We follow up the six phases of the IT security life cycle:

Phase 1: Initiation—to help the organization to determine if it should investigate whether implementing an

IT security service might improve the effectiveness of the organization’s IT security program.

Phase 2: Assessment— to help the organization to determine the security posture of the current environment

using metrics and identifies the requirements and viable solutions.

Phase 3: Solution—we evaluate potential solutions, develop the business case and

specify the attributes of an acceptable service arrangement solution from the set of available options.

Phase 4: Implementation—to help the organization to select and engages the service provider, develops a

service arrangement, and implements the solution.

Phase 5: Operations— to help the organization to ensure operational success by consistently monitoring

service provider and organizational security performance against identified requirements, periodically

evaluating changes in risks and threats to the organization and ensuring the organizational security

solution is adjusted as necessary to maintain an acceptable security posture.

Phase 6: Closeout— to help the organization to ensures a smooth transition as the service ends or is

discontinued.