Enterprise-wide Cybersecurity Program Review and Road-mapping
Standards-based, client-specific assessment that helps drive strategy, risk management, investment, and risk-transfer decisions.
Based on a proprietary synthesis of multiple standards for testing and validating security outcomes within the National Institute of Standards and Technology (NIST) Cybersecurity Framework.
Measures the effectiveness of your controls through performance validation testing.
Includes a joint “Road-mapping Workshop” to develop multi-year investment and program plans, using “Cyber Value-at-Risk” modeling to analyze alternative security control investment strategies in terms of risk reduction potential.
Security Technical Controls Review
A methodical review of your cybersecurity technical controls environment.
Assesses the enterprise cybersecurity architecture and technical controls for:
How well the controls implement policy.
How effectively they support the risk appetite.
How effectively they meet compliance requirements.
Applies technical tools to evaluate the operational effectiveness of security controls.
Based on a repeatable and traceable methodology that draws on accepted security technical controls standards such as Center for Internet Security Critical Security Controls, NIST SP 800-53, Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry Data Security Standard (PCI DSS), and other sector-specific standards.
Scenario-based Cyber Exercises
Executive-level, facilitated tabletop exercises, typically focused on the enterprise response to a series of hypothetical cyber incidents that are realistic for your business.
Tests assumptions, plans, and operational processes.
Enhances your organization’s understanding and awareness of the intricacies of cyber incident management.
Validates external resources & Points-Of-Contact (POCs) & helps build external relationships that prove to be of value in a crisis
Provides executives and managers with the experience that is directly transferrable to real-world events, increasing your enterprise’s cyber response preparedness.
Third-party Cybersecurity Risk Management Review
Identifies third-party relationships, including suppliers, service providers, business partners, contractors, vendors, etc., and assesses the likelihood that they would experience a cyber event.
Highlights areas of concentration where multiple suppliers share hosting providers, security vendors, vulnerabilities, or technology systems.
Provides a systematic method of continuously monitoring the cyber risks imposed by authorized third parties and a protocol for managing them.
Identifies high-risk suppliers whose cybersecurity vulnerabilities should be further assessed.