Services

STARTUP SECURITY

We understand that as a startup, security may not be your top priority. Before you launch, however, there are a few questions you should consider.

1. Are you entering into a space where compliance with state, federal, or industry security standards will be required?

2. Is it important to you to protect the intellectual property that you have acquired during the creation, implementation, and launch of your company, product, or service?

3. Will information security and privacy matters be important to your customers, and could you potentially lose them if their concerns are not addressed up front?

4. Will your potential investors be concerned over your viability due to potential information security and compliance issues? We can help you answer those four questions and put your startup in a better position to succeed. We can even help you to make your security posture into a selling point.

REGULATION COMPLIANCE

We will assess if your company needs to be compliant with HIPAA/HITECH, PCI-DSS, SOX, NERC, FERPA, GLBA, GDPR etc or one of the number of lesser known laws or standards? We can help you with mapping, identifying and testing your controls as well as helping you build a complete compliance program. We can help you to get ready for audits etc necessary for meeting requirements. We use industry standards such as ISO 27001, NIST 800-53, FISMA, COSO, and COBIT to create a custom solution to your compliance and security needs.

INFORMATION SECURITY & RISK MANAGEMENT

Please assess at your level Have you set your levels of materiality regarding risk?

Is your risk profile at an acceptable level ?

Is your current security architecture aligned with your corporate goals and objectives , How about future business expansion , is it scalable ?

We can help you work through all of above issues and define a truly scalable information security program that will help your company achieve its objectives while maintaining an acceptable level of risk. Normally privacy, security, intellectual property and reputation are all at risk. We can help you control these issues timely and effectively.

IDENTITY ACCESS MANAGEMENT

Identity and Access Management is generally treated as a technological problem with baselines being drawn from analysis of current access logs or ACL (Access Control Lists). However It is not just a technological problem, it is normally an administrative problem that is rooted in granting the discretionary access by managers for the sake of convenience or lack of understanding. These lapses eventually impact the organizations at large. Those mistakes crop up into new IAM solutions when they are implemented. We take a different approach. We work from the top down and follow data and transactions to their source. We then work with you to ensure that any IAM program that is implemented is focused on function and data and is aligned with HR and Accounting. Managers will no longer be granting admin roles to their secretary because it is expedient.

CLOUD SECURITY

Cloud is basically the practice of using a network of remote servers hosted on the Internet to store, manage, and process data, rather than a local server or a personal computer. These are only other people’s computers. We do not emphasize that your company should not use cloud services. There are many benefits to a cloud deployment or a cloud augmented infrastructure. It is only to make sure that everyone understands the risk of using these services. Our professionals can help your organization classify the data, assess the cloud service provider and assess the overall risk that a cloud deployment creates. That risk assessment can be tied directly into the cost-benefit analysis that should accompany any management decision. Platform as a Service (PaaS), Infrastructure as a Service (IaaS), or Software as a Service (SaaS); our team is ready to help you assess the risk, construct the appropriate solution and deploy that solution so as to minimize risk and maximize the benefit.

VENDOR RISK ASSESSMENT

The current practice your company follows , hopefully, meets all of your business requirements if not, we will be designing a system that can be implemented and managed by a new vendor. If there are additional risks, will this vendor add to your overall security system and how will they fit into your current business continuity and disaster recovery plans?

A more basic question may be whether or not you could even trust this vendor with your data.• We can help you assess your new vendors for their ability to meet your needs by keeping your data secure. In cases where the new vendor falls short, we can even coach them to get up to speed in order to meet your security standards. Whether it’s on premises or a cloud provider we can help you ensure that your new vendor has your best interest in mind when it comes to security.

DUE DILIGENCE DURING ACQUISITIONS AND MERGERS

Your company is about to acquire another company. Here are some questions that you should be asking yourself. How mature is that company’s IT infrastructure and processes?How much IT Security Risk are we buying?How can we integrate their security with ours?

We can help you answer these and other questions about the company that is going to be acquired or one that has recently been acquired.

AGILE DEVELOPMENT & SECURITY

A number of organizations struggle with how to remain agile in their development efforts and still ensure that security is not lost in the mix. We can help you build security into your agile development and dev ops with minimum overhead, thereby allowing your organization to keep up with customer/business needs and still buy down the security risk of an ever-changing environment. Let us help you bake security in.