We provide Cybersecurity Consulting that walks non-technical, business leaders through Governance, Risk and Compliance techniques in order to build a Cybersecurity Program within their organization. The goal of the Cybersecurity Program is to strengthen the company’s security profile as measured by a Cyber Security Risk Assessment.
We specialize in working with Election Officials and County Clerks to help them with Election Security. We also work with Technology Start-ups, Non-Profits and Registered Investment Advisors (RIAs). Generally, organizations of under 25 people with limited or shared technical support. Our government work allows us access to the U.S. Department of Homeland Security’s information sharing programs. Valuable information which we use to support our work with non-government organizations.
We help the leadership of these organizations understand the business demands of building a secured working environment. Rather than trying to make non-technical executives more technically savvy, we increase their understanding of risk management as it relates to Information Security. Similar to Information Security Risk Assessments, we are primarily concerned with top-down policies and procedures rather than specific technical tactics.
This program is built to enhance the relationships between management and technical support services. The sessions are designed to translate into actionable tasks for management and technical support alike. The sessions integrate industry regulations and compliance initiatives along with the U.S. Department of Commerce’s National Institution of Standards and Technology (NIST) 800-53 Information Security Framework.
We will be developing a Cybersecurity Program together, which will include deliverables such as policies and procedures. We will research ongoing training and network monitoring programs to help protect the availability, integrity and confidentiality of your business. We will create emergency response documents. And we will work with your technical support to make sure your office infrastructure is better protected.
Our work together will raise your organization’s cyber maturity while at the same time, hardening your company’s infrastructure. Our program is based on 10 regular one-hour phone conferences over a period of 3 months. It’s a small commitment with a low-cost engagement designed to create a solid foundation for continued security growth.
10 Session Schedule Outline and Worksheets
1.Cybersecurity as a Governance, Risk and Compliance(GRC) practice;
Worksheet: Critical Stakeholders.
2. Understanding a Risk Based Framework and Building a Cyber Program;
Worksheet: Critical Business Functions.
3. Threats and Scenarios; What does Cybersecurity mean for your Business?
Worksheet: Critical Assets.
4. Creating a Successful Cyber Security Program;
Worksheet: Assets Owners and Business Values.
5. Designing Policies and Procedures;
Worksheet: Ethics Policy and Acceptable Use Policy.
6. Malware and Ransomware Procedures;
Worksheet: 1-2 policy outlines.
7. Incident Response Planning;
Worksheets: Security Planning Snapshot, Emergency Response Guide.
8. Operational Values for Mission Critical Services;
Worksheet: Critical Business Functions #2.
9. Supply Channel and Vendors in the Cloud;
Worksheet: 1-2 policy outlines.
10. Risk Assessment Review;
Worksheet: Draft Risk Assessment.
Once the initial consulting engagement is complete, follow-up sets of 10 Sessions are available for continued Cybersecurity Program development. Fees are based on travel and client needs.
The follow-up sessions concentrate on specific Risk Assessment Categories:
1. Asset Management
2. Controls Management
3. Configuration and Change Management
4. Vulnerability Management
5. Incident Management
6. Service Continuity Management
7. Risk Management
8. External Dependencies Management
9. Training and Awareness
10. Situational Awareness
Get started today by contacting Scott Madlener at (312) 533-0105