IDENTIFY AND ANALYZE

Together, the analyzes ensure that information security in the business is based on a clearly defined zero state.

The business analysis includes identifying the essential information assets of the business as well as mapping of internal stakeholders (such as decision makers, function owners, employees, support units) and conditions (such as goals, strategies, organizational structure, infrastructure).

The environmental analysis includes identification of external requirements, including legal requirements (such as constitutions, contracts and agreements) as well as mapping of external stakeholders (as owners, customers, suppliers, reviewers) and prerequisites (industry-specific, technical, social, environmental, political).

The risk analysis identifies information security risks. The risks to information security are achieved through a systematic and creative process.

The gap analysis can be carried out on the basis of results from analysis of operations, outside world and risk but also carried out without the other analyzes being carried out first. Gap analysis then takes place based on the chosen security measures, if this is done, or based on all safety measures from standards

i

ANALYZE

The analyzes ensure that security is designed in a clearly defined zero state

l

CREATE

Definition of strategic security goals and description of roles in safety work



USE

Implementation and application of defined action plans and control documents

U

FOLLOW-UP

Follow-up of previously decided initiatives is based on initial value for the next assignment

NASECO AB
STOCKHOLM
SWEDEN
info@naseco.se

NASECO AB is a consulting company with specialist areas in IT security, IT leadership, coordination and governance