Cisco’s approach to its Security Practice is to follow a GRC model (Governance,Risk, and Compliance). IT GRC is a very big topic that applies to all aspects of information technology. Cisco focuses on bringing these concepts and techniques to allow the management of security as a business process.

The approach first looks at the likelihood of outcomes and consequences, analyzed to improve security decision making. Are we meeting legal, regulatory, and reputational expectations? What risks do we have to be sure are addressed? What data is mission critical? Who should have access to it?

THe next step is to build a Governance model, that is,the strategic management and measurement of the security program as a business process.Do we have a security strategy? Do we have a crisis plan in case something fails? Have we built a plan to address any risk/requrements we have identified?

The last piece to this approach is Compliance. Do we have a plan and process to measure effectiveness empirically? Do we have demonstrated adherence to external as well as internal requirements for security behaviors and controls?
Can we measure what we said we needed to implement?

Cisco has a great professional services practice. They do take a holistic approach to build industry leading best practices.

Pls let me or your Cisco Account Manager know if you would like more information.

   0 likes

   0 likes