Cybersecurity Products 

2017-guide-complianceforge-cybersecurity-product-selection-guide-2.jpg

It is great to hear you are looking for specific cybersecurity products. This page is meant to help break down the different categories of products we offer.

2017-cybersecurity-audit-preparation-integrated-comprehensive-cybersecurity-program-documentation-example.jpg

 

2017-guide-complianceforge-cybersecurity-policies-standards-procedures.jpg  

This category of products is focused on building the foundation of you company's cybersecurity program with professionally-written and editable policies, standards and procedures. This documentation is the heart and soul of any organization's cybersecurity program:

  • Policies are high-level statements of management's intent.
  • Standards are concise statements that enforce policy through establishing formal requirements, in regard to processes, actions or configurations.
  • Procedures are formal methods of performing tasks, based on an established series of actions conducted in a certain order or manner.
2017-guide-complianceforge-cybersecurity-risk-management-and-risk-assessment.jpg  

This category of products is focused on operationalizing risk management practices, including risk assessments. 

Policies and standards address the higher-level "why?" and "what?" questions, but these products address the "how?" questions about risk management, such as:

  • How do we categorize risk?
  • Who can sign off on low, medium, high. etc. risk?
  • What is "acceptable risk" for our company?
  • How can we perform a risk assessment?
2017-guide-complianceforge-cybersecurity-privacy-by-design.jpg  

This category of products is focused on the operationalizing security and principles. Privacy implications of cybersecurity, commonly referred to a Cybersecurity for Privacy (C4P), is growing in importance with new requirements, such as the EU General Data Protection Regulation (GDPR). 

Privacy is a topic that is inextricably linked to cybersecurity and companies now must prove how both privacy and security are "bake in" to processes by default, in order to build secure application, processes, programs, etc. 

  • Operationalizing Security by Design (SbD)
  • Operationalizing Privacy by Design (PbD)
2017-guide-complianceforge-cybersecurity-vulnerability-patch-management.jpg  

This category of products is focused on operationalizing secure processes for vulnerability management and deploying software patches

This can be thought of as "technology maintenance" and it is a common audit failure for organizations of all sizes. Our approach is unique where we apply an enterprise-wide focus to provide governance and actionable guidance for what needs to be done to maintain secure systems.

Policies and standards address the higher-level "why?" and "what?" questions, but these products address the "how?" questions about vulnerability management so that teams can efficiently implement: 

  • Risk-based approach to patch management.
  • Vulnerability analysis processes.
  • Vulnerability management methodology (e.g., 0-day vulnerability management).
  • Vulnerability scanning & penetration testing methodologies.  
  • Pre-production security control validation.
2017-guide-complianceforge-cybersecurity-vendor-management-program.jpg  

This category of products is focused on providing clear expectations and requirements to third-party providers on their cybersecurity roles and responsibilities. Organizations need an easy method to prove that vendor management is being performed.

Recent history has proven that third-parties often are the "soft underbelly" that lead to a data breach or hacking incident. Given that trend, cybersecurity governance of third parties is now a common requirement in vendor contracts and regulations:

  • Publicly-facing requirements that clearly document cybersecurity expectations.
  • Cybersecurity criteria as part of a contract addendum.
2017-guide-complianceforge-cybersecurity-incident-response-program.jpg  

This category of products is focused on providing clear expectations and governance of incident response activities. All too often, incident response is a "fire drill" that is run in an ad hoc and unsustainable manner, which is both inefficient and potentially disastrous. Given new regulatory requirements for incident response, the tide is changing to require companies to have documented and practiced incident response capabilities.

Our approach is unique where we apply an enterprise-wide focus to provide governance and actionable guidance for what needs to be done to prepare for, detect, respond to, recover from and learn from cybersecurity incidents.

Policies and standards address the higher-level "why?" and "what?" questions, but these products address the "how?" questions about incident response so that teams can efficiently implement: 

  • Aligning cybersecurity incident response with business objectives.
  • Categorizing incidents and impact levels.
  • Defining roles and responsibilities for incident response
  • Providing a phase-based approach that is aligned with leading practices.

 

 

 

    There are no products in this category.

Sign up for our Newsletter!

×
×