Cyber Security Management
We design and implement comprehensive cyber security management programs, serving a wide variety of industries, from financial institutions to the not-for-profit community.
Whether you need disaster management and incident response or forward looking management consulting, you have an ally in cyber security.
Targeted Security Assessments
A targeted and effective cyber security strategy begins with an evaluation of your organization’s risks and vulnerabilities. Assessments are vital tools in an organization’s ongoing need to improve its cyber security risk profile.
We offer a full range of assessment services including:
- Information Security Management and Compliance Reviews
- Network Penetration Testing and Vulnerability Assessments
- Web Application testing
- 3rd Party Security Reviews
- Comprehensive IT Evaluations
Custom Designed Security Management Programs
A successful information security program requires an ongoing process of top-down risk management and response. We custom design and implement information security management programs to meet your specific needs.
- Developing appropriate information security policies
- Asset classification and control
- Awareness training and education programs
- Incident response
- Information continuity
- Creating a security aware culture
- Security management of IT infrastructure
Complying With Legal Requirements
We help you navigate the legal requirements pertaining to information security and breach disclosure laws. We are experts in helping organizations comply with:
- ISO-27001, 27002
- Payment Card Industry (PCI) Data Security Standard
- Gramm-Leach-Bliley Information Security Regulations
- HIPAA Information Security Regulations
- FTC Safe Harbor
- California Civil Code 1798.81.5
- Other Compliance Requirements
A Total Systems Approach
We view information security as an integral part of any business’s management challenges. Our approach is to cost effectively integrate security management into your organization’s unique culture, management style, and business needs.
- We evaluate technology vulnerabilities together with management and employee practices. The result is a comprehensive understanding of your strengths and weaknesses and better opportunities to mitigate risks.
- We use industry standard evaluation methods to help you understand where you are and where you need to go.
- We provide recommendations broad enough to be understood by senior management and detailed enough to be implemented by technical personnel.
- We practice complete vendor neutrality with respect to technology solutions, allowing for an impartial evaluation and recommendation process.
- Our customized solutions meet your unique needs and provide “the most bang for the buck.”
- By carefully prioritizing our recommendations, we ensure the improvement process is efficient and effective.
- We keep senior management involved throughout the review and decision-making process, so that improvement plans are appropriate, affordable, and achievable.
- We help you integrate security awareness into your organization’s culture.
- Our solutions are crafted from best security practices such as ISSA Generally Accepted Information Security Practices, ISACA Information Security Capability Maturity Model, NIST, and CISSP Common Body of Knowledge
- Our solutions are also crafted using best process and quality management practices, such as Six Sigma, Deming’s Plan Do Check Act, Total Quality Management, Business Process Re-engineering, and ITIL®