Engage our team to assess your risk exposure, get a clear view of opportunities to strengthen your cybersecurity program, and orient your team with solid procedures and training.
Our team has extensive expertise with each of these practices:
Our highly qualified security professionals perform security risk assessments of the information security for your environment. Our security risk assessments are conducted in alignment with the practices enumerated in the current version of NIST SP 800-30 or the specific compliance frameworks required of the business. After collecting and analyzing the information gathered, you will receive a comprehensive report providing a clear picture of the level of risk present within your business. This report will include any vulnerabilities which will be rated as Critical, High, Medium, Low, and Informational.
Our experienced CMMC-AB Registered Practitioner security professionals will perform a Cybersecurity Maturity Model Certification (CMMC) Readiness Assessment for companies required to follow NIST SP 800-171, and the eventual CMMC framework, against the client environment to address the technical, administrative and physical security controls enumerated in NIST SP 800-171 as well as the current version and expected level required under CMMC. Through a discovery process, we will collect organizational level information, any known security classification guides, asset inventory, critical asset inventory (including CUI and CUI types), policies and procedures, plan of action and milestones (POA&M), and current system security plans (SSP). Your consultant will provide you with a summary response per DFARs with corrective recommendations. If necessary, we can build your company SSP and POA&M as well as provide your SPRS score for submission under the current NIST SP 800-171 requirement.
Our security experts perform five of the six types of penetration testing: Internal Network, External Network, Social Engineering, Wireless and Physical security. We use a hybrid model of both automated and manual testing methods. Each client network penetration test project is performed by a Certified Ethical Hacker (CEH) and is scoped specifically to your compliance requirement or desired outcome.
Projects including an Internal Network Penetration Test can be executed as an Authorized or Unauthorized test. Our team will provide you with a final report explaining our discovered data, vulnerabilities with high-level remediation recommendations, exploited vulnerabilities and an overview of the tools and methods used during the test. Every company needs to understand which type of penetration test they require if compliance is critical to business operations, or the industries served.
A step towards understanding the technical risks within a corporate network, running a network vulnerability scan will capture a deep level of detail about the current state of network security risks within a business. Our security engineers will capture a cross-section of information about your network, including patching status and possible software misconfigurations.
After collecting and analyzing the information, an Executive Report will be created and then presented to your key stakeholders. Additionally, a more advanced Technical Report will be generated for use by your IT staff to help identify the vulnerabilities discovered with a risk rating of Critical, High, Medium or Low and high-level suggestions for remediation.
In partnership with ID Agent, our recurring monthly service actively monitors the dark web for your corporate email accounts. If any are found published on the dark web, we will alert your internal IT points of contact, and if you have a managed security services plan with us, your virtual Chief Information Security Officer (vCISO), taking action and preventing a business email compromise from occurring.
For nearly 10 years, we have been providing cybersecurity awareness training to companies of all shapes and sizes. Our virtual training sessions are approximately 90 minutes in length with classroom size limits. The training sessions include four general categories of information; cyberthreat landscape, cyberthreat forecast, threat actor attack techniques, and essentials to avoid being a victim.
Course customization requests will be considered on a case-by-case basis. Our managed security services clients also have the additional benefit of short monthly animated training videos, in partnership with Ninjio, based upon current events to help staff better understand real-world security incidents and how they could have been prevented.
Every organization needs general information security policies, procedures, an acceptable use policy and a security incident response plan. Having the appropriate plans and policies protects the business and ensures staff members know how to perform their jobs in accordance with security best practices, reducing the risk of a cybersecurity incident turning into a data breach. Our security professionals will coordinate with designated staff to determine the applicable legal, regulatory, contractual, and organizational requirements for security and communications necessary in your business.
We review standard practices in the organization, as well as understand the specific corporate data sources and the impact of data loss to the company reputation and financial risks. We utilize an iterative review process for documentation as well as tabletop exercises for incident response plan training.
Our phishing simulation projects are designed to be a point-in-time evaluation of your staff cybersecurity awareness and what risk levels are present. We design, develop and execute educational phishing simulations with the goal of helping businesses clearly identify areas they can improve their user training to prevent a business email compromise. This is one of the most common ways threat attackers break into your corporate network and it’s one of the most cost-effective continuous investments a company can make to reduce their cyber risk.
Cybersecurity Compliance Frameworks
In our experience, businesses servicing defense contracts are incredibly skilled at what they do. To continue their great work, compliance with DFARS is mandatory, and the requirements are broad and deep. We approach the challenge by isolating critical data, educating leadership and staff, and implementing security controls that maximize efficacy and optimize operations.
Staying ahead of the defense industry’s evolution from DFARS to CMMC. We are CMMC accredited and have already submitted our application to become a Certified 3rd Party Assessor Organization. As an active member of the Pacific Northwest Defense Coalition, we regularly contribute our expertise to peer learning events.
Most business leaders are faced with the specter of a cyber-attack, but simply don’t know how to begin fortifying their organization. NIST CSF is an excellent industry-agnostic cybersecurity framework that can serve as the foundation for a solid program and — when directed by a seasoned vCISO — transform the culture of an entire organization.
All our team members are intimately familiar with NIST CSF and have put it into practice at companies of all sizes. Through assessments, planning, and education, we guide businesses from trepidation to confidence, ready to not just survive but thrive in a dynamic cybersecurity landscape.
Whether your business accepts payment cards through a POS or PMS system, a home-grown payment application, or even a web terminal, our team is fluent in all of these systems and understand how each of them impacts compliance. We can work closely with you to redesign processes, train staff, and implement controls.
When we embark on the path to PCI compliance with an organization, we first examine where exactly the implementation of controls is non-negotiable to ensure data privacy and security. This often helps simplify the vast set of rules and requirements the framework covers, thereby reducing the associated costs.
Although HIPAA was established in 1996, businesses still face a lot of confusion about its requirements, especially outside the healthcare industry. Our team has charted clear paths toward compliance for a variety of organizations subject to HIPAA, including law firms and insurance agencies.
Our key strength is individualizing the approach to compliance. Beyond meeting the requirements for technical, administrative, and physical security controls, we work closely with you to enable operations to function as efficiently as possible.
As FERPA requirements are more broadly defined than those of other compliance frameworks, they can be challenging for organizations to understand, let alone implement. With extensive experience in this domain, our team can shed light on the practices that apply to your educational organization.
We dig deep to get the full picture of how your business intersects with FERPA regulations, parse any fine print in your contracts, then design controls that appropriately safeguard student data and embed them into your daily operations. Along the way, we engage and educate your staff to take charge of your cybersecurity.
This framework is for Canadian companies with less than 500 employees who seek a proactive approach to mitigate cybersecurity risks. This is a voluntary certification program with a framework designed to help businesses protect themselves against cyberattacks and raise the bar for cybersecurity, consumer confidence, and global competitiveness of Canadian SMBs.
To achieve certification, businesses must review and implement 13 critical cybersecurity controls outlined by the Canadian Center for Cybersecurity before applying for certification. We will work through this framework with you and your team in a Readiness Assessment to determine the value of your information systems and assets, threat level and identify your current cybersecurity gaps against the controls. We will then develop a remediation plan to address the gaps and consult with you throughout the journey on your path towards a CyberSecure Canada Certification.
If you are a business operating in the UK, or working with a UK based company, there are two levels of cybersecurity to consider: Cyber Essentials and Cyber Essentials Plus. Both are government backed certification programs that define a set of controls to provide guidance on cybersecurity for the technology in use for your business. To be eligible for government contracts, businesses must meet one or both levels. Primary difference is Cyber Essentials Plus requires a third-party technical verification.
We will guide you through the Cyber Essentials Readiness Toolkit and design a remediation roadmap to help you navigate towards meeting the certification requirements for Cyber Essentials and the Cyber Essentials Plus verification by a third-party.