Cybersecurity Compliance

Cybersecurity compliance services are employed for the purpose of identifying an organization’s compliance with industry standards or regulations. This includes reviewing in-place security controls for both physical and logical assets. Compliance assessments and auditing do not test the effectiveness of existing security controls, but rather check to ensure existing controls match the referenced standards or meet the objectives. It is entirely possible to be in compliance but to not be secure.

Cybersecurity compliance consulting includes

  • Review administrative policies, procedures, guidelines, and specifications as it pertains to information security.
  • Analyze technical controls and software solutions within the business to ensure compliance with senior management’s objectives.
  • Compare existing security controls to applicable standards, depending on the industry and risk tolerance. 
  • Recommend changes to existing security controls based on best practices, industry standards, and/or regulations. 

Programs, processes, and controls typically reviewed

Administrative Controls: Any administrative control implemented to protect the confidentiality, integrity, or availability of an organization as a whole which may include processes such as separation of duties and user training. 

Business Continuity: Assisting organizations with developing, auditing, and maintaining a program for the continuity of operations. 

Disaster Recovery: Assisting organizations in the development of a disaster recovery plan and responding to disaster declarations. 

Impact Analysis: Intrusion and impact analysis investigations look for potential cyber intrusions and analyze the potential impact of that intrusion on the business. 

Technical Controls: Any technical control implemented to protect the confidentiality, integrity, or availability of an information system such as intrusion prevention systems, privileged access management systems, firewalls, and others.  

Vulnerability Management: Assisting clients build a vulnerability management program based on industry best practices and standards.