Cybersecurity Mission, Vision and Objectives
Mission Statement
The cybersecurity mission of the Creative Ground Tech is to safeguard the confidentiality, integrity, and availability of information systems, identity, and data assets by providing proactive security expertise, creating, and maintaining a resilient and secure infrastructure, and fostering a culture of security awareness and compliance throughout the organization.
The Creative Ground Tech Information Security Team aims to secure our applications, system, and network resources, and protect the confidentiality, integrity and availability of clients, partners, and staff data.
To support this mission, the Information Security Team will
- Develop processes, procedures, and policies required for the protection of confidential information
- Identify risks to the security of applications, information, and systems. Mitigate these risks to levels acceptable to the company
- Define security requirements, establish baselines, and measure compliance, based on applicable laws, regulations, and best practices
- Consult with stakeholders and staff departments to investigate security issues and evaluate products and processes
- Collaborate with Information Technology administrators and technical staff to develop the company information security strategy and architecture
- Ensure incident response and disaster recovery plans are developed and implemented
- Respond to and recover from disruptive and destructive information security events
- Increase company awareness of information security through training and communication
Daily, we strive to protect our clients and our staff from current and emerging threats related to security and privacy. We see this playing out in our everyday business by focusing on preventing harm, fast defense, and building trust in the community.
As the threat landscape evolves, so will we. Defense is not a static game; it requires continual engagement and innovation. It also requires working with the security community. Together, we will find ways to better protect clients and the broader ecosystem.
Core Functions
Security Governance
Creative Ground Tech works in cooperation with many compliance bodies throughout to ensure the appropriate security actions are taken to protect the company. Creative Ground Tech will be responsible for annually publishing a Strategic Security Plan that serves as an input into the strategic planning and budgeting process for the company’s security priorities based upon risk.
Policy Management
Creative Ground Tech works with a broad range of stakeholders throughout the organization to define, document, approve, publish, and create awareness about its information technology policies, procedures, and work practices. Creative Ground Tech also facilitates the process of policy exception management, compliance verification, and adherence to the policy on policies for update cycles and approval workflow.
Awareness and Education
Creative Ground Tech is responsible for delivering relevant information security knowledge to defined, targeted audiences throughout the company to raise awareness of risks and influence behavior so that the likelihood of those risks is minimized. The methods used to create this awareness include IT newsletter articles, departmental and one-on-one in-service training.
Identity and Access Management
Technical and operational responsibility for the systems that manages Creative Ground Tech’s user identity data, and authentication belongs to the IT Infrastructure team, but the governance, exception process, and project prioritization of identity initiatives is the responsibility of the Information Security Office. The CISO serves as the company’s head of Information Technology and Security.
Vulnerability Management
Creative Ground Tech identifies, assesses, and tracks resolution of security weaknesses throughout the company. The responsibility for remediating vulnerabilities rests with the Security department. The vulnerability assessment process is a function of regular vulnerability scanning, penetration testing, Security Incident Event Management (SIEM) log analysis, risk assessments and targeted IT security assurance audits.
Risk Assessment
Creative Ground Tech is responsible for conducting security reviews and risk assessments of IT-related purchases, projects, products, vendors, and contracts. Creative Ground Tech works within the procurement approval cycle to assess and approve exceptions to its supported products and services. The primary instrument used to initiate these security reviews is the IT Security Questionnaire. Creative Ground Tech also coordinates risk assessments involving some aspect of the outsourced infrastructure risk assessments, year-end financial audits and incident-specific third-party security investigations and consulting engagements as the need arises. Creative Ground Tech produces an annual security assurance audit plan for its Executive Team approval to evaluate the adequacy and effectiveness of controls and procedures designed to protect critical, high-value IT systems, applications, and assets.
Regulatory Compliance
Creative Ground Tech works closely with various operating units internally to meet the ISO 27001 regulatory compliance and attestation obligations related to it. Creative Ground Tech collaborates with its internal departments in developing system security plans and monitors adherence to established policies and procedures.
Incident Response
Creative Ground Tech oversees the incident response program and orchestrates each incident response declaration from inception through resolution and post incident review. When an incident is detected, Creative Ground Tech identifies the appropriate incident handler(s) and coordinates the resources needed, external or internal, to address the threat. Creative Ground Tech guides each incident response from a best practice perspective and ensures post incident reviews are conducted to examine root causes, evaluate the quality of the response, and determine if remedial action is necessary. In terms of the overall incident response program, Creative Ground Tech coordinates incident response training to develop the appropriate skill sets throughout the company to respond to various threats as they arise.
Business Continuity and Disaster Recovery Management
Creative Ground Tech ensures that all BC/DR plans are documented and periodically tested. During these tests, Creative Ground Tech monitors all failures and ensures they are remediated, and any deficiencies are formally addressed in a timely fashion. In the case of an actual declaration, responsibility for executing the BC/DR plan(s) belong to the respective operating units within the company. Creative Ground Tech also is responsible for regularly updating the Business Impact Analysis report that ranks the criticality of all its applications and services along with an RPO (recovery point objective) and RTO (recovery time objective).
Vision Statement
Our vision is to become a partner of choice for cybersecurity services, data science and data analytics solutions for clients by bringing together people and technology to form the most powerful innovation cycle in security, harnessing and implementing all aspects of data protection, and in turn, working relentlessly towards protecting client’s data and our people, and contributing to the development of the country by making it one of the most secure business destinations globally.
Our Objectives
Our objectives are to create secure, scalable, and sustainable products and services, follow and provide best practices of Cyber and Information Security to our clients, and offer intensive, hands-on training to all our employees and clients, and empower them to mitigate business risks.
