Solutions:
Information Security.
Overview: Financial service and healthcare companies are under increasing pressure to cut costs and improve business agility while maintaining secure and available systems. Yet, the threat landscape becomes increasingly treacherous, the cost of protecting systems and data continues to rise, and regulators continue to increase the cybersecurity requirements across the board.
Information is one of any organization’s most important assets, and protecting information systems and data is necessary to:
1. Establish and maintain trust between the organization and its customers.
2. Maintain compliance with the law.
3. Protect the reputation of the company.
4. Protect customer data.
Our focus is on helping clients improve the security and availability of their systems and data by designing the correct infrastructure, choosing the right mix of security controls, incorporating the right recovery strategy, and wrapping it all up in a properly defined information security program.
Our Approach: The goal is to help create peace of mind for our clients by making their information security programs stronger and their system and data protection better. We have consultants that focus specifically on information security program (ISP) development and others that focus on (infrastructure) availability and recovery.
Information security programs encompass people, programs, and processes. Our role is to help clients design, enhance and manage their information security programs. We help them develop the documentation, assess the risks, select the products that help control or mitigate the risks, and educate and inform their people--from the front line to the Board room--on the overall cybersecurity posture.
To maintain the trust of their clients, financial institutions must ensure that their systems are safe and available. The information security program helps the organization identify, measure, and control risks to the availability, integrity and confidentiality of systems and data. We help clients make their Information Security Program better.
In addition to helping develop the IS programs, VI can participate in the monthly management process. This includes coaching, reporting, preparing for audits, and training team members on better information security practices.
Services:
Information Security Strategy
• Information security program and policy development
• Risk assessment
• IT audit and regulatory examination management
• Product selection (controls)
• Backup and recovery strategy development
• Incident response plan development
Cybersecurity Assessment Tool (CAT) Consulting
• CAT introduction and process development
• Management and director training
• Assistance with CAT completion
• Integration of the CAT into the information security program
Risk Assessment
• Inventory and system documentation
• Process development and tool selection
• Risk assessment completion
System Design and Control Selection/Implementation
• IDS/IPS product selection and implementation
• Firewall selection and implementation
• Log management selection and implementation
• Assistance with system monitoring and reporting
Reporting and Notification
• Review of system logs
• Assistance with development of management
reports (weekly, monthly, quarterly)
• Help with event identification, analysis, and forensic review
• Participation in the event notification process
Backup and Recovery Solutions
• Backup technology selection and implementation
• Replication strategy development
• Recovery and backup integrity testing
Business Continuity
• Disaster Recovery (DR) site design and implementation
• Recovery testing
• Mock DR and tabletop testing
• Assistance with business continuity plan development
IT Audit / Exam Preparation and Remediation
• Assistance with regulatory exam preparation
• IT audit preparation and item Remediation
• Exam and audit response strategy
Staff Training
• Social Engineering
• Acceptable Use
• Regulatory and Compliance