a trusted security advisor to navigate the plan implementation can ensure this does not happen.