Your Roadmap to Improved Data Privacy
Evaluate your company’s security and privacy against stringent globally recognized standards and best practices. Your cybersecurity assessment can be used to validate adherence to relevant standards or as an easy to understand, prioritized road map for enhancing privacy and security.
Specifically, the cybersecurity assessment will focus on the following topics:
- Breach Notification
- Data Governance/Classification/Handling
- Email Security
- Employee Training
- Information Security
- Inventory & Asset Management
- Mobile Devices
- Physical / Facility Security
- Policies and Plans
- Regulatory Compliance and Audit
- Risk Management
- Network Security
- Software Development
- Vendor Management
- Backup and Recovery
- Resiliency, Business Continuity, and Disaster Recovery
- Encryption
- Authentication and Access Controls
- Logging, Auditing, and Monitoring
- Vulnerability Management
- Malware Protection
- Patch Management
- Endpoint Protection
- Wireless Security
The Problem
Determining Proportionality
Every company is unique, and their cybersecurity program should be as well. What may be considered a strong program for one may not be adequate for another, and vice versa. There are a number of factors that should be considered when developing or modifying a company’s cybersecurity strategy, including:
- The size and complexity of the company;
- The type and amount of data that is maintained;
- The cost and availability of tools required to reach compliance; and
- The availability of resources.
A small company is not going to have the same amount of data or resources as its larger counterpart. They are often left with two options: comply to their detriment or do nothing. Neither option is an acceptable approach.
Solution
The Cybersecurity Assessment is a proportional and reasonable assessment that evaluates a company’s security and privacy against a set of globally recognized standards and best practices. Recommendations and requirements from standards are mapped into a single set of objectives, provided in a prioritized action plan, that are ranked by criticality and include the cost and complexity required to remediate the issue.
Not only does this help organizations avoid the cost, complexity, and redundancy of multiple independent assessments, but it also allows them to prioritize their remediation efforts and minimize their risk efficiently.
The Cybersecurity Assessment results can be used to validate adherence to relevant standards and regulatory objectives from:
- NIST SP800-53
- NIST SP800-171
- CIS Controls
- GDPR
- CCPA
- ISO/IEC 27001
- AICPA Trust Service Criteria 2014 used in the SOC2 and SOC3,
- HIPAA/HITECH Omnibus Rule
- PCI DSS 3.2
- FISMA
- NYDFS Cybersecurity Regulation
- GLBA
- CMMC – Cybersecurity Maturity Model Certification
- FERPA
- COBIT
- ITAR