Service Area: New York Metropolitan Area, Continental US

IT and Cybersecurity Specialists at Your Service

Helping You Transform Threats into Security

CONTACT US

Achieve Optimal Cyber Resilience

Helping You Transform Threats into Security

CONTACT US

Evaluating and Elevating Your IT and Cybersecurity Measures

Helping You Transform Threats into Security

CONTACT US

Cybersecurity Compliance Consulting

IT/Cybersecurity Governance

In today’s hosting environment, management’s responsibility for IT/cybersecurity governance, including critical compliance and security requirements, is a complex task that requires specialized skills and experience. We help companies accomplish this task by working with management to identify gaps in their current IT/cybersecurity governance capabilities using our assessment process and design solutions to address these gaps.

Get One Day Free of the Initial Five-Day Risk Assessment

Governance Oversight Assessment

To assess the completeness of governance oversight, we examine the implementation of the seven components of IT/cybersecurity governance. Gaps are identified between what is expected in the individual governance component, with what has been implemented by the organization. We collaborate with management to prioritize gaps to be addressed.

Examine the structure and completeness of the current risk assessment and the supporting risk/control matrix, including related host provider’s risks.

Review the alignment of the policies to the IT risks/control matrix to identify missing or misaligned policies.

Review regulatory and client requirements for reporting data breaches, including the steps defined for the communication of information to all necessary parties. Review host provider incident response plans.

Comparison to the business requirements for the business recovery site design and recovery time objectives. Review the specifications of the disaster declaration process and the relationship with the host provider’s DR plan.

Review of current documents identified by management for meeting the 2015 SEC Cybersecurity Guidelines (using NIST Cybersecurity Framework ver.1.1).

Review the procedures for submitting and reviewing change requests and moving changes into production. Review host provider notification process for their changes to production.

Examine the services provided by third parties, their contractual terms (SLAs), and the monitoring mechanisms in place to assess the state of their service delivery.

Delivering Excellent IT and Cybersecurity Services in the Continental United States Since 2006

Service Delivery and Governance Tool

Service Delivery

For each IT/cybersecurity governance component, we produce a deliverable documenting the results of the assessment stating where required elements were present or a gap(s) identified, accompanied by an implementation plan for recommended adjustments. This is followed by ongoing monitoring of efforts and assistance with management’s self-assessment activities.

Management Self-Assessment

Annual management self-assessment of the effectiveness of the controls in the IT/cybersecurity environment.

Ongoing Monitoring

Identification of issues, recommended next steps, and implementation plan.

Services Delivery Graph

Initial Assessment

An assessment of the seven key IT/cybersecurity governance topics, with each topic reflecting the appropriate framework for its evaluation.

Recommended Remediation

Identification of issues, recommended next steps, and implementation plan.

Governance Tool

We utilize our governance/risk tool to collect and store information for ongoing monitoring and management self-assessments.

Assessment Scope

Risk Appetite

Inherent Risk

Mitigating Controls

Residual Risk

Remediation Plan

Learn more about our IT and cybersecurity services.

INQUIRE NOW