Governance — act of
governing, the set of rules and frameworks by which an organization operates.
Corporate Governance compliance is an area starting to be represented in the upper levels of an organization in order to meet regulatory demands for enterprise-wide information security.
A common challenge faced by companies is the ability to understand the ever-changing and complex regulatory and legislative requirements, and its impact on the corporate business model and environment. The following examples of legislations, frameworks and standards, mandate corporations to establish corporate security governance:
ISO27001, ISO27002 (ISO17799), ISO27005
Payment Card Industry (PCI - DSS)
Sarbanes-Oxley (SOX), Bill198
Canadian Securities Administrators' (CSA) MI 52-109
PIPEDA, pHIPA, HIPAA
NERC Critical Infrastructure Protection (CIP)
With extensive experience in the aforementioned, RSS Inc. offers an Enterprise Security Program (ESP) Service that caters to client needs, of all industries and sizes. Our seasoned professionals have played major roles in establishing and implementing ESPs in various public and private sector organizations. Our security solution will institute:
Enterprise Security Governance Framework
Enterprise Security Committee
Corporate Information Security Department
Information Security Processes
Information Security Risk Management
Information Security Architecture
Information Security Governance Intellectual capital
Enterprise Security Key Performance Indicators (KPI)
Enterprise Security Critical Success Factors (CSF)
Enterprise Security Scorecard
Enterprise Security Dashboard Measurement
Enterprise Security Education Program
RSS Inc. team will develop security controls within an organization to provide pragmatic assurances that corporate business objectives are achieved and undesired risks avoided.
Our service encompasses both security and privacy risks. Our team will work with the various departments, senior management and teams in order to align them for success towards creating enterprise wide security solutions. This close integration with business leaders and stakeholders allows RSS Inc. to understand the business vision, goals, processes, and support what is important and vital to the organization’s success. RSS Inc. team will ensure the successful completion and the delivery of a robust Enterprise Security Program.
As a part of the final phase of the engagement, RSS Inc. will assist clients in addressing the biggest challenge - the staffing of the corporate security department with competent and reliable resources. RSS Inc. can provide short-term help by providing its resources to populate client's Corporate Information Security Department while assisting in the interviewing and hiring process to ensure that the right candidates have been chosen for the position.
RSS Inc. team will work in tandem with the client assigned team throughout the entire engagement thus ensuring the knowledge sharing.
There are times when companies do not have the resources or internal knowledge to build a robust, enterprise security governance practice.
By engaging RSS Inc. for short-term outsourcing assistance, it will enable companies to utilize seasoned professionals who have played a major role in developing ESPs in various public and private sector organizations. By bringing the external experience to the table, our clients will be in the position to shorten the information security governance maturing phase.
To ensure that the strategic solution objectives are a long-term success, RSS Inc. will help clients build a full-time team with world-class skills to support and enable its business drivers.
We will work with stakeholders to capitalize upon business opportunities to enable them to execute their business strategy securely.
Successful ESP will change the perception of information security from being viewed as a ‘showstopper’ to a ‘secure business enabler’ and will align it with the overall enterprise strategy.
Overall, the ESP will help in corporate risk mitigation by minimizing the potential disruptions of business activities and deliver value by ensuring that the promised benefits match up against the strategy. RSS Inc. team will provide mid and long-term plans containing milestones for implementing information security controls.