PHASE 1: DETERMINE BASELINE
The first phase of the Q|Frame™ framework methodology is intended to form a baseline of an organization’s security posture and prepare for the subsequent phases of the program.
In this phase, staff interviews are conducted, GAP analysis is performed, and a particular set of control objectives is selected. Again, the Q|Frame™ can utilize any particular set of controls that are applicable to the client’s business drivers and requirements.
The selected set of controls will be reflected in a Q|Frame™ “dashboard”, a high-level tool used to rank control objectives in relation to capability, maturity, and implementation status.
Below is an example of a priority action map in its initial state. In this example, the 20 critical controls were selected as the relevant control set. Ultimately, as part of the baselining process, each of the selected controls will be ranked on the basis of capability, maturity level, and implementation status. These rankings will allow us to derive and assign a quantifiable risk score to each of the individual controls.
Q|FRAME™ IS BASED UPON 4 RECURRING PHASES:
The maturity level of an organization provides a way to characterize its performance. A maturity level is a defined evolutionary plateau for organizational improvement. The maturity level is process-orientated and relates to things like policy, process definition, process improvement, metric development, and management capability.