The ISO27001:2022 Imperative: Bridging the Gap to an Effective Cyber Security Posture

1. Pre-engagement: Opliciti conducted a pre-engagement meeting that enabled us to communicate the plan outline, activities and time scales.
2. Stakeholder interview: Following project kick off, we conducted interviews with key stakeholders including operational, managerial and Executive staff.      During interview we collected evidence to align with the requirements of the NIST C2M2 capability model.
3. Technical review: We conducted technical read only access of selected key technologies to support the findings from the interview process.
4. Qualitative and Quantitative Analysis: We conducted qualitative and quantitative analysis using both the information obtained through interview with the technical review findings which was then scored using the C2M2 scoring framework.
   1. Organisational structure and operating model: Opliciti identified  and evidenced several capability gaps.  Given our experience in digital business and business architecture, we were additionally able recognise their organisational structure and operating model were reinforcing silos that was directly contributing to reduced security effectiveness.
   2. Data governance: Furthermore, we were able to identify and evidence a disjointed approach to data management and data governance.
5. Finding and reporting: Opliciti created a formal documented report which we complemented with an interactive Power Bi report. We presented to the Board to summarise the report and discuss findings

‍

The Board accepted my findings and agreed to release additional security funding. I am now in the process of leading work to deliver several of the recommendations.