17

We sell routers, switches, firewalls, computers, office software etc. We offer managed services, Cloud Storage, Voice Over IP (Voip), Serverless and other cloud services.

We perform information technology consulting services, software development and workforce augmentation.

Everything we do starts with security in mind.

https://www.nist.gov/cyberframework

 

How we do what we do:

  1. Ask a lot of questions about your current infrastructure.
  2. Collect documentation related to your security posture.
  3. Perform any as needed service example, network analysis.
  4. Produce a risk assessment and treatment plan.
  5. Avoid, Mitigate, Accept or Transfer the risk (cyber security insurance).
  6. Close the treatment plan and scheduled a reassessment.

You will know the risk to your revenue at the end of the process. After the treatment plan is complete hopefully the risk to your revenue has been reduced.

The difference between the baseline of risk and the reduction in risk is the Value of Delivery.

Examples of risks:

  • Website goes down.
  • Poor flow in retail space.
  • Ransomware.
  • Malicious employee.
  • Manual sales funnel.
  • Employee productivity issue.
  • Inability to process orders due to technical failure.
  • Manual customer communication.
  • Poor document management.
  • Regulatory compliance.



Reducing the risk to your to revenue may cause an increase in revenue. In example, if your run a seminar business and manually scheduled prospects to attend. Automating the sales funnel will allow you to book appointments faster, automatically handle scheduling, re-initiate the booking process if a prospect cancels and a seat open, etc. Meaning more seats filled, more revenue.

Example of a regulatory regime:

HIPAA

Pt. 164, Subpt. C, App. AAppendix A to Subpart C of Part 164—Security Standards: Matrix

Standards

Sections

Implementation Specifications (R)=Required, (A)=Addressable

Administrative Safeguards

Security Management Process

164.308(a)(1)

Risk Analysis (R)

Risk Management (R)

Sanction Policy (R)

Information System Activity Review (R)

Assigned Security Responsibility

164.308(a)(2)

(R)

Workforce Security

164.308(a)(3)

Authorization and/or Supervision (A)

Workforce Clearance Procedure

Termination Procedures (A)

Information Access Management

164.308(a)(4)

Isolating Health care Clearinghouse Function (R)

Access Authorization (A)

Access Establishment and Modification (A)

Security Awareness and Training

164.308(a)(5)

Security Reminders (A)

Protection from Malicious Software (A)

Log-in Monitoring (A)

Password Management (A)

Security Incident Procedures

164.308(a)(6)

Response and Reporting (R)

Contingency Plan

164.308(a)(7)

Data Backup Plan (R)

Disaster Recovery Plan (R)

Emergency Mode Operation Plan (R)

Testing and Revision Procedure (A)

Applications and Data Criticality Analysis (A)

Evaluation

164.308(a)(8)

(R)

Business Associate Contracts and Other Arrangement

164.308(b)(1)

Written Contract or Other Arrangement (R)

Physical Safeguards

Facility Access Controls

164.310(a)(1)

Contingency Operations (A)

Facility Security Plan (A)

Access Control and Validation Procedures (A)

Maintenance Records (A)

Workstation Use

164.310(b)

(R)

Workstation Security

164.310(c)

(R)

Device and Media Controls

164.310(d)(1)

Disposal (R)

Media Re-use (R)

Accountability (A)

Data Backup and Storage (A)

Technical Safeguards (see § 164.312)

Access Control

164.312(a)(1)

Unique User Identification (R)

Emergency Access Procedure (R)

Automatic Logoff (A)

Encryption and Decryption (A)

Audit Controls

164.312(b)

(R)

Integrity

164.312(c)(1)

Mechanism to Authenticate Electronic Protected Health Information (A)

Person or Entity Authentication

164.312(d)

(R)

Transmission Security

164.312(e)(1)

Integrity Controls (A)

Encryption (A)