Information Security Assessment Refresh

Case Study Cybersecurity

A leading healthcare provider utilizes our cybersecurity team to develop a new, more efficient information security assessment process. 

SITUATION

Our client, a leading health care provider, needed to revamp their Information Security Architecture Governance assessment process. The process is a set template for performing certified assessments of an application or configuration, and is the baseline for determining whether projects require more scrutiny before certification. The client’s goal was to design a process to assess applications, solutions, or technologies in a uniform manner, so that results were derived consistently and communicated effectively. Additionally, our client wanted to explore implementing cloud tokenization.

SOLUTION

We deployed a team of skilled resources led by a Security Architect to complete the initial project discovery and develop the revamped assessment. To create the more streamlined and effective assessment process, the team was responsible for the following objectives:

  • Identifying business requirements and determining project scope, including defining assessment methodology and risk
  • Designing assessment documents including requestor questionnaire, process flows, and new security assessment processes
  • Scheduling and leading meetings for both project team and application/cloud teams
  • Providing a single point of contact for EES team on tokenization
  • Tracking risks and driving solutions for measured risks
  • Managing documentation gathering

In addition to designing and implementing the new assessment, our team provided ongoing engagement and workforce management throughout the initiative. This included providing reporting and status tracking, setting and enforcing deadlines, and conducting performance management.

Improved Security Architecture

RESULTS

We successfully designed and implemented a refreshed Information Security Architecture Governance assessment, allowing our client to more efficiently produce consistent results. Additionally, we provided guidance to help initiate the implementation of cloud tokenization. As a result of our support, our client’s architecture has improved from as security perspective by following consistent testing protocols across the board.