Our Approach. It's all about the risk.
The CRMG approach works by identifying prioritised risks to your organisation, and then determining the adequacy of your cyber security programme to mitigate these risks. And just as we prioritise the risks to the organisation, we also prioritise the controls that are needed to mitigate them. This means that we can help you target your cyber security budget, fix what's most important first, and then plan further remedial action accordingly, all in line with your risk appetite and available resources.
Whether you want to develop a new cyber security policy or implement a more rigorous approach to intrusion detection, the way in which you go about it (in terms of rigour, resource and time) is likely to be informed by one of two things (or both):
Your Risk Profile: a view of what the cyber threat landscape means to you, given your activities, attractiveness as a target, vulnerability to attack and so on.. coupled with the level of risk you wish to take on (your 'Risk Appetite')
Your Compliance Obligations: typically legal/industry regulations with which you are required to comply in order to operate, irrespective of your risk profile.
Once we've worked with you to identify what your cyber security programme should look like and helped you put the building blocks in place, we'll work with your audit team to develop test procedures so that the effectiveness of the programme can be monitored over time. We'll even help your procurement and legal personnel get up to speed with the elements of the cyber security programme that impact supplier management.