Contego's proven methodology encompasses the entire Information Security lifecycle. From the definition of policy and process, through architecting and implementing means of enforcement, to testing and re-assessing posture, Contego provides our clients with the adaptable defenses they need to weather any threat.
Business imperatives, increased regulatory pressure and customer demands are forcing many CIOs and CISOs to adopt a structured, enterprise-wide approach to IT GRC. Today, enterprises are acknowledging that a mishmash of technologies and processes working in silos inevitably leads to inefficiency, increased costs and present higher risks to the organization. What every organization needs is a proven Methodology in order to manage risks and prove compliance.
Contego's Methodology ensures that we provide our clients with a baseline of their associated Risks (Where am I today) and then provide a clear and concise road map to your compliance requirements and overall security posture (Where do I need to be and how am I going to get there).
Our proven Methodology can be customized to include mapping to any Government or Industry Compliance or best practice in the World today. Even customized (or home grown) best practices can be supported. We have the ability to "plug-in" any content and report and map our results to those control objectives. Our Methodology is consistent for our clients throughout all Contego services. No matter the scale of your engagement with Contego – our recommendations will relate to and specifically reference both your business policies and your industry regulatory requirements.
Contego’s Methodology consists of using many tools to eliminate false-positives. We then use Human Analytics to analyze all data from all tools and correlate and prioritize our findings against known vulnerabilities, customer business requirements and any industry regulations. We then present our findings in a customized report to the customer. This report will correlate all findings to our customers business and regulatory compliances or any best practices being followed.
Contego's Methodology contains over 2000+ highly tactical IT Controls. Based on ISO 27002, SANS Top 20 Controls and the Unified Controls Framework. Each of the Controls contained within the methodology deals with a single area of policy, standard or procedure completely rationalized against several Regulatory Compliance standards. These controls have been further harmonized with other “best practices guidance” such as COBIT, and ITIL v3.
Contego ensures that IT Risk and Compliance Management services and engagements using our proven Methodology can be measured and monitored in order to conform to your organization’s IT governance posture.