Consulting Services
Project-Based Services & Consulting to Improve Your Security Posture
Cyber Security Advisory Services (CSAS) provides clients with affordable professional cybersecurity services and advice. Cyber Security Advisory Services gives you the visibility and insight you need to improve your cyber security posture, prepare you for an upcoming audit or certification, or put processes and controls in place to identify and mitigate risk.
Consulting Services are project-based engagements to ensure proper consideration is given to maintaining an acceptable level of risk and compliance within an organization.
- You are subject to industry or vendor compliance requirements, such as CMMC, HIPPA, or PCI DSS
- You do not have a dedicated IT security team or full-time CISO
- You need to protect sensitive information that may be handled by both internal employees or third-party vendors
- You need to test your cyber breach response plan
- You are subject to fines or loss or business due to non-compliance
A passive discovery assessment aligns technical assessment activities with cyber security controls to uncover and prioritize cyber security vulnerabilities, threats, and risks as relevant to the client’s business model. We provide customized recommendations, also known as safeguards, that are specific, measurable, and practical to implement. We work to drive the notion of prioritizing the most important risks and keeping the focus on what needs to be done immediately.
A typical assessment entails the following:
Technical Assessment
- a. Uncovering threats and risks associated with firewall and intrusion detection capabilities
- b. Discovery and classification of assets connected to the wire
- c. Vulnerability scanning of hosts and applications
- d. Analysis, and reporting
Controls Assessment
- a. Decide what controls framework to assess against
- b. Determine the target state of security controls client are looking to attain
- c. Use a variable data collection and verification process to do a detailed breakdown of the target controls
Risk Analysis
- a. Identify the highest risks to the business-critical processes
- b. Determine if the risk is the highest priority risk
- c. Help the client assign appropriate risk to identified vulnerabilities and threats
- d. Ensure that prioritization aligned to business needs can be made with more clarity to available budgets and resources
The development of high-value cyber security domain programs is common within large enterprise or government agencies where the organization is structured in relation to security capabilities: Incident Response, Data Protection, Threat Intelligence, or Situational Awareness. In certain cases, a customized or hybrid program may be required beyond a single domain-specific program.
Domain-specific programs can include:
Data Protection Program
Data Protection Framework and Implementation Planning
Threat Awareness Program
Development of Threat Awareness and Advanced Forensics Capabilities
Design and deployment of Treat Intelligence Platform (TIP)
Incident Response (IR) Program
Design the practical IR guidelines, processes, and procedures to respond to incidents effectively and efficiently
A maturity assessment helps clients evaluate the current state of cybersecurity policies, practices, procedures, and controls defined within their chosen controls framework.
A typical assessment entails the following:
Assess
- a. Document the client’s current state of deployed and institutionalized Cyber Security controls, practices, and processes as defined in the framework
- b. Understand procedures for minimizing risk
Identify gaps between current state and the agreed upon target state
Recommend actions and priorities to support necessary functionality and close gaps with high-level project estimates regarding Level of Effort (LOE) for each track, including:
- a. Time
- b. Technical resource needed
- c. Technologies
- d. Capital Costs
- e. Total Cost of Ownership (TCO)
- OPTIONAL: Risk Analysis, per domain
*Additional time and cost will be added to the project if a Risk Analysis is part into the scope of services
The Cybersecurity Maturity Model Certification (CMMC) Readiness Assessment is a pre-audit readiness exercise that evaluates all in-scope processes, practices, and controls against a target Maturity Level (ML). The target level may not be known initially and is dependent on gaining a thorough understanding of the type of information the client processes and handles in respect to Department of Defense contracts.
Atlantic Data Security is a Registered Provider Organization (RPO) with the CMMC Accreditation Board. As an RPO, we are part of the CMMC ecosystem and provide advice, consulting, and recommendations to our clients.
An overview of the CMMC Readiness Assessment:
Assess
- a. Document the client’s current state of deployed and institutionalized Cyber Security controls, practices, and processes as defined in the framework
- b. Understand procedures for minimizing risk
Identify gaps between current state and the target ML state
Recommend actions priorities to support necessary functionality and close gaps with high-level project estimates regarding Level of Effort (LOE)
- a. Time
- b. Technical resources needed
- c. Technologies
- d. Costs
- e. Remediate controls to close gaps
- f. Prepare client to meet audit
As an approved RPO, we are now offering a complimentary, self-administered CMMC Readiness Assessment “Lite” . This is a pre-audit readiness assessment to evaluate in-scope processes, practices, and controls against a target Maturity Level (ML).
Click here for more information to view the Self-Administered Assessment form
[h3]