Security Governance / Operations Review
This phase will leverage information gathered initially to perform a detailed assessment against industry best practices, taking into account your considerations.
At a high-level, the security operations review consists of:
a. Review of documented policies and procedures:
b. Analyze information gathered via interviews, including practices related to:
c. Assess the current implementation of controls across all control categories of listed here:
d. Using standard capability maturity model, assign existing security practices a maturity level ranging from 0 (Non-existing) to 5 (Optimized).