Phased Methodology with Evidence
A structured process that guarantees measurable results
Implementation phases
Phase 0: Discovery
1 week
Scope, objectives, and minimum viable inventory.
- Initial stakeholder meeting
- Scope and priority definition
- Critical asset inventory
- Initial risk identification
Phase 1: Quick Wins
30 days
Immediate improvements with visible impact.
- MFA implementation
- Permission review
- Secure basic endpoints
- Secure remote access
Phase 2: Architecture
60-90 days
Segmentation, per-application access, data protection.
- Network segmentation
- ZTNA per application
- Data classification
- Basic DLP controls
Phase 3: Maturity
Ongoing
Monitoring, simulations, and continuous improvement.
- Detection and response
- Phishing simulations
- Periodic audits
- Continuous improvement
From project to operation
After the implementation phase, we can operate the controls as a managed service: monitoring, maintenance, periodic reports, and incident support. This ensures security doesn't deteriorate over time.
KPIs we measure
% of users with active MFA
Average access revocation time
Asset inventory coverage
Incident detection time
Incident response time
Phishing simulation results
Deliverables per phase
| Phase | Deliverable | Format |
|---|---|---|
| 0 | Scope and initial risk report | PDF + Presentation |
| 0 | Critical asset inventory | Spreadsheet |
| 1 | Authentication and access policies | Documents |
| 1 | Quick wins implemented report | |
| 2 | Segmentation diagram | Visio/Lucidchart |
| 2 | Data protection policies | Documents |
| 3 | Monitoring dashboard | Portal |
| 3 | Periodic reports | PDF + Dashboard |