Information & Cyber Security Services

Information security isn’t just for IT people and executives and directors have an important role in defining and overseeing an organization’s security posture. We offer a full range of information security services based on well-established industry standards and frameworks. Policy and procedure are the cornerstones of a solid security program, so that is our starting point. We don’t sell hardware or software and have no incentive to sell you “stuff” that may or may not provide your organization additional protection. We do work with your staff and vendors to develop a comprehensive, layered, defense in depth approach to your information security requirements.

InfoSec Basics

Cybersecurity

Cybersecurity is about protecting digital information and it is a subset of Information Security. Building Cybersecurity infrastructure before you have built you Information Security framework is similar to building rooms before you have built a foundation.

Information Security

Information Security is concerned with protecting three aspects of ALL your information:

  • Confidentiality
  • Integrity
  • Availability

You need a cybersecurity plan, but you need to build that plan as a component of a a comprehensive Information Security plan. The foundation for a solid Information Security plan requires several components:

Information Security Program Requirements

Security Policy

A Comprehensive Security Policy is a collection of individual policies. Different businesses require different types of policies and regulatory compliance is an important aspect to consider when developing your policies. A security policy is generally developed over a long period of time and should be approved at the highest level of governance in your organization and must be reviewed periodically and.

Acceptable Use policy

Information Inventory

  • What are you protecting?
  • What format is the information in? Digital, paper, or other formats?
  • From whom are you protecting it?
  • Why does it need protection? Regulatory compliance? Company proprietary information?
  • How will you protecti it?

Risk Assessment

Periodic risk assessments are an essential component of a good security policy and are required for compliance with regulations such as HIPAA.