The Policy & Risk Review is based on the Highground Cyber’s award winning Smart and Safe Assessment and looks at two critical success factors. The first work package looks at the Policy and Controls structure of your organization for both gaps and for the quality of those policies in place. The second does a deep dive into the Notorious 9 risk factors to establish the financial risk profile for your company. This is a C-suite engagement that takes as little as two week to complete and can be a quick win for any organization wanting to better understand their cybersecurity posture.
The Highground Cyber’s award winning Smart & Safe Assessment is an affordable, efficient, and comprehensive cross-functional, wide angle view of your organization’s Cybersecurity Posture. The assessment looks at three critical success factors. The first work package looks at the Policy and Controls structure of your organization for both gaps and for the quality of those policies in place. The second does a deep dive into the Notorious 9 risk factors to establish the financial risk profile for your company. The final work package is a technology assessment of your threat surface that uses a hybrid of the black box and crystal box approach. The entire engagement is designed to be as easy for your team as possible. Nothing is installed in your environment and none of your data ever leaves our hardware, which uses military grade encryption.
Ethical hacking is a powerful tool in validating your Cyber Security posture and is often an annual requirement for some organizations or certain types of insurance coverage. Ethical Hacking engagements are bespoke to each customer and may include a Network Penetration, Website or Web App testing, Social Engineering campaigns, and a physical Security test. Unauthorized access of any system is a Federal Felony so we will only discuss this service with corporate officers who have the authority to approve the work.
Security Infrastructure: Hackers and bad actors use sophisticated tools to breach your environment and trick your employees. You are going to need to put defensive capabilities and countermeasures in place to make it a fair fight. A Firewall and some anti-virus isn’t going to get the job done anymore. We scrutinize vendors in a each of the core capabilities and only work with the best in the business.
Compliance and Notification Planning: Regulations and statutes are constantly changing and we know you probably don’t have time to stay on top of this. We can help. Our research partners and memberships in Information Sharing & Analysis Organizations (ISAO) keep us up to speed so we can keep you on top of your compliance and notification obligations.
Policy Manual Portfolio: Clear expression of your policies regarding cybersecurity is paramount to your customers, partners, employees, and vendors understanding their roles, responsibilities and boundaries for the security of your organization. We all know policies are important but let’s be honest... we all hate to write them. We understand. That is why we have built a library of over 300 policy templates that we can help you choose from and customize to your organization’s needs.
Incident Response Playbooks and Practice: Almost every organization is required to have fire drills and emergency response plans for a natural disaster like an earth quake or tornado. Cyber is no different. Putting a plan in place to respond to incidents like a ransomware attack or a data breach is vital to ensuring resilience. The challenge is knowing where to start. That’s why we built playbook templates that we can help you choose from and customize to your organization’s needs. We can also help you practice these playbooks with table top simulations to make sure people know what to do when the real incident happens.
Governance Frameworks: We believe that the Red Team – Blue Team model is foundational to the effective governance of your organizations cybersecurity posture. So much so, that as a Virtual Red Team, we will not engage if we are asked to report to the Blue Team or interfere with their operational responsibilities. Once Red Team-Blue Team is established, your organization will need to adopt a Framework appropriate to your industry and data. If your not sure where to start, we can help.
What is a Virtual Red Team? The Red Team is a collection of security professionals that work as a team to help you find the vulnerabilities and risks in your environment before somebody else does. This Red Team is collectively responsible for many of the most crucial aspects of your cyber security program. In enterprise organizations these roles are filled by full time individuals, teams or even departments. We know that is not financially realistic for most Small & Mid Market companies, so we offer this on a fractional or “Virtual” team basis as a monthly managed service.
V-CISO : With our Virtual/Fractional Chief Information Security Officer you gain access to an experienced information security leader without increasing headcount. This role is the primary interface to your C-Suite team and is responsible for designing your Cybersecurity program and orchestrating its execution across customers, partners, employees, and security professionals.
V-Security Architect: With a virtual Security Architect you gain access to an experienced architect that can help you select and blend solutions together so your infrastructure is secure and organized to maximize the value of your investment. This role can work collaboratively with Cloud, Application, and Data architects if you have these relationships in place today.
V Security Analysts & Specialists: The virtual team of analysts and specialists can be customized to meet your organization’s needs. This virtual team may include a Security Operations Center (SOC) or Analysts who specialize in Threat Surface management. This team also often include members who specialize in policy, compliance, and incident planning. The beauty of this model is that you don’t have to recruit, retain, or manage this diverse group of talent, but you get access to their unique and important skills only when needed.