More details about our assessments, workshops and consulting services is available below.
PCI v3.2.1 Compliance Gap Analysis
Any entity processing credit cards is currently required to be compliant with PCI DSS 3.2.1.
HIPAA Security Compliance
A requirement for any organization storing, creating, or processing personal health care records for living patients.
GDPR Compliance Gap Analysis
A European Union requirement for privacy, this assessment, also called a Data Protection Impact Assessment (DPIA), measures compliance against GDPR
NIST 800-53/171 Compliance Gap Analysis
Typically, organizations that deal with the U.S. Federal government work to be compliance with NIST Special Publication 800-53. In addition, if Controlled Unclassified Information (CUI) is in use or created this may require your organization to be DFARS (Defense Federal Acquisition Regulation Supplement)-compliant. This typically impacts research universities, defense contractors, or supporting organizations.
FERPA Data Security Gap Analysis
The Family Education Rights and Privacy Act is in place to protect student records, aligning mostly with the handling of records and their security and integrity.
FISMA Security and Privacy Assessment
NYS DFS Compliance Gap Analysis
Any organization dealing with financial transactions and operating within the state of New York has a requirement to be compliant with NYS DFS 500. This also requires the organization to have a CISO or a third party assigned the role as a virtual CISO.
California Consumer Privacy Act (CCPA) Compliance Gap Analysis
Security Risk Assessment
Aimed at reviewing your organization’s environment and providing a findings assessment and remediation roadmap to improve your security program.
Program Maturity Assessment
Review of your organization’s infrastructure, regulatory compliance program, and staffing skillset; provides feedback in the form of a 1-3 year improvement plan.
ISO Readiness Assessment
An assessment aimed at identifying any gaps between your organization’s existing environment and one certified by ISO, typically ISO 270001 – Information Security Management.
CIS Top 20 Gap Assessment
A Security Framework aimed at assisting your organization in the development of a security program that targets critical requirements first to improve
Policy Review and Creation
This program reviews policies for required design controls and creates missing policies, where needed.
Business Continuity and Disaster Recovery Planning
A regulatory compliance requirement and a part for all security frameworks, Business Continuity and Disaster recovery planning helps your organization understand requirements and processes in order to return an origination to a pre-incident state.
Virtual Chief Information Security Officer (vCISO)
Aimed at organizations without a security program or that have an immature program, the vCISO delivers services required to develop a security program and increase maturity to deal with regulatory and other security needs.
Incident Response Playbook Development
All organizations need a run book in order to respond to a variety of events and incidents. This program is designed to deliver an IR Plan tailored to your organization’s needs and skillset.