Information Security

INFORMATION SECURITY

Follow us on Twitter @SecurityVI

Overview

Financial service and health care companies are under increasing pressure to cut costs and improve business agility, while continuing to maintain secure and reliable systems. Yet, the threat landscape becomes increasingly treacherous, the cost of protecting systems and data continues to rise, and regulators continue to increase the cyber security requirements across the board.

Clearly, information is one of any organization’s most important assets, and protecting information systems and data is necessary to (1) establish and maintain trust between the organization and its customers, (2) maintain compliance with the law, and (3) protect the reputation of the company.

Our focus is on helping clients improve the security and availability of their systems and data. This includes designing the right infrastructure, choosing the right mix of security controls, incorporating the right recovery strategy, and wrapping it all up in a properly defined information security program.

Our Approach

Our goal is to help create peace of mind for our clients by making their information security programs stronger and their system and data protection better. We have consultants that focus specifically on information security program (ISP) development, and others that focus on (infrastructure) availability and recovery.

Information security programs are made up of people, programs and processes. Our role is to help clients design, enhance and manage their information security programs. We help them develop the documentation, assess the risks, select the products that help control or mitigate the risks, and to educate and inform their people--from the front line to the Board room--on the overall cyber security posture.

In order to maintain the trust of their clients, financial institutions must ensure that their systems are safe and available. The information security program helps the organization identify, measure and control risks to the availability, integrity and confidentiality of systems and data. And, we help make the Information Security Program better.

In addition to helping develop the IS programs, we often participate in the monthly management process. This often involves coaching, reporting, preparing audits or training team members on better information security practices.

Services

Information Security Strategy

Information security program and policy development
Risk assessment
IT audit and regulatory examination management
Product selection (controls)
Backup and recovery strategy development
Incident response plan development

Cybersecurity Assessment Tool (CAT) Consulting

CAT introduction and process development
Management and director training
Assistance with CAT completion
Integration of the CAT into the information security program

Risk Assessment

Inventory and system documentation
Process development and tool selection
Risk assessment completion

System Design and Control Selection/Implementation

IDS/IPS product selection and implementation
Firewall selection and implementation
Log management selection and implementation
Assistance with system monitoring and reporting

Reporting and Notification

Review of system logs
Assistance with development of management reports (weekly, monthly, quarterly)
Assistance with event identification, analysis and forensic review
Participation in the event notification process

Backup and Recovery Solutions

Backup technology selection and implementation
Replication strategy development
Recovery and backup integrity testing

Business Continuity

Disaster Recovery (DR) site design and implementation
Recovery testing
Mock DR and tabletop testing
Assistance with business continuity plan development

IT Audit / Exam Preparation and Remediation

Assistance with regulatory exam preparation
IT audit preparation and item Remediation
Exam and audit response strategy

Staff Training

Social Engineering
Acceptable Use
Regulatory and Compliance

For more information, please contact Eric Kroeger at 219-405-6533.