IBI Step-by-step plan
To properly implement the Integrated Baseline for Information security (IBI), a number of steps need to be followed. By doing so, we make your organisation aware of the necessity of information security, create a complete picture of the required measures you need to take, and work in a structured way towards demonstrable improvement.
IBI in seven clear steps
Securing your IT environment and business information is a continuous process that requires a thorough and structured process. This is why we approach your IT security cyclically, where we re-run your risk analysis periodically, keeping in mind the changes in technology and your organisation.
Step 1 – Principle workshop
Start with a vision for your company’s Information Security
Information security starts with a clear vision. Working together with your organisation, we determine your vision for information security by going through predefined principles, determining whether they apply to your organisation, and what this means in practice.
Step 2 – Policy workshop
Build the foundation of your information security
The next step in the IBI process is establishing a strategic policy by setting out your organisation’s ambitions in the field of information security. By formalising this strategic policy, together we create a mandate to take definitive steps in improving your information security.
Step 3 – Inventory
Map your environment
Good information security can only be achieved if there is a clear picture of what actually needs to be secured. That is why every project starts with mapping the basic environment and a comprehensive analysis of the information systems within your organisation. This involves looking at People, Equipment, Software, Data, Organisation, Environment and Services.
Step 4 – GAP Analysis
Define where improvements are needed
In the GAP Analysis, the inventoried environment is tested against the potential improvement actions that are part of the IBI framework, depending on the ambition level set in the strategic policy. For each measure, we determine whether and, if so, how, it has been implemented. Together, we discuss each measure’s usefulness, necessity and priority.
Step 5 – Impact analysis
Assess the implications
At the end of the GAP Analysis, we’ll have a list of measures that require action. For the next step, our impact analysis, we delve deeper into these measures and actions. This requires determining the overall implications for your organisation, the technical implications, and whether additional licences, management guides, or resources are needed. In essence, we create a mini business case for each measure so that together we can make informed decisions.
Step 6 – Information Security Plan
Create a blueprint
The information security plan brings together our findings from all our data gathering and analysis. It becomes your IT operational document that underlies your strategic policy and describes the steps, the timeframe, the required budget and the division of roles needed to realise the ambitions of the strategic policy. This information security roadmap becomes an important document in an audit.
Step 7 – IBI Services
Get a daily snapshot of your IT environment
With IBI Services, we ensure continuous focus on your organisation’s information security. Not only do you get a dashboard showing the latest state of affairs on a daily basis, we also perform various checks on technical measures every day. Our team of experts keeps track of best practices and continuously incorporates them into your Integrated Baseline for Information security. We also periodically conduct a comprehensive audit, reviewing your identified improvement actions and revising your information security plan.