IT Managed Services - Cyber Security - NYC

We are a Certified Information Security Manager (CISM) and can perform the following tasks:

Information Security Governance

Establish and maintain a framework to provide assurance that information security strategies are aligned with the business objectives and consistent with applicable laws and regulations.

• Create an information security system strategy aligned with business goals and objectives.
• Line up information security strategy with corporate governance.
• Create business cases justifying investment in information security.
• Classify current and potential legal and regulatory requirements affecting information security.
• Detect drivers affecting the organization (e.g., technology, business environment, risk tolerance, geographic location) and their impact on information security.
• Acquire in senior management commitment to information and security.
• Specify roles and responsibilities for information security throughout the organization.
• Institute internal and external reporting and communication channels that support information security.

Information Risk Management

Identify and manage information security risks to achieve business objectives.

• Create a process for information asset classification and ownership.
• Devise a systematic and structured information risk assessment process.
• Confirm that business impact assessments are conducted periodically.
• Warrant that threat and vulnerability evaluations are performed on an ongoing basis.
• Classify and intermittently evaluate information security controls and countermeasures to mitigate risk to acceptable levels.
• Assimilate risk, threat and vulnerability identification and management into the life cycle process (e.g., development, procurement, and employment life cycles)
• State significant changes in information risk to appropriate levels of management for acceptance on both a periodic and event-driven basis.

Information Security Program Development

Create and maintain a program to implement the information security strategy.

• Create and maintain plans to implement the information security strategy.
• Indicate the activities to be performed within the information security program.
• Confirm alignment between the information security program and other assurance functions (e.g., physical, HR, quality, IT).
• Classify internal and external resources (e.g., finances, people, equipment, systems) required to execute the information security program.
• Certify the development of information security architectures (e.g., people, processes, technology)
• Communicate, maintain and form information security policies that support the security strategy.
• Create and develop a program for information security awareness, training, and education.
• Certify the development, communication, and maintenance of standards, procedures, and other documentation (e.g., guidelines, baselines, codes of conduct) that support information security policies.
• Combine information security requirements into the organization's processes (e.g., change control, mergers and acquisitions) and lifecycle activities (e.g., development, employment, procurement).
• Create a process to integrate information security control into contracts (e.g., with joint ventures, outsourced providers, business partners, customer third parties).
• Form metrics to evaluate the effectiveness of the information security program.

Information Security Program Management

Oversee and direct information security activities to execute the information security program.

• Handle internal and external resources (e.g., finances, people, equipment, systems) required to execute the information security program.
• Confirm that processes and procedures are performed in compliance with the organization's information security policies and standards.
• Safeguard that the information security controls agreed to in contracts (e.g., with joint ventures, outsourced providers, business partners, customers, third parties) are performed.
• Certify that information security is an integral part of the systems development process.
• Ensure that information security is maintained throughout the organization's processes (e.g., change control, mergers, and acquisitions) and life cycle activities (e.g, development, employment, procurement).
• Present information security and guidance (e.g., risk analysis, control selection) to the organization.
• Present information security awareness, training and education to stakeholders (e.g., business, process owners, users, information technology).
• Monitor, measure, analyze and report on the effectiveness and efficiency of information security controls and compliance with information security policies.
• Confirm that noncompliance issues and other variances are resolved in a timely matter.

Incident Management and Response

Plan, develop and manage a capability to detect, respond to, and recover from information security incidents.

• Create and implement processes for detecting, identifying, analyzing, and responding to information security incidents.
• Form escalation and communication processes and lines of authority.
• Create plans to respond to and document information security incidents.
• Ascertain the capability to investigate information security incidents (e.g., forensics, evidence collection, and preservation, log analysis, interviewing).
• Create a process to communicate with internal parties and external organizations (e.g., media, law enforcement, customers).
• Combine information security incident response plans with the organization's Disaster Recovery (DR) and Business Continuity Plan (BCP).
• Coordinate, train, and equip teams to respond to information security incidents.
• Periodically analyze and refine information security incidents response plans.
• Administer the response to information security incidents.
• Conduct reviews to identify causes of information security incidents, create corrective actions, and reassess risk.

Print