Overview
Financial service and health care companies are under increasing pressure to cut costs and improve business agility, while continuing to maintain secure and reliable systems. Yet, the threat landscape becomes increasingly treacherous, the cost of protecting systems and data continues to rise, and regulators continue to increase the cyber security requirements across the board.
Clearly, information is one of any organization’s most important assets, and protecting information systems and data is necessary to (1) establish and maintain trust between the organization and its customers, (2) maintain compliance with the law, and (3) protect the reputation of the company.
Our focus is on helping clients improve the security and availability of their systems and data. This includes designing the right infrastructure, choosing the right mix of security controls, incorporating the right recovery strategy, and wrapping it all up in a properly defined information security program.
Our Approach
Our goal is to help create peace of mind for our clients by making their information security programs stronger and their system and data protection better. We have consultants that focus specifically on information security program (ISP) development, and others that focus on (infrastructure) availability and recovery.
Information security programs are made up of people, programs and processes. Our role is to help clients design, enhance and manage their information security programs. We help them develop the documentation, assess the risks, select the products that help control or mitigate the risks, and to educate and inform their people--from the front line to the Board room--on the overall cyber security posture.
In order to maintain the trust of their clients, financial institutions must ensure that their systems are safe and available. The information security program helps the organization identify, measure and control risks to the availability, integrity and confidentiality of systems and data. And, we help make the Information Security Program better.
In addition to helping develop the IS programs, we often participate in the monthly management process. This often involves coaching, reporting, preparing audits or training team members on better information security practices.
Services
Information Security Strategy
-
Information security program and policy development
-
Risk assessment
-
IT audit and regulatory examination management
-
Product selection (controls)
-
Backup and recovery strategy development
-
Incident response plan development
Cybersecurity Assessment Tool (CAT) Consulting
-
CAT introduction and process development
-
Management and director training
-
Assistance with CAT completion
-
Integration of the CAT into the information security program
Risk Assessment
-
Inventory and system documentation
-
Process development and tool selection
-
Risk assessment completion
System Design and Control Selection/Implementation
-
IDS/IPS product selection and implementation
-
Firewall selection and implementation
-
Log management selection and implementation
-
Assistance with system monitoring and reporting
Reporting and Notification
-
Review of system logs
-
Assistance with development of management reports (weekly, monthly, quarterly)
-
Assistance with event identification, analysis and forensic review
-
Participation in the event notification process
Backup and Recovery Solutions
-
Backup technology selection and implementation
-
Replication strategy development
-
Recovery and backup integrity testing
Business Continuity
-
Disaster Recovery (DR) site design and implementation
-
Recovery testing
-
Mock DR and tabletop testing
-
Assistance with business continuity plan development
IT Audit / Exam Preparation and Remediation
-
Assistance with regulatory exam preparation
-
IT audit preparation and item Remediation
-
Exam and audit response strategy
Staff Training
-
Social Engineering
-
Acceptable Use
-
Regulatory and Compliance
For more information, please contact Eric Kroeger at 219-405-6533.