We will take a full day to offer a more in-depth review of your security and privacy technologies, processes, and organization. In this longer session, we will be able to cover specific practices, policy recommendations, technical solutions, and process shortcomings together, and we will develop a written report that includes a plan of attack for areas that could be improved.”
Level 2 – Full-Day Security and Privacy Consultation
Service features & benefits
Consulting Package Level 2 – Full-Day Security and Privacy Consultation ($1,750)
CyberScout will deliver to the Customer a general understanding of the state of their security and privacy practices along with recommendations on how to mitigate risks that exist. The intent is to help the Customer eliminate privacy and security risk. CyberScout will conduct a 6-hour review, provide written documentation and 2-hour report review call.
Objective:
CyberScout Consulting delivers to Cybershield Global’s (CSG’s) members a general understanding of the state of their security and privacy practices along with recommendations on how to mitigate risks that exist. The intent is to help the member eliminate privacy and security risk as part of the services that CSG is offering, potentially reducing risk for the member in the process.
Scope:
This engagement will include the existing processes and procedures, whether they are documented or not, for each CyberShield Global member. Only information shared through meeting with personnel from the member organization will be included in this review, but that information will cover the processes, the technology, and the organizational controls at the member organization.
Approach:
CyberScout will arrange a meeting, either in person or via WebEx, with key personnel from the member organization. We will then deliver a detailed agenda to the member, including details about what information we will be asking for.
During the discussion, CyberScout will lead a facilitated session that will review:
- Perimeter network security
- Practices for user management
- Practices for access control
- Data classification and management
- User education
- Roles and Responsibilities
- Policies and Procedures
- Practices for risk assessment and vulnerability management
- Processes for controlling security risks presented by third-parties
- Breach and Incident Response procedure
After gathering information on these areas, we will identify the risk inherent in the member’s enterprise and summarize those risks, along with recommendations on how to alleviate the risks, in a brief report.
Deliverables:
Written report delivered 1-2 weeks from discussion. Follow-up phone call to discuss report