- Get an understanding of IT and Security environment. Review of documentation including any relevant policies, standards, guidelines, and procedures
- Perform current state and gap assessments against industry leading practices such as ISO 27000, NIST, SAMA Cyber Security Framework or CoBIT 5 Identity the applicable security controls (risk based or compliance based) and
- Test the design and operating effectiveness of these controls
- Report on the findings
- Risk and Control Knowledgebase
- Cyber Security Governance Review Report (Executive Summary, Detailed Findings, Risks , Recommendation and Management Response).