Phone: (973) 337-2500
Cybersecurity Compliance Consulting
IT/Cybersecurity Governance
In today’s hosting environment, management’s responsibility for IT/cybersecurity governance, including critical compliance and security requirements, is a complex task that requires specialized skills and experience. We help companies accomplish this task by working with management to identify gaps in their current IT/cybersecurity governance capabilities using our assessment process and design solutions to address these gaps.
Get One Day Free of the Initial Five-Day Risk Assessment
Governance Oversight Assessment
To assess the completeness of governance oversight, we examine the implementation of the seven components of IT/cybersecurity governance. Gaps are identified between what is expected in the individual governance component, with what has been implemented by the organization. We collaborate with management to prioritize gaps to be addressed.
IT/Cybersecurity Risk Assessment
Examine the structure and completeness of the current risk assessment and the supporting risk/control matrix, including related host provider’s risks.
Policies and Procedures
Review the alignment of the policies to the IT risks/control matrix to identify missing or misaligned policies.
Incident Response Plan
Review regulatory and client requirements for reporting data breaches, including the steps defined for the communication of information to all necessary parties. Review host provider incident response plans.
BCP/DR Plan
Comparison to the business requirements for the business recovery site design and recovery time objectives. Review the specifications of the disaster declaration process and the relationship with the host provider’s DR plan.
SEC Cybersecurity Guidance
Review of current documents identified by management for meeting the 2015 SEC Cybersecurity Guidelines (using NIST Cybersecurity Framework ver.1.1).
Change Management
Review the procedures for submitting and reviewing change requests and moving changes into production. Review host provider notification process for their changes to production.
Vendor Management
Examine the services provided by third parties, their contractual terms (SLAs), and the monitoring mechanisms in place to assess the state of their service delivery.
Delivering Excellent IT and Cybersecurity Services in the Continental United States Since 2006
Service Delivery and Governance Tool
Service Delivery
For each IT/cybersecurity governance component, we produce a deliverable documenting the results of the assessment stating where required elements were present or a gap(s) identified, accompanied by an implementation plan for recommended adjustments. This is followed by ongoing monitoring of efforts and assistance with management’s self-assessment activities.
Management Self-Assessment
Annual management self-assessment of the effectiveness of the controls in the IT/cybersecurity environment.
Ongoing Monitoring
Identification of issues, recommended next steps, and implementation plan.
Initial Assessment
An assessment of the seven key IT/cybersecurity governance topics, with each topic reflecting the appropriate framework for its evaluation.
Recommended Remediation
Identification of issues, recommended next steps, and implementation plan.
Governance Tool
We utilize our governance/risk tool to collect and store information for ongoing monitoring and management self-assessments.
Assessment Scope
Risk Appetite
Inherent Risk
Mitigating Controls
Residual Risk
Remediation Plan