A proven model for continual improvement in cybersecurity/Information Security Management Systems (ISMS), and indeed most management disciplines, is a form of the Deming Circle referred to as “Plan, Do, Check, Act” (PDCA). This model accommodates and encourages all aspects of Governance, Risk and Compliance, and is a highly recommended framework for underpinning security and business objectives.
The model provides structure to the management of cyber-programs, and forms the basis for developing annual roadmaps and calendars for routine and milestone activities. Industry Risk is expert in reviewing current arrangements, integrating/overlaying the PDCA model into existing programs, then assisting our clients with developing and implementing the sub-requirements detailed below…