Commercial Cybersecurity Services
One Week Until Commercial Authority to Operate
Information Security Risk Assessment
Your Cybersecurity Matters specializes in commercial cybersecurity services. Our services include a comprehensive risk assessment. An information security risk assessment is the process by which an organization determines how well their information systems and corporate information are protected from compromise or destruction. Specifically, the National Institute of Standards and Technology (NIST) is considered the gold standard to measure information security risk. ASCERTIS Solutions uses NIST SP 800-171 to facilitate an assessment and achieve an Authority to Operate in as little as one week.
Project Management – POA&M Remediation
Most organizations have some deficiencies in their security processes or technology that need improvement. These improvements are codified in Plans of Actions and Milestones (POA&M). To assure that POA&M items actually get completed, Your Cybersecurity Matters can supply a virtual project manager to track projects to their successful completion. We can also provide Project Management oversight to new security initiatives to assure scheduled completion. Our Project Management staff are PMP certified and have experience working directly onsite or via remote desktop. Our PMPs can also set up individual projects and help prioritize or identify dependencies between tasks or resources so that alternate strategies can be implemented quickly before these tasks become bottlenecks.
The main objective of penetration testing is to determine security weaknesses that an outsider can exploit. A penetration test is an outside-the-organization stress test. The targets are usually the company’s external servers, e-mail servers, and firewalls with the objective to compromise these devices and then try to gain access to the internal network. Penetration tests look for misconfiguration in the devices, vulnerabilities in the operating systems or applications on the servers that have not been patched, or access policies that can be compromised.
Hire a CISO
Importantly, protecting company information is the most crucial security function to assure you stay in business. Your customers, business partners, and employees depend on your organization to safeguard the information they provide. Unfortunately, we have all seen how respected institutions can become instant pariahs because they failed to protect the personal information of their clients and employees. However, few small companies can afford to hire a CISO full time. With Your Cybersecurity Matters, you can hire a CISO on a consulting basis to:
- Assure your business is compliant with Federal security requirements (PCI, NIST 800-171, HIPAA, etc.).
- Create policies for internal company use that reflect best information assurance business practices. NIST SP 800-171, Rev 1 requires many policies.
- Work with other departments on information assurance awareness.
- Assist with information assurance audits.
- Review current cyber architecture and recommend improvements.
- Work with physical security to review physical perimeter protection controls.
- Develop Contingency Plans.
All Your Cybersecurity Matters CISO consultants have a minimum of 5 years as a CISO or SME support to a CISO. All consultants are certified by ISC2 and are available on a month-to-month or engagement contract.
Implementing robust cyber awareness in a company does not come by simply proclamation. Cyber awareness and information assurance are cultural changes that affect all the existing business processes. This includes decisions on need-to-know roles within the company, modification of how documents are transmitted and stored, implementation of a rigorous configuration management process, and implementation of business processes that provide the organization with situational awareness of their most sensitive information. Your Cybersecurity Matters professionals can provide the roadmap and change management support to prepare and implement these changes. Our tailored solutions include:
- A Rollout Plan – This plan explains the purpose of changes and the benefits to everyone involved.
- Customized Training – Change management requires everyone’s participation to be successful. Our customized training includes video conferences, tailored workbooks, and exercises that bring clarity to the new processes and procedures.
- Project and Program Management Oversight – Often new process changes launch with much fanfare, and then they quickly submerged in the management of daily projects. Our approach provides a “win” every week so that changes stay in the forefront, and the company can see continual improvement. We implement an Agile program management process to assure that organizational change stays on track and results arrive on time and on budget.