Case Study: Information Security
Fortuna BMC demonstrated its capabilities in program management, risk management, process implementation and IT consulting by designing and developing a comprehensive risk management process for the client (an international healthcare services vendor). Fortuna BMC was contracted by the client for a year, to build an enterprise risk register and manage the rollout and implementation.
The client was an already established organization with a significant history of information security risk identification. However, it had no comprehensive management process in place. The client was unable to properly track and categorize identified information security risks, which led to failure in recognizing risk trends as well as inability to establish a comprehensive process for managing and eliminating risks and compliance threats. Aside from not having a through management process set up, the decentralized infrastructure of the client’s organization resulted in a fragmented management approach to information security risks.
Fortuna BMC provided a Subject Matter Expert (SME) in Information Security Risks Governance and Compliance to help the client with their program and risks management. The assigned SME began by conducting a comprehensive review of all existing organizational documentation related to information security to identify information security risks and compliance threats. The process involved going around to various areas of the organization, gathering all the risk documentation, collating and matching risks across the client’s multiple lines of business in order to build an enterprise risk register that provided an overarching view of the organization’s current risk profiles.
Fortuna BMC has once again proven itself in Information Security, with the knowledge, experience and resources that successfully identified, analyzed and mitigated risks and compliance threats for the client. Fortuna BMC was able to create a comprehensive, enterprise-wide risk management structure that allowed the client to early identify information security risk trends and utilize the client’s resources on critical and high-risk events.