ET+S Consortium - Dynamic Risk Management Consultancy

The value of the CSCSS Enterprise Technology + Security (ET+S) Consortium’s Dynamic Risk Management program, involving leading IA practitioners with best-in-class enabling technologies interoperating in a preventative and corrective real-time envelope, is an assurance that the integrity of critical controls and measures will maintain a low probability of occurrence of high impact risk events. The journey is rising enterprise risk maturity as follows:

  • Organization maturity – assumes the organization is already at maturity level one, that is to say GRC embedded into organization processes, a relatively mature risk register, and controls and measures in place to address critical risk events
  • Business issue – the business case should target high impact risk events, low probability of occurrence, “maintaining this status”
  • ROI – value of impact already quantified by client risk register – high impact risk events
  • Vertical – target CNI vertical with critical high impact risk events

CSCSS’s Integrated Governance, Risk, and Compliance program (the iGRC program) documents the client present mode of operations resulting in a comprehensive understanding of where and how the security function has most impact to the business in terms of opportunities and threats. This involves assessing the client environment, identifying the client’s biggest challenges and how these are currently being addressed, the client’s organizational risk tolerance, and the positioning of the client in the security maturity model. Its output is the delivery of a costed, customised action roadmap using the results of the workshop-based assessment.

Transitioning to an iGRC enabled organization may involve (as client specific):

  • Deployment of Proteus (Compliance Manager, Risk Manager, Risk View, and specific compliance questionnaires) and migrate extant tooling data, if necessary. Conduct post-migration data validation testing
  • Deployment of the iGRC module involving interfacing to SIEM etc sensors
  • Conduct post-integration interoperability and data validation testing
  • User acceptance testing
  • Go-live

Click here to engage the iGRC Requirement Builder program.

About us

Who we are

What we do

Leadership

The CSCSS Deliverable

Expert Cyber Support for Government

Experts

Regions

Partnerships

Call for Cyberspace / Cyber Security Faculty + Analysts

Contact CSCSS

Enterprise Technology + Security Consortium

Technology Accreditation Group (TAC)

Security Consultancy

Dynamic Risk Management Consultancy

Strategic Vendor Partners

Deliverables

Defence + Intelligence

National - Defense Agencies

Intelligence Community

Civilian Government Agencies

Commercial Organizations

International Cybersecurity + Intelligence Protection

Cyberspace

Programs + Initiatives

Strategic Cyberspace Science

Partnerships

Industry Security Working Groups

National Cyberspace Cyber Security Initiatives

Critical Infrastructure Protection (CIP) Group

Cyber Warfare Centre

Organization

Activities

Core Competencies

Research, Development + Training

University / Academic Partnerships

Information Security Oversight/National Security Information Requirements

Research

Cyberspace Science Research + Development Group (CSRD Group)

CSRD Group Strategic Goals

A Comprehensive Cyber Conflict Research Agenda

Cyber Conflict Studies

Challenges and Opportunities for State Actors in Cyber Conflict

The Weaponry and Strategies of Cyber Conflict

Cyber Modelling + Simulation Centre | CMSC

News + Events + Briefings

News

Events

Commentary + Research

Briefings

CSCSS Press Releases

© 2012 Center for Strategic Cyberspace + Security Science | Site by Snuffbox