with regards to the project and risk assessment (capacity, know-how, information flows, resistance to change, cybersecurity, etc.).

The result will be a technology maturity report and a risk assessment report to guide the project’s implementation.

of the process (or system, or business unit) the project is about, emphasizing instances that are potential points of economic value or dependencies of potential economic value points.

An economic value point is an instance of a process where an opportunity for automation to achieve greater productivity, greater efficiency, or to reduce a risk exists.

The definition will use both “hard” (quantitative) metrics and “soft” (qualitative) metrics to obtain a comprehensive picture of the initial state.

Having described its initial state in detail, we will have a clear idea of the speed of progress and the quality of results as the project moves forward. This information will serve as input for the reflection and feedback meetings (workshops) to be held at critical moments (milestones) of the project.

to build the list of processes to be automated.

to implement enhancements or automation to the processes.

This plan should include critical moments (milestones) in which formal pauses will occur to evaluate the progress of the project and to make any necessary adjustments.

These critical moments are determined on:  (i) the natural stages of the project from a technical implementation perspective – technical progress;  (ii) the additional productivity, increased efficiency, or risk reduction that occurs at potential economic value points as the digital transformation project progresses – value progress.

The result is a strategic process automation plan focused on generating economic value and executed with technical rigor.

including the use of proven methodologies (best practices), transfer of know-how, review and feedback points, and quality assurance.

As a result, risks in the project implementation are reduced due to a higher level of management quality.

Help to optimize technology projects efficiently, ensuring that resources are used in a way that delivers higher returns on investment given the available capabilities and business priorities.

The deliverable is a prioritized project schedule.

Project Manager outsourcing service. Management of IT projects from planning to final delivery.

Deliverable: Projects completed on time, within budget, and achieving their planned objectives.

Evaluate whether contracts contain all the necessary elements and whether they take into account the complexities required to acquire IT products and services.

Deliverable: Improved contracts.

facilitating the transition from traditional infrastructures to more flexible and scalable environments.

1. Cloud Adoption Strategy
2. Workload Analysis
3. Architecture
4. Cost Optimization
5. Security

1.1: Establish and Maintain Detailed Enterprise Asset Inventory 

Asset type: Devices
Security function: Identify

Establish and maintain an accurate, detailed, and up-to-date inventory of all enterprise assets with the potential to store or process data, to include end-user devices (including portable and mobile), network devices, non-computing/ IoT devices, and servers. Ensure the inventory records the network address (if static), hardware address, machine name, enterprise asset owner, department for each asset, and whether the asset has been approved   connect to the network. For mobile end-user devices, MDM type tools can support this process, where appropriate. This inventory includes assets connected to the infrastructure physically, virtually, remotely, and those within cloud environments. Additionally, it includes assets that are regularly connected to the enterprise’s network infrastructure, even if they are not under control of the enterprise. Review and update the inventory of all enterprise assets bi-annually, or more frequently.

1.2: Address Unauthorized Assets 

Asset type: Devices
Security function: Respond

Ensure that a process exists to address unauthorized assets on a weekly basis. The enterprise may choose to remove the asset from the network, deny the asset from connecting remotely to the network or quarantine the asset.

2.1: Establish and Maintain a Software Inventory

Asset type: Software
Security function: Identify

Establish and maintain a detailed inventory of all licensed software installed on enterprise assets. The software inventory must document the title, publisher, initial install/use date, and business purpose for each entry; where appropriate, include the Uniform Resource Locator (URL), app store(s), version(s), deployment mechanism, decommission date, and number of licenses. Review and update the software inventory bi-annually, or more frequently.

 

2.2: Ensure Authorized Software is Currently Supported

Asset type: Software
Security function: Identify

Ensure that only currently supported software is designated as authorized in the software inventory for enterprise assets. If software is unsupported, yet necessary for the fulfillment of the enterprise’s mission, document an exception detailing mitigating controls and residual risk acceptance. For any unsupported software without an exception documentation, designate as unauthorized. Review the software list to verify software support at least monthly, or more frequently.

2.3: Address Unauthorized Software

Asset type: Software
Security function: Respond

Ensure that unauthorized software is either removed from use on enterprise assets or receives a documented exception. Review monthly, or more frequently.

6.1: Establish an Access Granting Process

Asset type: Documentation
Security function: Govern

Establish and follow a documented process, preferably automated, for granting access to enterprise assets upon new hire or role change of a user.

6.2: Establish an Access Revoking Process

Asset type: Documentation
Security function: Govern

Establish and follow a process, preferably automated, for revoking access to enterprise assets, through disabling accounts immediately upon termination, rights revocation, or role change of a user.

Disabling accounts, instead of deleting accounts, may be necessary to preserve audit trails.

6.3: Require MFA for Externally Exposed Applications

Asset type: Users
Security function: Protect

Require all externally-exposed enterprise or third-party applications to enforce MFA, where supported. Enforcing MFA through a directory service or SSO provider is a satisfactory implementation of this Safeguard.

6.4: Require MFA for Remote Network Access

Asset type: Users
Security function: Protect

Require MFA for Remote Network Access.

6.5: Require MFA for Administrative Access

Asset type: Users
Security function: Protect

Require MFA for all administrative access accounts, where supported, on all enterprise assets, whether managed on-site or through a service provider.

7.1: Establish and Maintain a Vulnerability Management Process

Asset type: Documentation
Security function: Govern

Establish and maintain a documented vulnerability management process for enterprise assets. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard.

7.2: Establish and Maintain a Remediation Process

Asset type: Documentation
Security function: Govern

Establish and maintain a risk-based remediation strategy documented in a remediation process, with monthly, or more frequent, reviews.

7.3: Perform Automated Operating System Patch Management

Asset type: Software
Security function: Protect

Realizar actualizaciones del sistema operativo en los activos empresariales a través de la gestión de parches automatizada de forma mensual, o con mayor frecuencia.

7.4: Perform Automated Application Patch Management

Asset type: Software
Security function: Protect

Perform application updates on enterprise assets through automated patch management on a monthly, or more frequent, basis.

8.1: Establish and Maintain an Audit Log Management Process

Asset type: Documentation
Security function: Govern

Establish and maintain a documented audit log management process that defines the enterprise’s logging requirements. At  aminimum, address the collection, review, and retention of audit logs for enterprise assets. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard.

8.2: Collect Audit Logs

Asset type: Data
Security function: Detect

Collect audit logs. Ensure that logging, per the enterprise’s audit log management process, has been enabled across enterprise assets.

8.3: Ensure Adequate Audit Log Storage

Asset type: Data
Security function: Protect

Ensure that logging destinations maintain adequate storage to comply with the enterprise’s audit log management process.

9.1: Ensure Use of Only Fully Supported Browsers and Email Clients

Asset type: Software
Security function: Protect

Ensure only fully supported browsers and email clients are allowed to execute in the enterprise, only using the latest version of browsers and email clients provided through the vendor.

9.2: Use DNS Filtering Services

Asset type: Devices
Security function: Protect

Use DNS filtering services on all end-user devices, including remote and on-premises assets, to block access to known malicious domains.

10.1: Deploy and Maintain Anti-Malware Software

Asset type: Devices
Security function: Detect

Deploy and maintain anti-malware software on all enterprise assets.

10.2: Configure Automatic Anti-Malware Signature Updates

Asset type: Devices
Security function: Protect

Configure automatic updates for anti-malware signature files on all enterprise assets.

10.3: Disable Autorun and Autoplay for Removable Media

Asset type: Devices
Security function: Protect

Disable autorun and autoplay auto-execute functionality for removable media.

11.1: Establish and Maintain a Data Recovery Process

Asset type: Documentation
Security function: Govern

Establish and maintain a documented data recovery process. In the process, address the scope of data recovery activities, recovery prioritization, and the security of backup data. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard.

11.2: Perform Automated Backups

Asset type: Data
Security function: Recover

Perform automated backups of in-scope enterprise assets. Run backups weekly, or more frequently, based on the sensitivity of the data.

11.3: Protect Recovery Data

Asset type: Data
Security function: Protect

Protect recovery data with equivalent controls to the original data. Reference encryption or data separation, based on requirements.

11.4: Establish and Maintain an Isolated Instance of Recovery Data

Asset type: Data
Security function: Recover

Establish and maintain an isolated instance of recovery data. Example implementations include, version controlling backup destinations through offline, cloud, or off-site systems or services.

12.1: Ensure Network Infrastructure is Up to Date

Asset type: Network
Security function: Protect

Ensure network infrastructure is kept up to date. Example implementations include running the latest stable release of software and/or using currently supported network as a service (NaaS) offerings. Review software versions monthly, or more frequently, to verify software support.

13.1: Centralize Security Event Alerting

Asset type: Network
Security function: Detect

Centralize security event alerting across enterprise assets for log correlation and analysis. Best practice implementation requires the use of a SIEM, which includes vendor-defined event correlation alerts. A log analytics platform configured with security-relevant correlation alerts also satisfies this Safeguard.

13.2: Deploy a Host-Based Intrusion Detection Solution

Asset type: Devices
Security function: Detect

Deploy a host-based intrusion detection solution on enterprise assets, where appropriate and/ or supported.

13.3: Deploy a Network Intrusion Detection Solution

Asset type: Network
Security function: Detect

Deploy a network intrusion detection solution on enterprise assets, where appropriate. Example: implementations include the use of a Network Intrusion Detection System (NIDS) or equivalent cloud service provider (CSP) service.

13.4: Perform Traffic Filtering Between Network Segments

Asset type: Network
Security function: Protect

Perform traffic filtering between network segments, where appropriate.

13.5: Manage Access Control for Remote Assets

Asset type: Devices
Security function: Protect

Manage access control for assets remotely connecting to enterprise resources. Determine amount of access to enterprise resources based on: up-to-date anti-malware software installed, configuration compliance with the enterprise’s secure configuration process, and ensuring the operating system and applications are up-to-date.

13.6: Collect Network Traffic Flow Logs

Asset type: Network
Security function: Detect

Collect network traffic flow logs and/or network traffic to review and alert upon from network devices.

15.1: Establish and Maintain an Inventory of Service Providers

Asset type: Users
Security function: Identify

Establish and maintain an inventory of service providers. The inventory is to list all known service providers, include classification(s), and designate an enterprise contact for each service provider. Review and update the inventory annually, or when significant enterprise changes occur that could impact this Safeguard.

Infrastructure, networks, communications, security, organization, alignment with business. Analysis, diagnosis, recommendations, and action plan.

Planning and assistance in the implementation of robust and secure data networks, suitable for the expansion and growth of mid-sized companies.

Review and optimization of current technological systems and equipment to improve performance, reduce operational costs, and increase scalability.

Assistance in reducing the complexity of infrastructures by implementing virtual servers that optimize resource usage.

In today’s world, it is essential to have a proper distribution of technological resources within data centers. This not only involves redundancy levels but also the capacity to accept new services or to expand their reach to support growing demands.

Given our experience constantly evaluating emerging technologies, Dominio Consultores can offer consulting that provides our clients with a broad range of vendor-agnostic solutions. This allows us to not only meet your current needs but also to be prepared for your future growth.

A correct design and proper implementation require an accurate translation of business requirements into technology. This goes beyond just hardware and software schematics — it also considers the business’ cost-effectiveness.

Every system needs a level of contingency to ensure its operation across all firing lines. Nowadays, it is critical to not only consider traditional issues such as power outages or equipment failures but also to consider the challenges posed by cyberattacks and other emerging risks.

Dominio offers a service aimed at supporting organizational change processes.

In a change management process, everything that is necessary for the transition to the new condition is prepared, organizational support for the change is gained, and the change process is rolled-out in time and as planned.

A key aspect of the service is the analysis of the impacts the new condition will have on all entities and teams within the company.

 

As part of the process, Dominio adopts a change management methodology to guide the technological implementation in companies.

We follow these stages:

1. Change Awareness: Business need
2. Change Strategy: Concept, plan design
3. Implementation: Dissemination, communication, training
4. Measurement: Feedback, reinforcement

Dominio offers a service aimed at supporting organizational change processes.

Dominio offers a consulting service that supervises and controls the proper progress of an IT and communications technology implementation project.

Value Proposition:

– Ensuring the successful implementation of an IT project on time and within budget.

– Proper adoption of the tool by the many business areas as to achieve a shared vision aligned with company objectives.

– Supporting the IT department and acting as a liaison in project management.

The service includes the validation of: the quality of the IT project execution, compliance with the scope (statement-of-work), platform acceptance criteria, and identification of any deviations that may impact users. All of these are reviewed in executive QA sessions.