Maturity and Capability Measurement

  1. External Security Audits
  2. Internal Security Audits
  3. Web Application Security Audits
  4. Enterprise Application Audits
  5. IT Controls Audits
  6. Security KPI Definition and Reporting

Building an Information Security Risk Management Program

  1. Security Architecture Design and Technology Implementation
  2. Incident Management - Support in case of active threats
  3. Information Security Awareness Training
  4. Rent-a-CISO
    1. Short-term availability of an experienced CISO
    2. Access to a wide range of hands-on information security know-how
  5. Disaster Response and Business Systems Continuity (DR/BC)
    1. Business Continuity & Disaster Readiness Assessments
    2. Business Impact Analysis to determine business recovery time and recovery point objectives
    3. Recovery Recommendations and ROI funding support
  6. IT Controls Implementation and Reporting - NIST 800-53 & ISO/IEC 27001
  7. Security Awareness
    1. Change and Communications Tools and Methodologies
    2. Effective organizational messaging
  8. Data Governance
    1. Data classification and handling workshops and analysis
    2. Business Process/Controls remediation recommendations
    3. Secure Information Exchange Tools & Technologies

Cyber Threat Assessment

  1. Penetration testing and analysis for
    1. Network Infrastructure
    2. Wireless 802.11x
    3. Web Applications and REST API
  2. Investigations and Data Forensics
    1. Support for information security investigations and data forensics

Risk Management Integration Architecture

  1. Systems integration architecture design for controls automation

Regulatory Controls Assessment and Alignment

  1. NIST 800-53
  2. ISO27K
  3. COSO
  4. COBIT