We started the engagement with a discovery process and began by reviewing all of technical, process and procedural documentation that was provided for each of the technology areas. This enabled us to understand the technology as described in the context of the IT estate and to choose appropriate cyber security frameworks to measure against.
The documentation was used to prepare sets of structured questions that were used to guide a series of workshops and interviews. Armed with all of this information, our consultants began analysing the data and identifying any areas of risk and opportunity. There was regular collaborative contact during the process to ensure that the work was in line with expectations.
The next step was to structure the findings in a consistent, readily digestible manner. During this process, some common elements and themes became apparent, so the scope was increased to demonstrate how each area of technology addressed higher level business requirements.
For each technology area, the final report provided:
- an overview of associated methodology
- a prioritised risk-based gap analysis
- road-mapped recommendations for potential reconfigurations, scope increase, or alternative solutions needed to cover the gaps.
Additionally, an overarching alignment to the risks being addressed by each area was provided to help align the technology initiatives with business and compliance drivers.