Governance, Risk & Compliance

What can I do to prevent a cybersecurity breach? How do I know if my information is secure? Information security deals with my internal network, but cybersecurity risks are lurking in the external, where I have little visibility. How do I know if my organization is secure at all, let alone work toward a mature security posture?

Image of MANAGEMENT CONSULTANTS

Security with a business focus

IT Governance, Risk and Compliance (GRC) focuses on the disciplines for protection of IT assets and efficiency of IT operations. In turbulent times… like now, when cybersecurity is at the forefront, GRC strengthens compliance and overall security posture through the implementation of preventative controls.

What are your organization’s mission and goals? Are IT risks understood by the business? Is your organization facing changes through mergers and/or acquisitions? Are there compliance requirements you must meet? Our approach begins with your business, takes a holistic risk-based approach to management of information security and protection against cybersecurity threats. We focus on establishing a sound security posture while reducing the cost of containment.

Our services support business processes to enable the alignment of business with IT. Our management and technology consultants address the complexity of this area while balancing security with business needs and overall compliance. Our processes analyze threats, vulnerabilities and impact to determine important risk factors, then identify cost-effective mitigation strategies and establish ways to monitor ongoing progress.

 

How We Do This:

We combine a blend of best practices, industry frameworks and project management discipline. From strategy to risk management to security transformation, !m can help protect the confidentiality, integrity and availability of your organization’s valuable information assets.

 

 

Information Security Program
  • Strategy and Enterprise Strategic Alignment
  • Security Roadmap
  • Governance Framework and Structure
  • Policies, Standards, Processes, Procedures and Guidelines
  • Security Architecture
  • Security Roles and Responsibilities
  • Security Awareness and Training
  • System and Data Classification and Criticality Analysis
  • Security Program Management
Risk Management
  • Risk Management Framework and Program Development
  • Security Maturity Assessment
  • Business Impact Analysis (BIA)
  • Risk Assessment (RA)
  • Vulnerability Assessment
  • Penetration Testing
  • Business Resilience/Continuity Planning
  • Disaster Avoidance/Recovery Planning
  • Incident Management Program Development
  • IT Security Audit
Compliance
  • HIPAA Privacy, Security and Omnibus Rules
  • HITRUST Self-Assessment Guidance
  • Commonwealth of Virginia IT Security Policy (SEC519)
  • Commonwealth of Virginia IT Security Standards (SEC501)
  • Commonwealth of Virginia IT Audit Standard (SEC502)
  • Commonwealth of Virginia Hosted Environment Security Standards (SEC525)
  • National Institute of Standards and Technology (NIST) Computer Security (800-53)
  • Industry Specific “Best Practices”
  • Reports and Metrics Guidance
  • Compliance Assurance
We Gave the DMV a Security Tune-Up
View Case Study