Governance, Risk & Compliance

Why does cybersecurity scare me? How do I know if my information is secure? Information security deals with my internal network, but Cybersecurity risks are lurking in the external, in areas I don’t understand. How do I even begin to ensure my organization is secure?


Security with a business focus

What are your organization’s mission and goals? Are IT risks understood by the business? Is your organization facing changes through mergers and/or acquisitions? Are there compliance requirements you must meet? Our approach begins with your business, takes a holistic risk-based approach to management of information security and protection against Cybersecurity threats. We focus on establishing a sound security posture while reducing the cost of containment.

Our services support business processes to enable the alignment of business with IT. Our management and technology consultants address the complexity of this area while balancing security with business needs and overall compliance. Our processes analyze threats, vulnerabilities and impact to determine important risk factors, then identify cost-effective mitigation strategies and establish ways to monitor ongoing progress.

Information Security Program
  • Strategy and Enterprise Strategic Alignment
  • Security Roadmap
  • Governance Framework and Structure
  • Policies, Standards, Processes, Procedures and Guidelines
  • Security Architecture
  • Security Roles and Responsibilities
  • Security Awareness and Training
  • System and Data Classification and Criticality Analysis
  • Security Program Management
Risk Management
  • Risk Management Framework and Program Development
  • Security Maturity Assessment
  • Business Impact Analysis (BIA)
  • Risk Assessment (RA)
  • Vulnerability Assessment
  • Penetration Testing
  • Business Resilience/Continuity Planning
  • Disaster Avoidance/Recovery Planning
  • Incident Management Program Development
  • IT Security Audit
  • HIPAA Privacy, Security and Omnibus Rules
  • HITRUST Self-Assessment Guidance
  • Commonwealth of Virginia IT Security Policy (SEC519)
  • Commonwealth of Virginia IT Security Standards (SEC501)
  • Commonwealth of Virginia IT Audit Standard (SEC502)
  • Commonwealth of Virginia Hosted Environment Security Standards (SEC525)
  • National Institute of Standards and Technology (NIST) Computer Security (800-53)
  • Industry Specific “Best Practices”
  • Reports and Metrics Guidance
  • Compliance Assurance
We Gave the DMV a Security Tune-Up
View Case Study