Cyber Security Services

Multi-layered security is no longer an option in 2019, we need to be agile and ready for the worst. – Peter Casserly

 

Small businesses deserve enterprise-level protection

 

The internet offers significant benefits to small and medium-sized businesses, but with it comes many security risk. From ransomware to DoS attacks, layering protection into your current IT infrastructure is becoming more important every day. We can help you get this done.

Identify

Understanding the business context, the resources that support critical functions, and the related cybersecurity risks enables an organization to focus and prioritize its efforts, consistent with its risk management strategy and business needs.

Examples of outcomes:

  • Identifying physical and software assets within the organization to establish the basis of an Asset Management program
  • Identifying the Business Environment the organization supports including the organization’s role in the supply chain, and the organizations place in the critical infrastructure sector
  • Identifying asset vulnerabilities, threats to internal and external organizational resources, and risk response activities as a basis for the organization Risk Assessment

Protect

Developing and implementing the appropriate safeguards to ensure delivery of critical infrastructure services.

Examples of outcome:

  • Empowering staff within the organization through Awareness and Training including role based and privileged user training
  • Establishing Data Security protection consistent with the organization’s risk strategy to protect the confidentiality, integrity, and availability of information
  • Protecting organizational resources through Maintenance, including remote maintenance, activities

 

Detect

Developing and implementing the appropriate activities to identify the occurrence of a cybersecurity event. This function, eEnables timely discovery of cybersecurity events.

Examples of outcome:

  • Ensuring Anomalies and Events are detected, and their potential impact is understood
  • Implementing Security Continuous Monitoring capabilities to monitor cybersecurity events and verify the effectiveness of protective measures including network and physical activities
  • Maintaining Detection Processes to provide awareness of anomalous events

Respond

Developing and implementing the appropriate activities to take action regarding a detected cybersecurity event. ItThe Respond Function supports the ability to contain the impact of a potential cybersecurity incident.

Examples of outcome:

  • Ensuring Response Planning process are executed during and after an incident
  • Managing Communications during and after an event with stakeholders, law enforcement, external stakeholders as appropriate
  • Mitigation activities are performed to prevent expansion of an event and to resolve the incident

Recover

Developing and implementing the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event. It supports timely recovery to normal operations to reduce the impact from a cybersecurity incident.

Examples of outcome:

  • Ensuring the organization implements Recovery Planning processes and procedures to restore systems and/or assets affected by cybersecurity incidents
  • Implementing Improvements based on lessons learned and reviews of existing strategies
  • Internal and external Communications are coordinated during and following the recovery from a cybersecurity incident

Frequently Asked Questions about Cyber Security Services

 

Assessment team has 4 years experience performing security assessments + industry leading certifications (Assessments performed by personnel with one or more of the following certifications: CompTIA Advanced Security Practitioner, Certified Cloud Security Professional, Security+, Network+, Systems Security Certified Professional, EC Council Certified Incident Handler, EC Council Certified Encryption Specialist, Web Security Associate.

The assessment concludes with an interactive executive briefing with prioritized findings and guidance for security maturity. After the briefing, the written summary and any supporting documentation will be delivered in-person by Casserly Consulting's team.

  • Administrative access to a Microsoft Active Directory domain environment.
  • 30-60 min. of a business leader’s time for contextual interviews.

Liabilities and risks vary from business to business, and the Cyber Security Assessment serves as a compass, giving meaningful direction for security efforts. You can buy security add-ons/services/monitoring with or without an assessment, honestly, but if you are to meaningfully improve your security posture/maturity — and do it in a prioritized, cost-effective manner —, SOMEONE is going to have to take a holistic look at what your business is trying to accomplish and what’s being done (or NOT DONE) to secure you against the risks particularly relevant to your business model.

Let’s look to enterprises as our guide: In enterprise business, there’s a NOC (network operations center) and a SOC (security operations center). They’re staffed by different people and have different, but synergistic objectives. An MSP is like the NOC, who keeps things running, assists users, and maintains configurations. An MSP may perform a few SOC tasks, but that’s not their primary role. There is typically very little overlap in tasks and duties. There is a new term for MSPs that deliver security services: MSSP (managed security service provider). These entities may or may not overlap with traditional MSPs.

The assessment requires the same time and resources for any company, and all companies will receive similar advice/guidance with regard to prioritized security remediation guidance.

We are located in Bedford, but our team can go to Boston, Cambridge and all the North Shore of Massachusetts.