In order to correctly govern your IT infrastructure and manage IT risk, it is important to estabish your goals and define which (if any) regulatory requirements you have. We help you accomplish this by asking the right questions and documenting your goals and regulatory requirements. These are reflected in your WISP, cybersecurity and privacy policies, and other documents (see below).

Delivery time: 30 days after you submit the cybersecurity questionnaire answers

Support: This deliverable accompanied by CyberCecurity LLC's on-demand training video: Goals and Regulatory Requirements

Before you can protect your IT infrastructure and your data, you have to know what it is and where it is. That requires complete inventories of your:

• Data
• IT hardware
• Software applications
• Cybersecurity and privacy human resources (internal and external)

Your WISP Management Tool (see below) contains areas where you will perform these asset inventories which serve as a foundation for your cybersecurity and privacy program.

Delivery time: This is your responsibility to complete

Support: This deliverable accompanied by CyberCecurity LLC's on-demand training video: Asset Inventory

The WISP is the overarching document that you will use to guide the development and operation of your Information Security Program in accordance with industry best practices and your specific regulatory requirements. This document directly references your cybersecurity and privacy policies and other documents.

Delivery time: 30 days after you submit the cybersecurity questionnaire answers.

Support: This deliverable accompanied by CyberCecurity LLC's on-demand training video: The WISP

The WISP Management Tool is a pre-engineered spreadsheet that serves as a management tool for your cybersecurity program. It has pre-formatted and populated tabs that support you as you collect and track the following information:

• Quarterly and annual management reporting
• Asset inventories
• IT controls checklist: This tool supports you or your IT support personnel as you track matters such as software updates, password management, data location, device configuration, access controls, etc.
• Vendor data inventory (VDI): In preparation for developing the company's Vendor Cyber Risk Management Program, leadership must start collecting data about all vendors who touch or have access to your data. Our VDI facilitates and guides that process and makes it easy to collect data that will be necessary later
• Incident report record

Delivery time: 30 days after you submit the cybersecurity questionnaire answers

Support: This deliverable accompanied by CyberCecurity LLC's on-demand training video: WISP Management Tool

Policies are the foundation of any cybersecurity program. In order to align with industry best practices, your company must deploy a minimum set of cybersecurity and privacy policies. The package which we supply includes 12 policies and 4 support documents. Our Business Cybersecurity Program typically includes the following policies, but we will first review your risk assessment and then adjust the policy package to best address your risk profile. (Additional policies are available for an additional charge).

POLICIES:

• Cyber Risk Assessment Policy
• Personnel Security Policy and Procedures
• Security Awareness Training Policy
• Data Backup Policy & Procedures
• Data Retention Policy & Procedures
• Patch Management Policy
• Password Policy & Procedures
• Vulnerability Management Policies and Procedures
• Physical Security Policy and Procedures
• Vendor Cyber Risk Management Policy
• Incident Response, Disaster Recovery, and Business Continuity Policy
• Website Privacy Policy

SUPPORT DOCUMENTS:

• 0-1.v1 Message from CEO
• 0-2.v1 How to Deploy These Policies
• 0-3.v1 Helping Staff Comply with Cybersecurity
• 0-4.v1 Policies and Procedures Change Management SOP

Delivery time: 15 days after you submit the cybersecurity questionnaire answers

Support: This deliverable accompanied by CyberCecurity LLC's on-demand training video: Cybersecurity and Privacy Policies and Procedures

The single biggest cyber risk that any firm has is its people. Most of the time, it is human error that is the cause of cybersecurity incidents. While training is not a cure-all for these problems, training does reduce the number and seriousness of cybersecurity incidents. It is critical that all staff understands and supports the organization's cybersecurity and privacy programs.

Our Business Cybersecurity Program includes a one-year, Silver Level subscription to the KnowBe4 security awareness training platform for up to 50 of your employees. Additional staff can be added for an additional fee; please contact us for a quote. This includes full use of the KnowBe4 email phishing module, various training modules, and support. This on-demand training program tracks employee completion of the required training modules and success or failure of each phishing exercise and other training. The system is very easy to use. (Delivery time: Annual KnowBe4 subscription starts within 7-14 days upon payment of the 50% deposit as described above).

Your Cybersecurity awareness training program also includes the following training:

ACCESS TO MITCH TANENBAUM'S NEWSLETTER AND CLIENT ALERTS--FOR YOU AND YOUR ENTIRE STAFF
Mitch's blog is recognized as one of the most informative and interesting cybersecurity newsletters in the country. New topics come out each week and Mitch always covers them in a non-technical way. Thousands of business people around the country depend on him to keep them informed and up-to-speed on cybersecurity.

RANSOMWARE TRAINING
The FBI says that ransomware attacks against businesses were up 500% last year. You need to utilize the correct back-up procedures and your people must be trained to correctly respond. This on-demand, webinar training is both entertaining and informative and can be of value to all your staff and their families.

PROTECT YOUR FAMILY MONEY TRAINING
Based on our very popular training program, this is also a very entertaining and informative webinar that provides information designed to help you, your family and your clients better protect their money during this golden age of cyber theft.

TECHNOLOGY ENHANCEMENT AND DIGITAL ANONYMITY TRAINING
This training is delivered via an on-demand webinar and an associated Powerpoint. The training is a compilation of important tools and techniques businesses and individuals can use to reduce cyber risk. This information was originally compiled by the FBI Agent and Chief Security Officer Michael Mercer and is supplemented by the latest info we have from our other resources. This is an absolutely amazing and necessary tool for owners of businesses of all sizes.

Just a few topics covered include:
• Smart phone security privacy settings
• Making your browser safer
• Reducing your "digital exhaust"
• Blocking surveillance ads and invisible trackers
• Controlling web bugs and beacons

COLORADO PROTECTIONS FOR CONSUMER PRIVACY LAW (H.B. 18-1128) TRAINING
This is an on-demand webinar training regarding this important new law for anyone doing business in Colorado. This webinar has been our most popular webinar for business leaders.

THREAT INTELLIGENCE SERVICE
Access to our weekly newsletter that focuses on software patches, network vulnerability issues, legislative issues and more.

EMPLOYEE CYBERSECURITY TRAINING ESSENTIALS FOR MANAGEMENT (PARTS 1 AND 2)
Security awareness training insights and tips for management by vCISO Mitch Tanenbaum. .

Delivery time: 7 days after your first payment is received.   

Support: This deliverable accompanied by CyberCecurity LLC's on-demand training video: Security Awareness Training

An important requirement for any professional cybersecurity and privacy program is to control access to the organization's IT infrastructure and data. In order to accomplish this you must:

• Control physical access to all computers and systems that process or store company data
• Require individual user accounts for each employee on all company computers and applications
• Manage access permissions and authorizations

After we accomplish the cybersecurity and privacy risk assessment (see above), we'll be in a position to help you set up your various access controls. Please note that several policies above relate to this subject matter.

Delivery time: 30 days after you submit the cybersecurity questionnaire answers

Support: This deliverable accompanied by CyberCecurity LLC's on-demand training video: Access Control, Identity Management, and Authentication

Data protection is basically what cybersecurity and privacy are all about. In order to protect your data, you must first know what data must be protected and where it is located. Then the following needs to occur:

• Encrypt data-at-rest and data-in-motion
• Limit the authority to install software within your environment
• Backup and test your data
• Retain only required data

Via the WISP Management Tool and other processes, we'll provide you with advice and support regarding the protection of your data.

Delivery time: 45 days after you submit the cybersecurity questionnaire answers 

Support: This deliverable accompanied by CyberCecurity LLC's on-demand training video: Data Protection

This is a critical component of our program and is comprised of multiple policies, procedures, and third-party technical tools designed to provide protection for your IT systems and physical environments. Our comprehensive approach includes the following:

• Patching your operating systems and applications
• Protecting your endpoints and servers with our third-party technical tool and other processes
• Protecting your internet connection with our third-party technical tool
• Performing various system vulnerability scans
• Implementing a secure software development lifecycle (where required)
• Securing any wireless access points (WAPs)
• Correctly configuring all devices and applications for security
• Protecting your physical environment
• Protecting email accounts with our third-party technical tool
• Protecting mobile devices (if required) with our third-party technical tool
• Protecting your data with our third-party technical tool

NOTE: Much of the above will be accomplished by providing guidance to your IT team (in-house or outsourced). Overall management of the process is accomplished via the WISP Management Tool (see above).

Delivery time: 60 days after you submit the cybersecurity questionnaire answers 

Support: This deliverable accompanied by CyberCecurity LLC's on-demand training video: Systems and Physical Environment Protection

If it is necessary for any third-party vendors to have access the data you are responsible for, then it is your responsibility to insure that they are protecting it correctly and are abiding by your policies and procedures. The first step in this process is to identify what (if any) third-party vendors have access to your data or systems. The WISP Management Tool will help you inventory any such vendors and we'll supply you with tools required to bring these vendors into alignment with your data protection policies.

Delivery time: 45 days after you submit the cybersecurity questionnaire answers 

Support: This deliverable accompanied by CyberCecurity LLC's on-demand training video: Management of Third-party Vendors

This IRP is aligned with industry best practices and the Department of Homeland Security Cyber Risk Response requirements. It correctly address the following IR requirements:

• IR Team Development, Management, and On-going Training
• Assessment of and Decision on Information Security Events
• IR IT Containment and Eradication Procedures
• Crisis Communications
• Recovery and Continuity Procedures
• The IRP also includes 10 incident handling checklists and forms which are pre-populated with useful local contact information and resources. We've already done a bunch of the work for you!

A key component of your incident and disaster prepartion process is your data backup. Various resources and a third-party technical tool are used to make sure you back up your data correctly.

Delivery time: 45 days after you submit the cybersecurity questionnaire answers

Support: This deliverable accompanied by CyberCecurity LLC's on-demand training video: Incident and Disaster Preparation

Cybersecurity and privacy are now joined at the hip since both of them are about protecting data. More and more states are enacting privacy programs and since the leader in the United States is the state of California we have modeled our privacy program to align with that regulation. Other states are copying that regulation.

Our privacy program is comprised of the following:

•  Website privacy policy (see policy list above)
• Website opt-out privacy language
• Privacy implementation package
• Privacy training for staff

Delivery time: 45 days after you submit the cybersecurity questionnaire answers 

Support: This deliverable accompanied by CyberCecurity LLC's on-demand training video: Privacy Program

There is a critical shortage of cybersecurity personnel and those that are available are expensive.

For most businesses, it is impossible to justify the expense of full-time cybersecurity staff. Most companies don't even have the internal expertise to properly evaluate a candidate.

Our Business Cybersecurity Program provides you with 20 hours of personalized cybersecurity and or privacy support time that you can use whenever you need it. It does not expire. You can use our experienced cybersecurity and privacy experts to:

• Work with your leadership to make sure they understand the problems and take necessary corrective actions
• Ensure that the correct assessments and testing are accomplished
• Help develop the security strategy
• Work with your existing IT resources to implement a correctly prioritized security mitigation strategy, including policy development and security awareness training
• Implement an effective vendor management program
• Assess and screen cybersecurity personnel, processes, and technologies
• Help you come to grips with any regulatory requirements
• Help you implement your incident response plan
• Our support program provides your company with a top-notch, hugely experienced cybersecurity resource. Our regular consulting charge is $325 per hour, therefore this equates to a $6,500 value all by itself.

NOTE: This support is available 9 am-5 pm MST, Monday-Friday (U.S. holidays excluded). See our Terms of Use for more information. (Delivery time: As requested by client).

Support: This deliverable is accompanied by CyberCecurity LLC's on-demand training video: Program and Technical Support

Our BCC certification demonstrates that you have passed certain professional cybersecurity standards and are trying to meet your ethical and legal obligations to protect client privacy and company data.

Proudly display your BCC emblem and show your clients and the world that you are serious about cybersecurity.

 

Read more