Cybersecurity for Small Businesses

Information Security Program

Implementing a well-defined and robust security program that is tailored to the specific needs of your business helps to ensure the confidentiality, integrity, availability and privacy of your data and that of your customers.  Our advisory services is focused on working with business and technology leaders to develop and implement security programs. Our consultants will develop a comprehensive program and implementation roadmap based on accepted industry best practices and the specific needs of your business.

Our standard approach includes:

• Collecting and analyzing information to understand the goals and objectives of the business, understanding the acceptable risk appetite and tolerance levels of the business.
• Reviewing existing security programs, plans, policies, procedures and controls to determine whether or not security goals and objectives are aligned with those of the business and industry.
• Performing a high-level security assessment to identify the current security posture of the business, high-risk threats and vulnerabilities.
• Working closely with the business and technology leaders to define a security capability maturity level target that is based on the existing capabilities and needs of the business.
• Identifying gaps between the current state capabilities and what is required to achieve the target maturity level.
• Identifying the people, policies, procedures, processes, controls and technologies required to achieve the target maturity level.
• Developing a phased implementation plan and roadmap.

Risk Assessment Services

Managing risk involves the identification, assessment, treatment, monitoring and tracking of risk.  Since it’s impossible to manage what you don’t know exists, it’s critical to begin any attempt to manage risk by performing a risk assessment to identify, estimate and prioritize the risks to organization’s information assets. Our services include –

• Compiling a list of the information assets of the organization.
• Preforming a business impact analysis to understand the true value of each asset.
• Creating risk scenarios to identify threats and vulnerabilities.
• Combining qualitative and quantitative approaches to estimate the likelihood and potential impact of the risk.
• Providing recommendations of how to treat the risk (Avoid, Transfer, Mitigate, Accept).
• Delivery of a Risk Register that documents each risk, likelihood, impact, prioritization of each risk.

Security Awareness Training

Employees are a major part of an organization’s attack surface and remain the greatest vulnerability to cybersecurity, frequently targeted by attackers.  Ensuring that employees have the knowledge and skills to defend themselves and the organization against threats is an essential part of any security program and a requirement for those organizations that need to comply with government and industry regulations, such as FISMA, PCI, HIPAA or Sarbanes-Oxley. Our services include –

• Designing a program that is compliant with the laws and regulations that apply to your business.
• Covering all the basics including physical security, password security, anti-phishing, social engineering.
• Providing training that is role based and includes all roles within the organization
• Diversifying the training content and delivery methods that include instructor lead sessions, self-paced training, simulations, games.
• Making the training intriguing and entertaining

Information Security Audit

An Information security audit is a structured, systematic and measurable technical assessment of how the organization’s security policy is employed. Our services include –

• Assessing security policies, procedures and controls to determine their operating effectiveness
• Conducting Penetration testing
• Auditing firewall configurations, website code and mobile applications
• Identifying internal control and regulatory deficiencies that could put the organization at risk.
• The delivery of a detail audit report