Cyber Risk Assessment:

The risk assessment will be mapped to the most recent version of the NIST SP 800-53, SP 800-171 or ISO 27002, and will identify the purpose of the applicable controls, identify controls that are not enabled, and provide guidance for implementing the applicable controls.  

Incident Response Planning:

The incident response plan (IRP) will be mapped to the most recent version of the NIST 800-61, and will identify the phase of response to a data security incident, identify the internal and external responders, provide guidance on the response to different types of incidents involving different types of data, and provide guidance on navigating applicable notification laws and regulations.  

Table-Top Exercises: 

Mock data breach exercises are conducted in a table-top manner onsite for two to five hours depending on the client’s desired scope.  The exercise is structured to present both digital and physical threat scenarios and escalations to allow business decision makers to problem solve and manage the crisis issues depicted.  

Privacy Data Policies: 

This service involves the review of existing privacy and/or development of new privacy policies, including terms of use provisions, opt-out, and marketing provisions;  

Information Security Policies & Procedures: 

This deliverable includes the review of existing InfoSec and/or development of new InfoSec policies, including processes and procedures, Cloud security, and insider/employee data handling.  

Mergers & Acquisitions Due Diligence Assessments:

Incorporate warranties that hold the service provider accountable for rendering services in accordance with the agreement and applicable law.  

Apply a favorable choice of venue provision governing disputes under contract.  

Avoid potential pitfalls such as waivers of subrogation that may preclude our clients or their insurer’s from recovering damages attributable to a service provider’s conduct.