ANALYZE RISKS, DEFINE SECURITY REQUIREMENTS, ENSURE COMPLIANCE
Take a holistic risk-based approach to information security management that protects against cybersecurity threats and aligns with your business strategies.
By properly defining risks and adopting a risk-based security framework, we implement security programs across the enterprise to ensure compliance across your systems, employees, and third-party vendors.
Cybersecurity stakes have never been higher. Cloud introduces new security patterns and approaches. Also, regulatory agencies demand compliance on regulations regarding technology risk, customer data, and more.
Our experts work with clients to build a Risk Management Program that enables the organization to minimize risks and make both strategic and tactical decisions.
frameworks
Frameworks
- NIST 800
- ISO 27000
- NIST CSF
- COBIT
- ITIL
Compliance
- GLBA
- GDPR
- CCPA
- COV SEC501
- COV SEC525
- HIPAA
- FFIEC
- PCI DSS
Governing Bodies
- HHS (HIPAA)
- OCC (FFIEC)
- FINRA
Security & Risk Management: Our Thinking
Mitigate IT Risk & Accelerate IT Maturity in Local Governments with Impact Makers
Public Sector, Business Strategy Alignment, Public Sector, Security & RiskFrom improved access to resources to creating job opportunities, transforming data management for charitable nonprofit can have a far-reaching impact....
The Realities of Ransomware. Prevent, Protect, Prepare.
Advisory, Homepage News, Public Sector, Business Strategy Alignment, Public Sector, Security & RiskBy: Ryan Meglathery, Senior Consultant, Impact Makers Over the past year, there have been several high-profile ransomware attacks in which......
The Current State of Cloud Security
Advisory, Engineering, Homepage News, Cloud Computing, Security & RiskBy: Herman Boma, Lead Architect, Impact Makers In the Summer of 2021, Herman Boma, Lead Cloud & Big Data Architect......
APIs for Sharing Healthcare Data
Advisory, Engineering, Healthcare, Homepage News, Interoperability, AWS, Cloud Computing, Data Governance, Data Privacy, Data Strategy, Healthcare, Security & RiskBy: Kevin Cox, AWS SSA, CCSK, Lead Consultant, Impact Makers This is the second post in a series about sharing......
New Solutions for Sharing Healthcare Data
Advisory, Engineering, Healthcare, Homepage News, Interoperability, AWS, Cloud Computing, Data Governance, Data Privacy, Data Strategy, Data Warehousing, Healthcare, Security & RiskBy: Kevin Cox, AWS SSA, CCSK, Lead Consultant, Impact Makers Why would providers, payers, and consumers share Healthcare data? Healthcare as an industry......
Facial Recognition: Does the “Public Domain” Equal “Fair Game”?
Advisory, Business Strategy Alignment, Financial Services, Security & RiskI would like to preface this article with a disclaimer: I am not now, nor have I ever been, nor am I likely to ever be a lawyer. I haven’t even played one on TV so, take what I say with a grain of salt with regards to the legal...
Driving Towards Cybersecurity
Public Sector, Security & RiskVirginia’s Department of Motor Vehicles (DMV) has long been recognized as an authoritative source for identification in Virginia. Security is core to the DMV’s mission. Recognizing its unique role in protecting sensitive data for the...
Cybersecurity in the Age of COVID-19
Advisory, Healthcare, Healthcare, Security & RiskOn Friday May 22nd, at 3 pm, Impact Maker’s Chris Tignor, CISO & Practice Lead of Cybersecurity & Risk Management, will be speaking in a panel discussion on Cybersecurity in the Age of COVID-19: Working from Home. Don’t miss this...
Leveraging SOC Reports
Advisory, Business Strategy Alignment, Public Sector, Security & RiskWe have been discussing System and Organization Controls (SOC) reports and how they can be a used to establish and maintain trust between service providers and their customers. In our first blog, we covered a basic understanding of...
Decoding SOC Reports
Advisory, Business Strategy Alignment, Public Sector, Security & RiskAs noted in our earlier blog, System and Organization Controls (SOC) can be helpful tool in establishing and maintaining trust between service providers and their customers. Yet there are still a lot of questions around SOC reporting:...
Demystifying SOC Reports to Build Trust and Reduce Risk
Advisory, Business Strategy Alignment, Public Sector, Security & RiskThe rise in cloud-based technology and third-party solutions increases both the complexity and uncertainty of security and compliance responsibilities. Service providers and their customers need to understand how responsibilities are...
How can a Hybrid Cloud Monitoring Solution help my team monitor the cloud?
Advisory, Engineering, AWS, Cloud Computing, Security & RiskThere are hundreds of monitoring products in the marketplace that cover monitoring from enterprise scale to small and medium businesses. How can a monitoring system help your team? It is imperative that an IT team know the state of the...
GDPR is Here! What is it and How Does it Affect Your Compliance Management Program?
Advisory, Healthcare, Data Privacy, Financial Services, Security & RiskIf you’ve been a privacy professional at any point in the last few decades, your head is spinning with the myriad of privacy laws and regulations in the U.S. and abroad. Some examples are the European Data Protection Directive of 1995,...
My Cloud Journey as an Early Adopter
Engineering, Financial Services, Architecture, Cloud Computing, Security & RiskEver heard the saying, “The Cloud is just someone else’s computer”? This is one of the many arguments I encountered as I became an early adopter in 2010. While it is technically true, it misses the point: the inherent flexibility and...
Selecting a Security Controls Framework? Here’s where to start.
Advisory, Security & RiskInterested in building a security controls framework or part of an organization that wants a robust information security program but doesn't know where to start? You're not alone. And on top of that, there are a host of frameworks and...
InfoSec Can Be Taxing, So Here’s a Taxonomy
Advisory, Security & RiskInformation Security can sometimes feel like death by documentation, like a bunch of red tape just to keep regulators and auditors at bay. Throw in differences in lexicon, and seeing how all the many pieces fit together can be quite...
Privacy and Security: What’s the Difference?
Advisory, Data Privacy, Security & RiskAs data collection has increased, so has controversy. Most of this data has been willingly given by us users in the form of our computers, smart phones, and more recently, smart home devices, cars, and even refrigerators. International...
[VIDEO] Essential Steps to Strengthening Cybersecurity
Advisory, Public Sector, Security & RiskMany organizations know they must have the basics: hire a CISO, perform a risk assessment, and find security vendors to fill up the holes. Unfortunately, these are often mere boxes to check. Impact Makers' former CISO Cathie Brown...
Organizational Risk Management Is Not Just About Compliance
Advisory, Business Strategy Alignment, Security & RiskOrganizational risk management is too often treated as a compliance issue with complex rules that result in a back office tracking of risks that don’t see the light of day. This presentation contrasts a traditional view of...
Cybersecurity Doesn’t Work Without Culture Change
Advisory, Business Strategy Alignment, Security & RiskEnhancing cybersecurity is critical, but there is a pervasive Band-Aid mindset causing organizations to commonly overlook the vital ingredient to any amount of successful security: culture change. Need a reminder why cybersecurity is...
[VIDEO] Too Many Organizations Overlook One of These Cybersecurity Building Blocks
Advisory, Architecture, Public Sector, Security & RiskWhile most organizations have made some investments in each of the three building blocks of cybersecurity, many overemphasize "technology." The most overlooked component are the "people," which will actually make or break the...
