Information Security Management Program Assessments & Consulting

The successful, ongoing management of information security risks in your organization depends on the effectiveness of your Information Security Management Program (“ISMP”). Your ISMP requires a definitive risk management framework that drives identified security requirements and underlying controls to all information systems and components. This requires a specific methodology that should be tailored to your organization’s business objectives as well as accompanying policies and standards that fit into your business processes. Security PS can help you assess the current state of your security program or help develop one that will start your business off in the right direction. Our experienced security consultants will work with you to develop an ISMP that is appropriate for today’s high-tech climate, which requires the utmost in confidentiality, integrity and availability. Some of our offerings include:

• Information Security Program Gap Analysis and Risk Assessment
• Security Policy, Processes, Controls Review and Development
• Security Standards Review and Development
• Leadership: Virtual CISO / CISO as a Service

We can also work directly with you to customize our offerings that suit your specific business requirements.

Risk Management

Effective risk management is an essential and required component of any organization. Risk is the driving factor in determining many of the functions and controls within any information security program. Having a definitive framework and standardized processes for risk management ensures that the appropriate level of risk has been determined and assigns the required controls necessary to help ensure that any level of risk is mitigated. Security PS consultants are experts at not only assessing and managing risk through years of experience, but we can also help you incorporate a risk management strategy and framework that provides your business with the foundation it needs for efficient and appropriate controls. Through services customized to meet your organization's needs, we can help identify the areas which are missing in your risk management strategy, as well as provide facilitation in risk assessments that will get you headed in the right direction. Our offerings include:

• Risk Management Framework Development
• Risk Assessments and Process Development
• Information Asset Categorization
• Security Controls Assessment

Standards Analysis and Compliance

As technology risks continue to impact businesses and consumers, stronger regulations and standards are appearing in an attempt to protect our industries’ business ecosystems from future risk fallout. In many regulated industries, a failure to meet compliance regulations can be just as dangerous to your business as having your security defenses fail in an attack. It is critical for the continuity of your business to ensure that your information security program is proactively meeting requirements and is able to prove so. In addition, regulations have not been created for your organization specifically, so care must be taken to implement regulations in such a way that will provide value to your organization, rather than only add work without benefit. Security PS is prepared to assess your standards and compliance needs, as well as your overall risk management requirements to ensure you maintain the appropriate balance of both compliance requirements and effective information security. Our team is experienced with a range of standards including:

• ISO 27001/27002
• NIST CSF (Cybersecurity Framework)
• NIST 800-53 (NIST 800 series)
• Federal Financial Institutions Examination Council (FFIEC)
• Gramm-Leach-Bliley Act (GLBA)
• Federal Information Security Management Act (FISMA)
• NERC CIP