Security Services
GAP ASSESSMENTS
Identify quick wins that will improve your security the most with the least effort! We will perform a gap assessment against your choice of frameworks and regulations — CIS top controls, NIST, HIPAA, COSO principles, and more.
Think of this as a cybersecurity sprint.
RISK ASSESSMENT
Risk management is at the very core of Information Security Practice. As an objective third party we will review your business in detail — the technology, procedures, security measures — and assess the risks based on our knowledge of the current threat landscape. You will receive a clear and actionable risk treatment plan to guide your strategy for the year ahead. Think of this as a cybersecurity marathon.
Business Continuity
The road isn't always going to be straight and smooth. We will work closely with your team to build out a clear and actionable Business Continuity and Disaster Recovery plan. Don't wait until a crisis occurs to begin planning. Advance planning now will reduce the impact of unexpected events.
INCIDENT RESPONSE
Building out incident response plans before an incident are vital in reducing the impact. We will work closely with your executives and top management to build a policy that suits your business. Next we work with your various business units to build out a realistic and effective incident response plan that your teams will actually use. Finally we will lead an incident response tabletop exercise to work through the kinks and help build "muscle memory" for your people who are involved with incident repsonse.
SECURITY AWARENESS
We can provide training to groups small and large. Our differentiator is that our sessions are highly interactive and engaging. We can easily customize training for specific groups — such as executives, engineering, HR, Finance, Sales, Marketing, and more. These trainings are provided by a live instructor. We will provide you with a recording and informative handouts at the end of the training.
SECURE ARCHITECTURE
We can provide all of the following services and more
-
Cloud Architecture security review
-
Web application security
-
Secure the Software Development Life Cycle
-
Help you create an Open Source Software Management program
-
Assess your development life cycle against such frameworks as the NIST SSDF, BSIM, and OWASP SAMM
-
Perform in depth threat modeling with your teams
FRAUD PREVENTION AND INSIDER THREAT
In conjunction with our partners who are retired Law Enforcement, we can help you to build out a comprehensive Insider Threat and Fraud Prevention program.
1. Assess your current state
2. Build out an effective program which includes policies, procedures, code of ethics, and more
3. Educate Executives and Management
4. Educate Staff
5. Incident Response and Investigative services
And we will check in regularly to ensure that your program is effective and well implemented.