Organizations should have an active risk management plan that addresses all physical, technical and administrative vulnerabilities identified in their Risk Analysis. The plan should clearly outline remediation items, corrective strategies, resource assignment and projected completion dates. The overall regimen should include implementation of policies and procedures to “prevent, detect, contain, and correct security violations”.
Aside from thorough content, each organization must actively manage the plan and demonstrate that reasonable remediation progress is being made. This can often be difficult to accomplish because your organization is busy running its business and human capital is limited. Our Guided Support solutions provide a cost-effective approach that requires minimal time from your staff.