RISK & SECURITY
How does it impact your business?
With cybercrimes on the rise, protecting your company’s information and assets is mission critical.Programmer Resources International (PRI) understands having a solid, credible and measured cyber security programs plays a vital role in protecting and safeguarding company trade secrets, intellectual capital, personally identifiable information, company brand and reputation against bad state actors, cyber-attacks and security breaches. PRI’s Cyber Security Practice offers a variety of cyber security solutions, programs, assessments and workshops that helps companies protect and safeguard company assets, information and educate their workforce at the strategic, tactical and operational level. PRI adheres to the National Institute of Standards and Technology (NIST), International Organization for Standardization (ISO), American National Standards Institute (ANSI), European Union General Data Protection Regulation (GDPR) and Best Practices. PRI’s offering includes, but not limited to the following:
- Security Architect (Conventional and Cloud-Based)
- Penetration Test
- SIEM Security Engineer (Implement, Sustainment & Upgrade)
- Analytics (Security/IT/Business)
- Security Life Cycle Management
- Security Subject Matter Experts
Security Program Assessment
- System Security Plan (SSP)
- Business Continuity Plan (BCP)
- Disaster Recovery Plan (DRP)
- Risk Management Plan (RMP)
- Configuration Management Plan (CMP)
- Incident Response Plan (IRP)
- Security Operations Center (SOC)
Policy Review/ Development
- System Policies
- Network Service Policies
- Security Accountability Policies
- Physical Policies
- Incident Handling and Response Policies
Governance, Risk and Compliance (GRC) – PRI uses the following GRC framework tactics and techniques:
- Governance Framework
- Assess company governance processes, business rules, practices, controls, directives, plans, policies and procedures. Assessment involves balancing the interests of the community it serves, customer, employee, financier, management and variety of supplier connected to the business or company
- Assess governance structure: Steering Committee (SC), Coordination Unit (CU), Subject Matter Experts (SMEs), Decision-making body, Support structure and beneficiaries
- Governance Framework
Risk Management Framework (RMF) – PRI uses the following Risk Management Framework tactics and techniques:
- Assess Organizational Inputs: Laws, Directives, Policy, Guidance, Strategic Goals and Objectives, Priorities, Resource Availability, and Supply Chain Considerations
- Categorize the Information system and the information processed, stored, and transmitted by that system based on an impact analysis.
- Select an initial set of baseline security controls for the information system based on the security categorization; tailoring and supplementing the security control baseline as needed based on an organizational assessment of risk and local conditions.
- Implement the security controls and describe how the controls are employed within the information system and its environment of operation.
- Assess the security controls using appropriate assessment procedures to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system.
- Authorize the information system operation based on a determination of the risk to organizational operations and assets, individuals, other organizations, and the Nation resulting from the operation of the information system and the decision that this risk is acceptable.
- Monitor the security controls in the information system on an ongoing basis including assessing control effectiveness, documenting changes to the system or its environment of operation, conducting security impact analyses of the associated changes, and reporting the security state of the system to designated organizational officials.
Compliance Framework – PRI uses NIST, ISO, SOX, Dodd-Frank, Clinger-Colin Act, HIPPA, FISMA
- Assess Regulatory Compliance: Organizational laws, regulations, guidance and specifications relevant to the business
- Assess Organization: Plans, Policies, Procedures, Directives, Business Models, Engineering Diagrams and other related compliance documents.
- Security Awareness Workshop
- Incident Response Workshop
- Incident Response Cyber Security Exercise
- Short- and Long-Term Security Programs