CYBERSECURITY | TRUSTED ADVISOR | vCISO
EXPERIENCE WITH INSIGHT
Embedded Files
Does Your Security Team Have The Command To Keep Your Business Safe and Profitable?
Have you heard these questions too often?
Are we taking too many risks?
How do we become fully compliant?
Where do we start?
How do we to keep up with the constant stream of new risks?
Is this possible with our small team and limited resources?
What level of risk is okay?
We answer these questions and much more!
Our Acumen - 20+ Years Industry Experience - Startups to Fortune 50 Companies
CISO - Spanning All Security Domains
Management
Controls
Policies/Procedures/Standards
Architecture/Engineering/Operations
Strategy
M&A - Cyber Due Diligence
Programs
Privacy
Governance, Risk, and Compliance (GRC)
Audit
Contingency Planning -Incident Response, Business Continuity, Disaster Recovery, Crisis Management
Technical background - Security, Networks, Information Technology, & Troubleshooting
Digital Convergence
Consulting
Service Development
Business Development
Product Enhancement
Innovation
Our Industries of Influence
Public Sector - Federal, State, and Local
Healthcare
Finance/Private Equity/Investment
Entertainment
Information Technology
Non-Profit
Transportation
Our Tagline - EXPERIENCE WITH INSIGHT
Our Services - Forged from years of experience, designed and executed with insight of what makes sense, and streamlined to save time and resources.
Contact Us: Email - cyber@SAKcyber.com Phone - 303-947-7096
"They are women and men who are preparing themselves not for the comfortable predictability of yesterday but also for the realities of today and all of those unknown possibilities of tomorrow."
source - TED talk Roselinde Torres
Predictability of Yesterday:
We just don't have the time.
I don't have the funding or resources.
This is overwhelming; I don't know where to start?
Can You Navigate Today's Realities and Landscapes?
-2021 will be a record-breaking year for data breaches -
According to Identity Theft Resource Center (ITRC) research, the total number of data breaches through September 30, 2021 has already exceeded the total number of events in 2020 by 17%, with 1,291 breaches in 2021 compared to 1,108 breaches in 2020.
In particular, manufacturing & utilities sector was deeply impacted, with 48 compromises and a total of 48,294,629 victims. The healthcare sector followed, with 78 compromises and more than 7 million victims. Other sectors with more than 1 million victims included financial services (1.6 million victims), government (1.4 million victims) and professional services (1.5 million victims).
source - Security Magazine
- THREAT LANDSCAPE-
Number of Incidents Compared to 2020
Attack Consequences
Type of Data Stolen - Organization Victim Categories - Organization
- COMPLIANCE AND REGULATORY LANDSCAPE -
- SECURITY PROGRAM LANDSCAPE -
- SECURITY CONTROLS LANDSCAPE -
What is "Experience with Insight"?
Providing the CLARITY, GUIDANCE, AND STRUCTURE to ALL Your Landscapes.
With 20+ Years Practicing the Tools, Templates, and Standardized Best Practice Methodologies Needed to Support and Mature Your Security Program with Alignment to Your Business Priorities.
- PRIMARY SERVICE OFFERINGS -
- PRIMARY SERVICE OFFERINGS -
Maybe you just need an assessment? OR Maybe you need an entire security program designed to adhere to HIPAA, FFIEC, SOX, GLB, PCI, or another? All of the above? Or maybe just HIPAA? Whether its a full service engagement, just templates to get going, on-call advisory (when you just aren't sure what you need or when), or just plain advice (someone to bounce things off of), its not a problem. Our services are designed to be very flexible, tailored to suite your existing or future needs, AND fashioned to adhere to your contractual and regulatory mandates.
If it isn't listed within one of our primary services, just ask. There is a good chance we can help.
vCISO - Virtual Chief Information Security Officer
vCISO - Virtual Chief Information Security Officer
Your vCISO will be your security expert capable of working across many security domains, acting as an extension to your team (managerially and technically) . An engagement can range from a longer, all service items, or customized with only options based on which ones work best for you.
Summary
Security Program - Development, Maturity and Gap Assessment, Execution, Roadmap
Security Tool/Control Assessment and Rationalization – existing or future purchase help
Vulnerability Management
Mitigation Assistance
Policy/Procedure/Standard
Training and Awareness
vCISO - Additional Areas of Expertise
Business Enablement
Staff Evaluation
Secure Software Development Lifecycle (SSDLC)
System Development Lifecycle (SDLC)
Security Operations (SOC)
3rd Party Vendor Management
Procurement
Security Questionnaires
Legal - contracts and BAA's
Human Resources
Product Evaluation
Product Enhancement
Cyber Insurance
Privacy
Penetration Testing
Architecture
Cloud Security
Service Creation
Project Management
Identity Access Management (IAM)
Investigations
Hardened Configurations
ITIL
ITSM
ROI
Contingency Planning
Contingency Planning
Based on NIST Special Publications, this service includes Business Continuity (BC), Disaster Recovery (DR), and Crisis Management (CM) program(s).
Summary
Policy(s)
Plan(s)
Training
Exercises
Additional Templates - Business Impact Assessment (BIA), metrics, call trees, communications, & lots more.
Incident Response (IR) - Preparedness
Incident Response (IR) - Preparedness
Your complete incident response program designed to adhere to your compliance and regulatory mandates.
Summary
Policy
Plan - step-by-step execution plan with accompanying templates
Training - Plan design and execution
Exercises
Reports - Executive Summary w/metrics and Post Incident
Additional Templates - metrics, call trees, communications, & lots more.
Governance Risk And Compliance (GRC)
Governance Risk And Compliance (GRC)
This service ties together the three practices of Governance, Risk, and Compliance (GRC). We can help identify your biggest risks, assist with mitigations, create a best practice framework to fit your needs, formulate strategy, integrate procedures, and drive execution while ensuring compliance and customer requirements. Oh...and if you are thinking about moving your manual GRC program to an automated tool, we can assist with that too, from requirement generation and vendor reviews to tool selection and program migration.
Governance
Strategy
Framework Analysis, Development, and Compliance Mapping
Policies, Procedures, and Standards
Risk Management Program
Strategy
Development
Analysis
Procedures and Integrations
Risk Registry
Risk Assessment
Mitigations
Templates
Compliance/Auditing Program
Program Development
Adherence Assessment
Mitigations
Privacy Assistance
Mitigation
Templates
Audit Assistance
Pre-Audit Assessment - SSAE 18 SOC II Type 1/2
Mergers & Acquisitions (M&A) Cyber Due Diligence
Mergers & Acquisitions (M&A) Cyber Due Diligence
M&A's are a constant. What isn't a constant? The activity of performing cybersecurity due diligence, prior to close. This is almost always neglected and a bad practice. Now, it doesn't have to be that way. This service offers a three phased approach, thus allowing an acquirer the ability to decide at the end of each phase if they want to continue or stop, in turn potentially saving time and money.
Summary Phase 1
Intelligence Gathering (OSINT) - People, Company, IP
External Exposures
Known Incident(s) or Issues
Publicly Available Information Analysis
Reputation
Summary Phase 2
Company Security Program Assessments
Controls and Architecture - Maturity and Gaps
Risk Assessment
Resource Capability Assessment
Independent Audit Report Reviews
Summary Phase 3
Traffic Analysis
Code Analysis
Penetration Testing
Vulnerability Scanning
Vendor/Service Provider Analysis
Note that in some cases services are conducted by additional parties and or services.
Threat Hunting
Threat Hunting
Are you missing any indicators of compromise (IOC's)? Has your IP left the comforts of your home? Or if an employee has caused your company harm? Maybe you just need assistance with managing vulnerabilities?
Summary
Vulnerability Management Program development with Integration to Patch Management
Existing Vulnerability Analysis and Prioritization Assistance
Vulnerability Scanning
External Analysis
Intelligence Gathering (OSINT)
Reputation
DNS
Footprint
Note that in some cases services are conducted by additional parties and or services.
Page updated
Report abuse