Industrial organizations always attract attention from both cybercriminals and politically-motivated threat actors. Reflecting on the previous half year, we have seen among other findings, growth in the number of cyberespionage and malicious credential stealing campaigns. Their success has most likely been the main factor raising the ransomware threat to such [...]
Companies are required to comply with security regulations, legal or contractual obligations in order to protect their corporate and client information.
You want to preserve your client identities by protecting their credit card, personal or medical information.
We will define the scope of compliance that is specific to each company. Once identified, our objective is to reduce it to what is necessary and avoid compliance fatigue.
We conduce a diagnostic of your current security posture to meet compliance requirements. Our objective is to identify gaps, have the most realistic picture of the situation and estimate the necessary effort to become compliant
We support you in the process of achieving compliance. Our goal is to determine the best strategy to fill your gaps , be your Security Subject Matter Expert (Virtual CISO) and provide you advisory services
Payment Card Industry – Data Security Standard
Are a set of security standards outlined to ensure that businesses that process debit or credit card information operate in a secure environment. In case your company accepts card payments, then you MUST protect your data or securely host your data through a PCI compliant hosting provider.
ISO/IEC 27001 is widely known, providing requirements for an information security management system (ISMS), though there are more than a dozen standards in the ISO/IEC 27000 family. Using them enables organizations of any kind to manage the security of assets such as financial information, intellectual property, employee details or information entrusted by third parties.
System and Organization Controls
Report on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy
To improve the efficiency and effectiveness of the health care system, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Public Law 104-191, included Administrative Simplification provisions that required HHS to adopt national standards for electronic health care transactions and code sets, unique health identifiers, and security.
The General Data Protection Regulation (GDPR) is the toughest privacy and security law in the world. Though it was drafted and passed by the European Union (EU), it imposes obligations onto organizations anywhere, so long as they target or collect data related to people in the EU. The regulation was put into effect on May 25, 2018. The GDPR will levy harsh fines against those who violate its privacy and security standards, with penalties reaching into the tens of millions of euros.
Cybersecurity Maturity Model Certification
The DoD is now requiring contractors to be certified in order to prove controls are in place to protect sensitive data including Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). The CMMC model accounts for best practices of different cybersecurity standards such as NIST SP 800-171, NIST SP 800-53, ISO 27001, ISO 27032, AIA NAS9933, and others into one collaborative standard for cybersecurity.
The CMMC has five defined levels where each level has a subset of practices and processes to support the various levels of engagements.
Level 1 : Safeguard Federal Contract Information (FCI)
Level 2: Serve as transition step in cybersecurity maturity progression to protect Controlled Unclassified Information (CUI)
Level 3: Protect Controlled Unclassified Information (CUI)
Levels 4-5: Protect CUI and reduce risk of Advanced Persistent Threats (APT)