2. The Pain
• Small to medium regulated companies are under
enormous pressure to meet security
requirements
• Highly regulated industries are particularly hard
hit
– Financial Services
– Healthcare
– Energy
• Security programs and security professionals are
expensive and may not fit the appetite or budget
of the company
3. Solution
• Part time Chief Information Security Officer
services
• Shared security expert services
• Tailored security program
• Open source stack to meet security controls for
reduced cost and preloaded solutions
• Appliance based software/hardware solutions
• Pre-loaded policies, procedures, and processes
• Security assessments/trouble services
4. Services Provided
• Security assessments • Controls implementation
• Security program – Centralized Logging
implementation – Monitoring
• Support for client security – Automated Vulnerability
assessments Scanning
– Encryption
• Policy, procedure, and process
– Data Loss Prevention
development
– Host Intrusion Detection /
• Risk management programs Network Intrusion Detection
• BCP/DR development – Network Access Control
• Application security programs – Two factor authentication
• Security metrics – Identity and access control
implementation – Security Incident and Event
Management systems
• Privacy program – Patch management
implementation implementation
5. How it works
• Phase I
– Assessments, program development, policy
development
• Phase II
– Implementation of controls
• Phase III
– On going operations
– Hiring and training of security personnel
6. Fees
• Assessment on project pricing
• Retainer based (monthly) services
• Accelerated control implementation as an
add-on
• Security remediation project management