The success of cybersecurity initiatives is very much reliant on the management commitment where the C-Suite is expected to ensure security initiatives are planned, implemented, operated, monitored, reviewed, audited and actioned upon at all levels of the organisation hierarchy. Though such expectations are easily understood, it is very challenging to maintain a high degree of information security governance, especially in areas where members of the organisation operate in a diverse environment.

This service performs a study on the current organization setup and recommends the setting of committees, the committee charter and the composition of the committee members. With the presence of information security leadership as well as the channels established to disseminate information security initiatives, the organization would be able to set information security expectations through the establishment of information security policies, standards and guidelines. Depending on the complexity of the organization setup, the geographical presence and the diversity of the operating environment especially the critical information infrastructure (CII) environment, the information security policy development effort may vary. Maximus has the experience to develop industry-specific information security policies, standards and guidelines, as well as for simple and complex environments.

Prior to dealing with organizational changes at this scale, Maximus will first need to gather information about the business activities of the operators and have a thorough understanding of the current methods of operations. Custodial and ownership roles and their reporting hierarchy will then be identified to determine the committees needed to be set up, together with the roles and responsibilities being defined. Maximus will then provide advice to the appointment of the committee members so that the information security management would be effective.