Cyber Security Policies, Assessments and Audits

A strategic consultancy dedicated to helping small businesses manage risk and avoid cyber attacks.

Why should we have Cybersecurity Policies?

Policies, and their derived procedures, should be more than just a set of rules that impress auditors or regulators. Having policies that are not read or followed are often worse than not having the policies at all.
Policies and Standards must be easy to read, and understand, if they are to be implemented successfully in your organization.

Having formal policy statements help ensure that your practices and procedures evolve in a way consistant with business requirements.

defcon21 can provide your organization with a comprehensive set of Information Security Policies.

What is a strategic cyber risk assessment?

Through a series of guided questions, a risk assessment is comprehensive look into your security posture to determine and highlight gaps in cyber security coverage. The assessment is the cornerstone tool for evaluating and managing cyber risk, answering three key questions:

  • What are the major categories of threats we face?
  • Which threats will we encounter most frequently?
  • Which threats will have the most impact on my organization?

Our strategic cyber risk assessment provides this critical knowledge for small businesses.

Do we need an Audit?

The value of an independant audit is well known when it comes to your finances. Your data and systems are no less important as the life blood of your business. Our assessment turns the data you provide into an actionable report to help secure your valuable assets.

Of course, regulatory compliance requirements also drive audits. These compliance audits usually fall into these categories:

New York DFS (Part 500) NYDFS Part 500 applies to all "covered entities," which include all banking organizations, insurance companies, money services business. Smaller businesses are exempt from many of the provisions, but are still required to address risk and conduct an annual audit, among other requirements.

HIPAA - More than 700,000 hospitals, emergency medical clinics, dental offices, nursing homes, and other health-related entities and an estimated 2 million other companies that do business with these entities are required by law to have a specialized IT risk assessment performed to satisfy the requirements the Health Insurance Portability and Accountability Act (HIPAA).

PCI - The PCI DSS applies to any merchant or service provider that handles, processes, stores or transmits credit card data. The rule is if you store, process, or transmit credit card data you must be compliant with the PCI standards. Our contract with an ASV (Approved Scanning Vendor) helps ensure full PCI compliance.