:: Decision Consultants,Inc. IT Services in Phoenix, Arizona - Arizona Information Technology Services ::

Home | Contact | Careers

IT for Small Business

IT for Mid-size Business

Enterprise Services

Application Experts Team

Help Desk Support

Server Consolidation

: : Certified Experts

Sharepoint Portal Server

Cisco Security and VPN

: : Locations Served

Nationwide Remote Support:

Nationwide (866)666-7731

Phoenix : (602) 265-4417

Arizona
Chandler (602) 265-4417
Gilbert (602) 265-4417
Glendale (866)666-7731
Litchfield Park (602) 265-4417
Mesa (602) 265-4417
Peoria (602) 265-4417
Scottsdale (602) 265-4417
Sun City (602) 265-4417
Tempe (602) 265-4417
Tucson (866)666-7731
Wickenberg (866)666-7731

Nevada
Las Vegas (866)666-7731
Henderson (866)666-7731
N. Las Vegas (866)666-7731

California
Los Angeles (866)666-7731
San Diego (866)666-7731
Irvine (866)666-7731
Santa Monica (866)666-7731

Colorado
Denver (866)666-7731
Boulder (866)666-7731
Littleton (866)666-7731
Aurora (866)666-7731

For Small Business IT Networks : CISM Certified Expert Security Consultants

DCI offers the services of security consultants who have earned CISM Certification. CISM defines the core competencies and international standards of performance that information security managers are expected to master. It provides executive management with the assurance that those who have earned their CISM have the experience and knowledge to offer effective security management and consulting services.
CISM measures expertise in the following areas, with corresponding tasks:

Information Security Governance:
Establish and maintain a framework to provide assurance that information security strategies are aligned with business objectives and consistent with applicable laws and regulations. Tasks include:

Develop the information security strategy in support of business strategy and direction.
Obtain senior management commitment and support for information security throughout the enterprise.
Ensure that definitions of roles and responsibilities throughout the enterprise include information security governance activities.
Establish reporting and communication channels that support information security governance activities.
Establish and maintain information security policies that support business goals and objectives.
Ensure the development of procedures and guidelines that support information security policies.
Develop business case and enterprise value analysis that support information security program investments.

Risk Management
Identify and manage information security risks to achieve business objectives. Tasks include:

Develop a systematic, analytical and continuous risk management process.
Ensure that risk identification, analysis and mitigation activities are integrated into life cycle processes.
Apply risk identification and analysis methods.
Define strategies and prioritize options to mitigate risk to levels acceptable to the enterprise.
Report significant changes in risk to appropriate levels of management on both a periodic and event-driven basis.

Information Security Program Management
Design, develop and manage an information security program to implement the information security governance framework. Tasks include:

Create and maintain plans to implement the information security governance framework.
Develop information security baseline.
Develop procedures and guidelines to ensure business processes address information security risk.
Develop procedures and guidelines for IT infrastructure activities to ensure compliance with information security policies.
Integrate information security program requirements into the organization’s life cycle activities.
Develop methods of meeting information security policy requirements that recognize impact on end users.
Promote accountability by business process owners and other stakeholders in managing information security risks.
Establish metrics to manage the information security governance framework.
Ensure that internal and external resources for information security are identified, appropriated and managed.

Information Security Management:
Oversee and direct information security activities to execute the information security program. Tasks include:

Ensure that the rules of use for information systems comply with the enterprise’s information security policies.
Ensure that the administrative procedures for information systems comply with the enterprise’s information security policies.
Ensure that services provided by other enterprises, including outsourced providers, are consistent with established information security policies.
Use metrics to measure, monitor and report on the effectiveness of information security controls and compliance with information security policies.
Ensure that information security is not compromised throughout the change management process.
Ensure that vulnerability assessments are performed to evaluate effectiveness of existing controls.
Ensure that noncompliance issues and other variances are resolved in a timely manner.
Ensure the development and delivery of activities that can influence culture and behavior of staff including information security education and awareness.

Response Management
Develop and manage a capability to respond to and recover from disruptive and destructive information security events. Tasks include:

Develop and implement processes for detecting, identifying and analyzing security related events.
Develop response and recovery plans including organizing, training and equipping the teams.
Ensure periodic testing of the response and recovery plans where appropriate.
Ensure the execution of response and recovery plans as required.
Establish procedures for documenting an event as a basis for subsequent action, including forensics when necessary.
Manage post-event reviews to identify causes and corrective actions.

: : Topics