Latacora engagements begin with getting to know your overall security posture. Latacora’s SAR process is a broad-spectrum, holistic look at your organization’s information security risks. This allows us to collaboratively drive priorities based on the risks presented by your current security stance, rather than being solely based on hunches or findings devoid of context.
The output of this review is a maturity assessment coupled with a roadmap: a prioritized set of interventions that maximize your security return on investment. We’ll also identify areas that require deeper and more comprehensive audits.
SARs are living documents. The first pass will identify foundational risks limiting your ability to build a secure system, safely deploy infrastructure, or feel comfortable about your employees in an increasingly complex remote working environment. As your organization evolves or we learn about new risks, we’ll keep it updated.
As part of presenting our findings, we’ll tune that roadmap with you. Some parts might be on you to resolve with our assistance, whereas others may be entirely on us. In many cases you have the choice: either you can take on risk and compliance yourself with just light advisory work, or we can take it off your plate.
Every Latacora client has an assigned project manager, who will work with you and our other staff members to keep everyone apprised of what’s going on with your engagement, provide updates on things we’re working on for you, and make sure we’re kept abreast of changes on your end. Our PMs engage with you often, typically through Slack and meeting on a regular basis. They are your “go-to” person as they know how to get your requests in front of the right internal personnel and will be able to update you on the status of our work.
No matter where issues come from, be it our network perimeter monitoring, a new discovery made during a routine code change review, or a bug bounty submission, if it is relevant to security, we’ll track it and follow up on it during our check-in meetings. Part of our job will be ensuring issues don’t get lost in the shuffle.