Part 1 - Cybersecurity Program

The DSP is the overarching document that you will use to guide the development and operation of your Information Security Program in accordance with industry best practices. (Delivery time: 30 days after you submit the cybersecurity questionnaire answers).

This spreadsheet serves as a management tool for your cybersecurity program. It has pre-formatted and populated tabs that support you as you collect and track the following information:

  • Quarterly and annual management reporting
  • IT hardware inventory
  • Application (software) inventory
  • IT controls checklist: This tool supports you or your IT support personnel as you track matters such as software updates, password management, data location, device configuration, access controls, etc.
  • Vendor data inventory (VDI): In preparation for developing the company's Vendor Cyber Risk Management Program, leadership must start collecting data about all vendors who touch or have access to your data. Our VDI facilitates and guides that process and makes it easy to collect data that will be necessary later
  • Incident report record

Delivery time: 30 days after you submit the cybersecurity questionnaire answers

Policies are the foundation of any cybersecurity program. In order to align with industry best practices, your company must deploy a minimum set of cybersecurity policies. The package which we supply includes 12 policies and 4 support documents. Our Financial Industry Cybersecurity Program typically includes the following policies, but we will first review your risk assessment and then adjust the policy package to best address your risk profile. (Additional policies are available for an additional charge).

POLICIES:
  • Cyber Risk Assessment Policy
  • Personnel Security Policy and Procedures
  • Security Awareness Training Policy
  • Data Backup Policy & Procedures
  • Data Retention Policy & Procedures
  • Patch Management Policy
  • Password Policy & Procedures
  • Vulnerability Management Policies and Procedures
  • Physical Security Policy and Procedures
  • Vendor Cyber Risk Management Policy
  • Incident Response Policy
  • Privacy Policy (for your company as opposed to your web site)
SUPPORT DOCUMENTS:
  • 0-1.v1 Message from CEO
  • 0-2.v1 How to Deploy These Policies
  • 0-3.v1 Helping Staff Comply with Cybersecurity
  • 0-4.v1 Policies and Procedures Change Management SOP

Delivery time: 7-14 days after you submit the cybersecurity questionnaire answers

This IRP is aligned with industry best practices and the Department of Homeland Security Cyber Risk Response requirements. It correctly address the following IR requirements:

  • IR Team Development, Management, and On-going Training
  • Assessment of and Decision on Information Security Events
  • IR IT Containment and Eradication Procedures
  • Crisis Communications
  • Recovery and Continuity Procedures
  • The IRP also includes 10 incident handling checklists and forms which are pre-populated with useful local contact information and resources. We've already done a bunch of the work for you!

Delivery time: 30 days after you submit the cybersecurity questionnaire answers

The single biggest cyber risk that any firm has is its people. Most of the time, it is human error that is the cause of cybersecurity incidents. While training is not a cure-all for these problems, training does reduce the number and seriousness of cybersecurity incidents.

Our Financial Industry Cybersecurity Program includes a one-year, Silver Level subscription to the KnowBe4 security awareness training platform for up to 50 of your employees. Additional staff can be added for an additional fee; please contact us for a quote. This includes full use of the KnowBe4 email phishing module and all training and support. This on-demand training program tracks employee completion of the required training modules and success or failure of each phishing exercise and other training. The system is very easy to use. (Delivery time: Annual KnowBe4 subscription starts within 7-14 days upon payment of the 50% deposit as described above).

Your Cybersecurity awareness training program also includes the following training:

ACCESS TO MITCH TANENBAUM'S NEWSLETTER AND CLIENT ALERTS--FOR YOU AND YOUR ENTIRE STAFF
Mitch's blog is recognized as one of the most informative and interesting cybersecurity newsletters in the country. New topics come out each week and Mitch always covers them in a non-technical way. Thousands of business people around the country depend on him to keep them informed and up-to-speed on cybersecurity. (Delivery time: Access to Mitch's blog starts within 7-14 days upon payment of your 50% deposit).

RANSOMWARE TRAINING
The FBI says that ransomware attacks against businesses were up 500% last year. You need to utilize the correct back-up procedures and your people must be trained to correctly respond. This on-demand, webinar training is both entertaining and informative and can be of value to all your staff and their families. (Delivery time: 7-14 days after you submit questionnaire answers).

PROTECT YOUR FAMILY MONEY TRAINING
Based on our very popular training program, this is also a very entertaining and informative webinar that provides information designed to help you, your family and your clients better protect their money during this golden age of cyber theft. (Delivery time: 7-14 days after you submit questionnaire answers).

TECHNOLOGY ENHANCEMENT AND DIGITAL ANONYMITY TRAINING
This training is delivered via an on-demand webinar and an associated Powerpoint. The training is a compilation of important tools and techniques businesses and individuals can use to reduce cyber risk. This information was originally compiled by the FBI Agent and Chief Security Officer Michael Mercer and is supplemented by the latest info we have from our other resources. This is an absolutely amazing and necessary tool for owners of businesses of all sizes. (Delivery time: 7-14 days after you submit questionnaire answers).

    Just a few topics covered include:
  • Smart phone security privacy settings
  • Making your browser safer
  • Reducing your "digital exhaust"
  • Blocking surveillance ads and invisible trackers
  • Controlling web bugs and beacons

COLORADO PROTECTIONS FOR CONSUMER PRIVACY LAW (H.B. 18-1128) TRAINING
This is an on-demand webinar training regarding this important new law for anyone doing business in Colorado. This webinar has been our most popular webinar for business leaders. (Delivery time: 7-14 days after you submit questionnaire answers).

THREAT INTELLIGENCE SERVICE
Access to our weekly newsletter that focuses on software patches, network vulnerability issues, legislative issues and more. (Delivery time: 7-14 days after you submit questionnaire answers).

EMPLOYEE CYBERSECURITY TRAINING ESSENTIALS FOR MANAGEMENT (PARTS 1 AND 2)
Security awareness training insights and tips for management by vCISO Mitch Tanenbaum. (Delivery time: 7-14 days after you submit questionnaire answers).

We provide detailed instructions for encryption of both data-at-rest and data-in-motion for small firms using standard Microsoft and Mac products. (Delivery time: 7-14 days after you submit questionnaire answers).

We provide a small business cybersecurity technical checklist that your IT support person can use to harden your network and internal and external applications (software). As the business owner, you do not need to understand this, you just need to know that it has been done. (Delivery time: 7-14 days after you submit questionnaire answers).

After you have built your cybersecurity program, you need to consider cybersecurity insurance.

The cyber insurance policy is in addition to your general liability policy. The problem with cyber insurance policies is that they are "non-standard form" policies, which means that unlike your auto insurance or home insurance, cyber insurance policies vary widely in their coverage and limits. One of the services we offer to larger companies is to review their cyber insurance policy and make sure they have the coverage they think they have. Many times they don't. We provide you with a basic primer and checklist to help you buy the right insurance. We'll also give you recommendations for a couple of cybersecurity insurance brokers whom we know and trust. (Delivery time: 7-14 days after you submit questionnaire answers).

This is information was originally designed to help accountants introduce cybersecurity due diligence to clients wishing to purchase, sell or invest in companies, but we found that all company leaders could benefit from this info. This discussion alone is worth what you are paying for the whole course. (Delivery time: 7-14 days after you submit questionnaire answers).

Every small (and large) business must take advantage of this simple-to-implement and highly effective, proven solution that blocks malicious traffic automatically. We provide the explanation and simple instructions. (Delivery time: 7-14 days after you submit questionnaire answers). A corporate version with centralized management is also available through us as an option at additional cost.

For clients who host their web site(s) at Go-Daddy, we have a valuable, insider strategy for security for your web assets. (Delivery time: 7-14 days after you submit your questionnaire answers).

There is a critical shortage of cybersecurity personnel and those that are available are expensive.

For most businesses, it is impossible to justify the expense of full-time cybersecurity staff. Most companies don't even have the internal expertise to properly evaluate a candidate.

Our Financial Industry Cybersecurity Program provides you with 20 hours of personalized cybersecurity and or privacy support time that you can use whenever you need it. It does not expire. You can use our experienced cybersecurity and privacy experts to:

  • Work with your leadership to make sure they understand the problems and take necessary corrective actions
  • Ensure that the correct assessments and testing are accomplished
  • Help develop the security strategy
  • Work with your existing IT resources to implement a correctly prioritized security mitigation strategy, including policy development and security awareness training
  • Implement an effective vendor management program
  • Assess and screen cybersecurity personnel, processes, and technologies
  • Help you come to grips with any regulatory requirements
  • Help you implement your incident response plan
  • Our support program provides your company with a top-notch, hugely experienced cybersecurity resource. Our regular consulting charge is $325 per hour, therefore this equates to a $6,500 value all by itself.

NOTE: This support is available 9 am-5 pm MST, Monday-Friday (U.S. holidays excluded). See our Terms of Use for more information. (Delivery time: As requested by client).

Once you build your cybersecurity program, you want to use it as a competitive advantage over your competition. Upon successful implementation of all the activities above, we will award you with our Gold Level Cybersecurity Certification. To see what our certification looks like and understand how it works, please go to the CyberCecurity.com home page and click on the Platinum Level Cybersecurity Certification image at the bottom of the page.

Certification benefits include:
  • Attract and retain security-sensitive customers
  • Gain a competitive edge over security-disadvantaged competitors
  • Reduce risk and legal exposure
  • Increase insurability and possibly reduce cyber insurance premiums
  • Build a positive reputation with employees, clients, vendors, and regulators
  • Take the first step towards more advanced certifications
Part 2 - Privacy Program

You will be provided with a privacy questionnaire that you will fill out and return to us via encrypted email. We will provide simple instructions for how to do this. Once you return it, we will:

  • Review your questionnaire answers
  • Ask any additional questions via email or phone call
  • Provide our response and recommendations
  • Debrief your leadership via phone and answer any questions

This policy (policy # 12 above in your Cybersecurity Policy Package) describes your company's position and intentions regarding compliance with applicable privacy regulations. (Delivery time: 7-14 days after you submit the privacy questionnaire answers).

This is a privacy-related policy that is part of your policy package as described in the Cybersecurity Policy package above.  (Delivery time: 7-14 days after you submit the privacy questionnaire answers).

  • History of Privacy Laws--including GDPR, CCPA, and other state laws
  • Federal Privacy Laws--update on the status of federal laws
  • Colorado Protections for Consumer Data Privacy Act
  • California Consumer Privacy Act (CCPA)--in depth look at this law that is influencing both the federal and other state laws
  • List of other privacy laws (active and pending)
  • Additional privacy resources

 (Delivery time: 7-14 days after you submit the privacy questionnaire answers).

Information that will bring you up to speed on this important directive.  (Delivery time: 7-14 days after you submit the privacy questionnaire answers).

A non-technical training session on data mapping and how it relates to controlling non-public, private information.  (Delivery time: 7-14 days after you submit the privacy questionnaire answers).

This sample website privacy policy is aligned with both the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).  (Delivery time: 7-14 days after you submit the privacy questionnaire answers).

Sample website privacy language that is aligned with both GDPR and CCPA.  (Delivery time: 7-14 days after you submit the privacy questionnaire answers).

Detailed matrix of various state privacy laws and details.  (Delivery time: 7-14 days after you submit the privacy questionnaire answers).


Part 3 - Certification

Our FICC certification demonstrates that you have passed certain professional cybersecurity standards and are trying to meet your ethical and legal obligations to protect client privacy and company data.

Proudly display your FICC emblem and show your clients and the world that you are serious about cybersecurity.

Gold Level

With the purchase of the Financial Industry Cybersecurity & Privacy Program, you will receive a Gold Level Financial Industry Cybersecurity Certification assuming that you complete the program and are able to earn it. We stand behind this certification and take it seriously, so we are careful about certifying those who work to earn it. 

A Gold Level FICC demonstrates that your organization has built a professional cybersecurity program and is committed to improving and maintaining that program.

  • Attract and retain security-sensitive customers
  • Gain a competitive advantage over security-disadvantaged competitors
  • Reduce risk and legal exposure
  • Increase insurability and possibly reduce cyber insurance premiums
  • Build a positive reputation with employees, clients, vendors, and regulators
  • Our certification is a strong first step towards SOC 2, PCI, and HIPAA