CyNtell has experience providing turnkey Cybersecurity solutions to small to medium sized organizations. We provide support with network policy development, risk assessments, security evaluations, phishing & social engineering prevention, mitigation planning, incident response planning, BCP & COOP analysis, and Cybersecurity awareness program management and training. Contact us today to receive details regarding the following family of solutions below.
Cybersecurity Program Management
The sad reality of today’s business environment is that every organization needs protection from intruders and hackers. Organizations like yours are targets of criminals, corporate espionage, and potential terrorists. Organizations need reliable, responsible and consistent support solutions to identify and mitigate threats, vulnerabilities, and potential attacks. CyNtell provides Cybersecurity Program Management to ensure that your organization’s Cybersecurity and Privacy Policies are implemented and incorporated into the organization’s IT infrastructure and operational procedures. CyNtell will designate a Cybersecurity Specialist to be your organization’s adjunct Chief Information Security Officer (CISO) who directly manages all the aspects of the Cybersecurity program.
Let CyNtell take the burden and responsibility for an effective Cybersecurity program off of your shoulders. Let the expertise and experience of a professional services company be your organization’s Cybersecurity department. Our solution is to make mitigation and monitoring practices transparent yet effective for your organization so that you can do what you do best while trusting that your organization is protected.
The International Standards Organization’s (ISO) 27000 series on Information Security mandates that an organization perform a risk assessment as the baseline for Cybersecurity policy development and program establishment. The results of an assessment determine the mitigation strategy defined in the developed policy. It demonstrates proper due diligence by the organization’s Cybersecurity program. Our approach incorporate ISO and NIST risk assessing guidance and best practices. Our experienced Cybersecurity consultants will use documentation and personnel interviews to obtain the necessary details about the organization’s business model, technology infrastructure and data processing. Every engagement concludes with a completed checklist and a Risk Assessment Report (RAR) which illustrates the firm’s current risk profile.
Cybersecurity Policy Development, Validation & Refinement
Every organization needs a Policy to guide its Cybersecurity Program. The policy must be customized and tailored to the organization’s business operations, and be the direct result of some form of risk assessment. CyNtell provides policy development services in conjunction with a risk assessment as a turnkey solution. Our approach to policy development is derived from ISO and NIST guidelines, and over a decade of auditors’ feedback from evaluations. We use a policy structure that clearly articulates the firm’s understanding of risk and the resultant mitigation strategy.
A Cybersecurity policy must be validated as proof that the mitigation strategy is being implemented operationally. The policy is validated in two ways: 1) documented evidence of due diligence and 2) operational processes and procedures that implement policy directives and standards. Using Review, Inspection, Interviews, Observation, and Testing (RIIOT), CyNtell provides comprehensive validation assessments. Results are documented in a gap analysis report which can be used by the organization to demonstrate to an Examiner/ Evaluator that the organization’s policy is being implemented and monitored.
During validation, the Cybersecurity policy may be deemed out of line with the organization’s business model or IT architecture. CyNtell’s consultants have the expertise and business acumen to recommend remediation to address inconsistences. To refine a organization’s policy, our consultants will review the risk assessment, gap analysis, and business practices to right-size the policy to the organization’s risk profile.
Mitigating risk involves administrative, technical, and physical controls. Implemented controls should be tested periodically to ensure they are meeting the intended protection objectives. CyNtell provides both vulnerability assessments and penetration testing to validate an organization’s controls. A vulnerability assessment is a passive review of control sets. this will cause little, to no, disruption to the organization while producing an understanding of existing vulnerabilities. A penetration test is an active scan and simulated attack on the organization’s controls in effort to provide a real-case understanding of the impact of an exploitation. Our consultants are certified and Licensed Penetration Testers with expertise in industry-accepted methodologies.
In phase I, a credentialed CyNtell Cybersecurity analyst will perform a review of the firm’s IT documentation, and systems’ hardware and software inventory to determine potential areas of vulnerability. In phase II, the analyst will use a toolset, in example Metasploit, to validate potential IT areas of vulnerability. Our analyst will also conduct social engineering drills (in example: impersonation, phishing and dumpster diving) to assess the physical aspects of the organization’s protection. The outcome is a documented list of vulnerabilities, associated impacts, and recommended remediation.
In essence, this is phase III of a security assessment. It involves a CyNtell Cybersecurity analyst using hacking tools and penetration testing methodology to simulate a malicious attack on the organization’s IT systems. Our analyst will simulate attacks including DoS, and data theft and destruction. Depending on the circumstances and organization’s requirements, a physical penetration test can be conducted to simulate an attack focused on theft of PII and corporate espionage by an intruder. The outcome is a documented list of vulnerabilities, exploitation threat vectors, work factors for exploits, associated impacts, and recommended remediation.
Should your organization become a victim of a malicious attack from an external party, or realize a threat from an insider, CyNtell can provide digital forensic expertise. Our forensic analysts are Certified Hacking Forensic Investigators with the skills to respond to such incidents, and uncover and preserve evidence in accordance with the law. We use state of the art tools such as ENCASE to ensure that data is collected with the highest levels of completeness and integrity, which are required by most courts for evidence admissibility. The outcome is a document detailing the probable origin and events of attack, and evidence collection and analysis.
Security Awareness (SA)
People are the key to more secure environments, systems and networks. In the three-tier Cyber architecture (People, Process, and Technology) the “people” are the basis by which higher levels of security are achieved. Therefore, almost every standard for the development of a Cybersecurity program specifies that an organization must provide some form of security awareness to its employees. CyNtell understands that a creative, interactive and audience-appropriate awareness, training and education program is critical to security. We will partner with your organization to develop and deliver such a program to ensure that people understand organizational policies, their IT security responsibilities, and how to properly use and protect enterprise resources.
SA Small Organization Solution
Our approach for small organizations is to alleviate the burden by providing a standard set of awareness activities to meet the requirements of most Cybersecurity policies. To that end, the organization’s personnel will receive:
- A monthly email inviting them to view the CyNtell Security Awareness Blog (contributed monthly)
- A quarterly Security Awareness Newsletter
- And a live, 90 minute, semi-annual security awareness webinar.
Our security awareness activities are based on NIST SP 800-50, and, if requested, are customizable to fit a organization’s specific requirements.
SA Program Management
For organizations with medium to large size staff, CyNtell provides complete turnkey Security Awareness Program Management. To alleviate the burden of hiring staff to develop and manage an internal awareness program, CyNtell will leverage experience and best practices to direct and monitor the program on your organization’s behalf. Your organization will be designated a Cybersecurity Specialist who will design, implement and manage all aspects of SA and SA compliance by directly interfacing with your management and staff. Think of it as SA-as-a-Service (SAaaS) driving the human intelligence behind security.
Protect your organization against social engineering, phishing and other attacks that target people and not technology. With our SAPM solution, your organization will receive collateral, videos, and access to our exclusive knowledge-base full of articles on security and privacy topics.
Cybersecurity Protection Package (CPP)
Cybersecurity is a complex, technical industry just like financial advising. Experience and expertise are critical factors of success. At CyNtell, we take ownership of our solutions and services and know that what we provide is steeped in sound methodology. The threat and risk landscape is ever changing. CyNtell is vigilant and relentless in protecting our customers from malicious attacks, insider threats, and disruption. Therefore, we have created this Cybersecurity Protection Package to continuously maximize our partnership and minimize your risk. As part of the CPP, CyNtell will designate a Cybersecurity Specialist to be your organization’s adjunct Chief Information Security Officer (CISO) who directly manages all the aspects of the organization’s Cybersecurity program and provides guidance and support to your staff regarding protection and compliance. Your designated Cybersecurity Analyst is available 24/7 for consultation.
The Cybersecurity Protection Package includes the following solutions:
- Cybersecurity Program Management
- Annual Risk Assessment
- Annual Policy Validation & Refinement
- Semiannual Vulnerability Assessment
- Annual Penetration Testing
- Security Awareness
- Audit Support
- A consultant will be present during an audit
- When deficiencies are found, our consultant(s) will be address and remediate