SlideShare a Scribd company logo

Leverage Automation to Protect Your Crown Jewels and Reduce Cyber Risks/Costs

R
Richard Marti - Principal

This document describes GRCAlert's services, tools, skills, and certifications for helping organizations reduce cyber risks and costs through leveraging automation, GRC, IAM, DLP, and cloud services. Key services include risk management, compliance, governance, risk and compliance program implementation, virtual CISO services, IT/security auditing, and risk/compliance workshops. Specialized skills and tools include Archer, RSAM, Allgress, Bwise, LockPath, ServiceNow, Oracle GRC, and various frameworks and certifications. Benefits of GRCAlert include bringing the right expertise and tools to engagements, helping clients achieve objectives, and providing typically 35% cost savings compared to full-time employees. Benef

Business
1 of 7
Download to read offline
We protect your “Crown Jewel” and reduce cyber risks/costs by leveraging Automation GRC IAM DLP Cloud CEO, CIO CSO, CCO vCISO
Services, Tools, Skills, Certifications 2 Focus Areas Detailed Description Services Risk Management  ERM, OpsRisk, IT risk, 3rd party risk and Cyber security risk Compliance  SOX, PCI, GDPR, HITRUST, ISO 27000, SOC1/2, FedRAMP, HIPAA,NERC, MAR, NYDFS Governance, Risk and Compliance (GRC)  Program, Process and Technology Implementation vCISO services (CISO As A Service – Substantial $aving$)  Cyber security strategy, Cyber security program development/enhancement, Monthly/Quarterly senior management reporting , yearly board reporting, Cyber security program/technology roadmap and SME support IT/Security Audit co-sourcing - IT/ERP audit, Cyber Security and 3rd party Audit * Retainer – 20 hrs./week commitment. Use cases - Program oversight, Resource until FTE on-boarded , In-flight project, Tool selection/POC/Pilot, Remediation support, Workshops, Policies, Procedures , Standards , Run book development etc. Risk/ Compliance/GRC/Cyber Security Workshops  1/2/5 day(s) duration (workshops/boot camps) * Client can carry forward retainer hrs. to next month/quarter , valid for year .
Services, Tools, Skills, Certifications - Cont’d 3 Focus Areas Detailed Description Tools and Specialized Skills • Archer, RSAM, Allgress, Bwise, LockPath, ServiceNow, Oracle GRC • NIST-CSF, FFIEC-CSF, ISO 27001 based cyber program assessments • ServiceNow end-to-end ITSM and GRC services • Cloud Assessment, Roadmap and Migration/Implementation Services Certifications • CISSP, CISA, ITIL, PMP, PCI-QSA, CEH, OSCP Why GRCAlert? • We bring the right team mix (domain/industry expertise) and tools to each client engagement • We help clients meet their objectives & achieve their vision by delivering a total solution, sharing accountability for each of our client’s successes • Customer save on an average 35% compare to full time employee (No vacation, no 401k, no public holidays, no sick days, no medical, no bonuses, no mobile reimbursements, no annual raises, no social security contribution, no training cost, no LTD benefits etc.) • We always offer you the value optimized pricing model !
 Limited Security Budget (Total cost of acquiring and retaining seasoned CISO for small and medium businesses is up to $250k-$350K/yr. plus). Additionally, Employee turnover and the market for experienced security talent is very competitive – CISO is no exception!  Scarcity of business and technology savvy experienced CISO professionals.  On-going cyber security demands from internal/external stakeholders  Growing “IT/Cyber Compliance” requirements e.g. GDPR, SOX, PCI, GLBA, ISO27000, SOC1/2, HITRUST, FedRAMP, FISMA, NERC, Privacy etc. Why vCISO? 4
vCISO Services vCISO Cyber Strategy Cyber Program GRCMonitoring Reporting 1 2 34 5 • Aligned with Business and IT Strategic objectives e.g. Protect assets (confidential data/IP), brand protection, high availability, M&A, Expansion, new product or services, regulatory mandates, cloud etc. • Management report • Board report • Dashboard • Establish Cyber Security Program • Perform Cyber Program Maturity Assessment • Establish Cyber Program Components: 1. Policies, Standards, Procedures & Guidelines 2. Security architecture and design 3. Identity and Access management 4. Application and Data security 5. Network and Host security 6. Threat and vulnerability management 7. Incident Management 8. Security operations 9. Disaster recovery 10. Security awareness and training 11. Physical security 12. Cloud security 13. 3rd Party/Vendor security management 14. Governance (oversight, funding, PMO, Resources, Metrics, Reports etc.) 15. Risk Management (IT/Cyber Risk, Vendor Risk etc.) 16. Compliance Management (GDPR, PCI,SOX,HIPAA etc.) • Policies, Standards, Procedures, Assets , Vendor repository • Risk & Compliance framework e.g. ISO 27000, NIST, PCI,SOX, HIPAA, HITRUST, SOC1/2, GDPR etc. • Risks and Controls library • Remediation tracking and issues management • Workflow and Notifications • Integration with existing tools e.g. ServiceNow CMDB • Reports and Dashboards • Program delivery • Metrics (KRI/KPI) • Budget 5
vCISO Business Value  Cost savings and service continuity  Effective cyber security governance and oversight  Focused, timely and accurate strategic and tactical information  Independent and industry expertise  Flexible and adaptive approach  Increased mutual confidence among internal/external stakeholders CurrentApproach CISO As-A-Service Cost Escalation CISO As-A-Service • Stabilizes Cost If continue with current approach Most CISO organizations are here 6
Leverage Automation to Protect Your Crown Jewels and Reduce Cyber Risks/Costs

Recommended

Security Modelling in ArchiMate
Security Modelling in ArchiMateSecurity Modelling in ArchiMate
Security Modelling in ArchiMatePECB
 
Kevin Watkins, Enterprise Security Architect at BAT - BAT’s Managed Security ...
Kevin Watkins, Enterprise Security Architect at BAT - BAT’s Managed Security ...Kevin Watkins, Enterprise Security Architect at BAT - BAT’s Managed Security ...
Kevin Watkins, Enterprise Security Architect at BAT - BAT’s Managed Security ...Global Business Events
 
SABSA Implementation(Part II)_ver1-0
SABSA Implementation(Part II)_ver1-0SABSA Implementation(Part II)_ver1-0
SABSA Implementation(Part II)_ver1-0Maganathin Veeraragaloo
 
Security review using SABSA
Security review using SABSASecurity review using SABSA
Security review using SABSAMaganathin Veeraragaloo
 
Information Security Analyst- Infosec train
Information Security Analyst- Infosec trainInformation Security Analyst- Infosec train
Information Security Analyst- Infosec trainInfosecTrain
 
ePlus Virtual Chief Information Security Officer (vCISO)
ePlus Virtual Chief Information Security Officer (vCISO)ePlus Virtual Chief Information Security Officer (vCISO)
ePlus Virtual Chief Information Security Officer (vCISO)ePlus
 
TrustedAgent and Defense Industrial Base (DIB)
TrustedAgent and Defense Industrial Base (DIB)TrustedAgent and Defense Industrial Base (DIB)
TrustedAgent and Defense Industrial Base (DIB)Tuan Phan
 
Security Consulting Services
Security Consulting ServicesSecurity Consulting Services
Security Consulting ServicesePlus
 

Recommended

Security Modelling in ArchiMate
Security Modelling in ArchiMateSecurity Modelling in ArchiMate
Security Modelling in ArchiMatePECB
 
Kevin Watkins, Enterprise Security Architect at BAT - BAT’s Managed Security ...
Kevin Watkins, Enterprise Security Architect at BAT - BAT’s Managed Security ...Kevin Watkins, Enterprise Security Architect at BAT - BAT’s Managed Security ...
Kevin Watkins, Enterprise Security Architect at BAT - BAT’s Managed Security ...Global Business Events
 
SABSA Implementation(Part II)_ver1-0
SABSA Implementation(Part II)_ver1-0SABSA Implementation(Part II)_ver1-0
SABSA Implementation(Part II)_ver1-0Maganathin Veeraragaloo
 
Security review using SABSA
Security review using SABSASecurity review using SABSA
Security review using SABSAMaganathin Veeraragaloo
 
Information Security Analyst- Infosec train
Information Security Analyst- Infosec trainInformation Security Analyst- Infosec train
Information Security Analyst- Infosec trainInfosecTrain
 
ePlus Virtual Chief Information Security Officer (vCISO)
ePlus Virtual Chief Information Security Officer (vCISO)ePlus Virtual Chief Information Security Officer (vCISO)
ePlus Virtual Chief Information Security Officer (vCISO)ePlus
 
TrustedAgent and Defense Industrial Base (DIB)
TrustedAgent and Defense Industrial Base (DIB)TrustedAgent and Defense Industrial Base (DIB)
TrustedAgent and Defense Industrial Base (DIB)Tuan Phan
 
Security Consulting Services
Security Consulting ServicesSecurity Consulting Services
Security Consulting ServicesePlus
 
Cdpse course content infosec train
Cdpse course content infosec trainCdpse course content infosec train
Cdpse course content infosec trainShivamSharma909
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityThe Open Group SA
 
Key Ingredients for Your MSSP Offering
Key Ingredients for Your MSSP OfferingKey Ingredients for Your MSSP Offering
Key Ingredients for Your MSSP OfferingeFolder
 
To MSSP or not to MSSP IISF 2015
To MSSP or not to MSSP IISF 2015To MSSP or not to MSSP IISF 2015
To MSSP or not to MSSP IISF 2015Paul Hogan
 
Security Digital Connect
Security Digital ConnectSecurity Digital Connect
Security Digital ConnectGrafic.guru
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security ArchitecturePriyanka Aash
 
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATIONPCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATIONhimalya sharma
 
3 Reasons Why Manufacturing Companies are Moving to Dynamics 365FO
3 Reasons Why Manufacturing Companies are Moving to Dynamics 365FO3 Reasons Why Manufacturing Companies are Moving to Dynamics 365FO
3 Reasons Why Manufacturing Companies are Moving to Dynamics 365FONandita Nityanandam
 
10 Commandments for Achieving Operational Excellence
10 Commandments for Achieving Operational Excellence10 Commandments for Achieving Operational Excellence
10 Commandments for Achieving Operational ExcellenceMitch Ackles
 
How Training and Consulting Companies Can Position CISSP, CISM and CRISC
How Training and Consulting Companies Can Position CISSP, CISM and CRISCHow Training and Consulting Companies Can Position CISSP, CISM and CRISC
How Training and Consulting Companies Can Position CISSP, CISM and CRISCITpreneurs
 
Zyston CISO Advisory Services
Zyston CISO Advisory ServicesZyston CISO Advisory Services
Zyston CISO Advisory ServicesNiki Rabren
 
Integrated Compliance
Integrated ComplianceIntegrated Compliance
Integrated ComplianceKimberly Simon MBA
 
Cloud computing risk assesment
Cloud computing risk assesment Cloud computing risk assesment
Cloud computing risk assesment Ahmad El Tawil
 
Key metrics and process in cyber security case scenario
Key metrics and process in cyber security case scenarioKey metrics and process in cyber security case scenario
Key metrics and process in cyber security case scenarioAkingbade Akinfenwa
 
Managing Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust PrinciplesManaging Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust PrinciplesControlCase
 
Continual Compliance Monitoring– PCI DSS, HIPAA, FERC/NERC, EI3PA, ISO 27001 ...
Continual Compliance Monitoring– PCI DSS, HIPAA, FERC/NERC, EI3PA, ISO 27001 ...Continual Compliance Monitoring– PCI DSS, HIPAA, FERC/NERC, EI3PA, ISO 27001 ...
Continual Compliance Monitoring– PCI DSS, HIPAA, FERC/NERC, EI3PA, ISO 27001 ...ControlCase
 
Critical Infrastructure Protection (CIP) NERC Training
Critical Infrastructure Protection (CIP) NERC TrainingCritical Infrastructure Protection (CIP) NERC Training
Critical Infrastructure Protection (CIP) NERC TrainingTonex
 
Happiest Minds Technologies- ComplianceVigil Solution Overview
Happiest Minds Technologies- ComplianceVigil Solution OverviewHappiest Minds Technologies- ComplianceVigil Solution Overview
Happiest Minds Technologies- ComplianceVigil Solution OverviewHappiest Minds Technologies
 
1 final secnet_pci
1 final secnet_pci1 final secnet_pci
1 final secnet_pcimosyas
 
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIECVendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIECKimberly Simon MBA
 
A Major Revision of the CISRCP Program
A Major Revision of the CISRCP ProgramA Major Revision of the CISRCP Program
A Major Revision of the CISRCP ProgramGoogleNewsSubmit
 
CRISC Course Preview
CRISC Course PreviewCRISC Course Preview
CRISC Course PreviewInvensis Learning
 

More Related Content

What's hot

Cdpse course content infosec train
Cdpse course content infosec trainCdpse course content infosec train
Cdpse course content infosec trainShivamSharma909
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityThe Open Group SA
 
Key Ingredients for Your MSSP Offering
Key Ingredients for Your MSSP OfferingKey Ingredients for Your MSSP Offering
Key Ingredients for Your MSSP OfferingeFolder
 
To MSSP or not to MSSP IISF 2015
To MSSP or not to MSSP IISF 2015To MSSP or not to MSSP IISF 2015
To MSSP or not to MSSP IISF 2015Paul Hogan
 
Security Digital Connect
Security Digital ConnectSecurity Digital Connect
Security Digital ConnectGrafic.guru
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security ArchitecturePriyanka Aash
 
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATIONPCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATIONhimalya sharma
 
3 Reasons Why Manufacturing Companies are Moving to Dynamics 365FO
3 Reasons Why Manufacturing Companies are Moving to Dynamics 365FO3 Reasons Why Manufacturing Companies are Moving to Dynamics 365FO
3 Reasons Why Manufacturing Companies are Moving to Dynamics 365FONandita Nityanandam
 
10 Commandments for Achieving Operational Excellence
10 Commandments for Achieving Operational Excellence10 Commandments for Achieving Operational Excellence
10 Commandments for Achieving Operational ExcellenceMitch Ackles
 
How Training and Consulting Companies Can Position CISSP, CISM and CRISC
How Training and Consulting Companies Can Position CISSP, CISM and CRISCHow Training and Consulting Companies Can Position CISSP, CISM and CRISC
How Training and Consulting Companies Can Position CISSP, CISM and CRISCITpreneurs
 
Zyston CISO Advisory Services
Zyston CISO Advisory ServicesZyston CISO Advisory Services
Zyston CISO Advisory ServicesNiki Rabren
 
Cloud computing risk assesment
Cloud computing risk assesment Cloud computing risk assesment
Cloud computing risk assesment Ahmad El Tawil
 
Key metrics and process in cyber security case scenario
Key metrics and process in cyber security case scenarioKey metrics and process in cyber security case scenario
Key metrics and process in cyber security case scenarioAkingbade Akinfenwa
 
Managing Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust PrinciplesManaging Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust PrinciplesControlCase
 
Continual Compliance Monitoring– PCI DSS, HIPAA, FERC/NERC, EI3PA, ISO 27001 ...
Continual Compliance Monitoring– PCI DSS, HIPAA, FERC/NERC, EI3PA, ISO 27001 ...Continual Compliance Monitoring– PCI DSS, HIPAA, FERC/NERC, EI3PA, ISO 27001 ...
Continual Compliance Monitoring– PCI DSS, HIPAA, FERC/NERC, EI3PA, ISO 27001 ...ControlCase
 
Critical Infrastructure Protection (CIP) NERC Training
Critical Infrastructure Protection (CIP) NERC TrainingCritical Infrastructure Protection (CIP) NERC Training
Critical Infrastructure Protection (CIP) NERC TrainingTonex
 
Happiest Minds Technologies- ComplianceVigil Solution Overview
Happiest Minds Technologies- ComplianceVigil Solution OverviewHappiest Minds Technologies- ComplianceVigil Solution Overview
Happiest Minds Technologies- ComplianceVigil Solution OverviewHappiest Minds Technologies
 
1 final secnet_pci
1 final secnet_pci1 final secnet_pci
1 final secnet_pcimosyas
 
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIECVendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIECKimberly Simon MBA
 

What's hot (20)

Cdpse course content infosec train
Cdpse course content infosec trainCdpse course content infosec train
Cdpse course content infosec train
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber Security
 
Key Ingredients for Your MSSP Offering
Key Ingredients for Your MSSP OfferingKey Ingredients for Your MSSP Offering
Key Ingredients for Your MSSP Offering
 
To MSSP or not to MSSP IISF 2015
To MSSP or not to MSSP IISF 2015To MSSP or not to MSSP IISF 2015
To MSSP or not to MSSP IISF 2015
 
Security Digital Connect
Security Digital ConnectSecurity Digital Connect
Security Digital Connect
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security Architecture
 
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATIONPCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
 
3 Reasons Why Manufacturing Companies are Moving to Dynamics 365FO
3 Reasons Why Manufacturing Companies are Moving to Dynamics 365FO3 Reasons Why Manufacturing Companies are Moving to Dynamics 365FO
3 Reasons Why Manufacturing Companies are Moving to Dynamics 365FO
 
10 Commandments for Achieving Operational Excellence
10 Commandments for Achieving Operational Excellence10 Commandments for Achieving Operational Excellence
10 Commandments for Achieving Operational Excellence
 
How Training and Consulting Companies Can Position CISSP, CISM and CRISC
How Training and Consulting Companies Can Position CISSP, CISM and CRISCHow Training and Consulting Companies Can Position CISSP, CISM and CRISC
How Training and Consulting Companies Can Position CISSP, CISM and CRISC
 
Zyston CISO Advisory Services
Zyston CISO Advisory ServicesZyston CISO Advisory Services
Zyston CISO Advisory Services
 
Integrated Compliance
Integrated ComplianceIntegrated Compliance
Integrated Compliance
 
Cloud computing risk assesment
Cloud computing risk assesment Cloud computing risk assesment
Cloud computing risk assesment
 
Key metrics and process in cyber security case scenario
Key metrics and process in cyber security case scenarioKey metrics and process in cyber security case scenario
Key metrics and process in cyber security case scenario
 
Managing Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust PrinciplesManaging Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust Principles
 
Continual Compliance Monitoring– PCI DSS, HIPAA, FERC/NERC, EI3PA, ISO 27001 ...
Continual Compliance Monitoring– PCI DSS, HIPAA, FERC/NERC, EI3PA, ISO 27001 ...Continual Compliance Monitoring– PCI DSS, HIPAA, FERC/NERC, EI3PA, ISO 27001 ...
Continual Compliance Monitoring– PCI DSS, HIPAA, FERC/NERC, EI3PA, ISO 27001 ...
 
Critical Infrastructure Protection (CIP) NERC Training
Critical Infrastructure Protection (CIP) NERC TrainingCritical Infrastructure Protection (CIP) NERC Training
Critical Infrastructure Protection (CIP) NERC Training
 
Happiest Minds Technologies- ComplianceVigil Solution Overview
Happiest Minds Technologies- ComplianceVigil Solution OverviewHappiest Minds Technologies- ComplianceVigil Solution Overview
Happiest Minds Technologies- ComplianceVigil Solution Overview
 
1 final secnet_pci
1 final secnet_pci1 final secnet_pci
1 final secnet_pci
 
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIECVendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
 

Similar to Leverage Automation to Protect Your Crown Jewels and Reduce Cyber Risks/Costs

A Major Revision of the CISRCP Program
A Major Revision of the CISRCP ProgramA Major Revision of the CISRCP Program
A Major Revision of the CISRCP ProgramGoogleNewsSubmit
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...PECB
 
CV of Mohan M
CV of Mohan MCV of Mohan M
CV of Mohan MMohan M
 
EUCI Mapping Cybersecurity to CIP
EUCI Mapping Cybersecurity to CIPEUCI Mapping Cybersecurity to CIP
EUCI Mapping Cybersecurity to CIPScott Baron
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationWilliam McBorrough
 
MCGlobalTech Service Presentation
MCGlobalTech Service PresentationMCGlobalTech Service Presentation
MCGlobalTech Service PresentationWilliam McBorrough
 
Super CISO 2020: How to Keep Your Job
Super CISO 2020: How to Keep Your JobSuper CISO 2020: How to Keep Your Job
Super CISO 2020: How to Keep Your JobPriyanka Aash
 
New technologies - Amer Haza'a
New technologies - Amer Haza'aNew technologies - Amer Haza'a
New technologies - Amer Haza'aFahmi Albaheth
 
Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3Doeren Mayhew
 
Cyber Security in The Cloud
Cyber Security in The CloudCyber Security in The Cloud
Cyber Security in The CloudPECB
 
Nist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quanticoNist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quanticoTuan Phan
 
Kmicro Cybersecurity Offerings 2020
Kmicro Cybersecurity Offerings 2020Kmicro Cybersecurity Offerings 2020
Kmicro Cybersecurity Offerings 2020Manuel Guillen
 
iDEAFest Enteprise InfoSec Program Lessons Learned
iDEAFest Enteprise InfoSec Program Lessons LearnediDEAFest Enteprise InfoSec Program Lessons Learned
iDEAFest Enteprise InfoSec Program Lessons LearnedMichael King
 
Maclear’s IT GRC Tools – Key Issues and Trends
Maclear’s IT GRC Tools – Key Issues and TrendsMaclear’s IT GRC Tools – Key Issues and Trends
Maclear’s IT GRC Tools – Key Issues and TrendsMaclear LLC
 
CERTIFIED DATA CENTRE RISK PROFESSIONAL
CERTIFIED DATA CENTRE RISK PROFESSIONALCERTIFIED DATA CENTRE RISK PROFESSIONAL
CERTIFIED DATA CENTRE RISK PROFESSIONALDee Smith & Associates
 
Walls of Steel, Doors of Wood - Relevance of Application Security
Walls of Steel, Doors of Wood - Relevance of Application SecurityWalls of Steel, Doors of Wood - Relevance of Application Security
Walls of Steel, Doors of Wood - Relevance of Application SecurityAbdul Jaleel
 
CRISC_certification_training_course_content
CRISC_certification_training_course_contentCRISC_certification_training_course_content
CRISC_certification_training_course_contentpriyanshamadhwal2
 
CRISC_v1_2021_Course_Content & description
CRISC_v1_2021_Course_Content & descriptionCRISC_v1_2021_Course_Content & description
CRISC_v1_2021_Course_Content & descriptionInfosec train
 

Similar to Leverage Automation to Protect Your Crown Jewels and Reduce Cyber Risks/Costs (20)

A Major Revision of the CISRCP Program
A Major Revision of the CISRCP ProgramA Major Revision of the CISRCP Program
A Major Revision of the CISRCP Program
 
CRISC Course Preview
CRISC Course PreviewCRISC Course Preview
CRISC Course Preview
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
 
CV of Mohan M
CV of Mohan MCV of Mohan M
CV of Mohan M
 
EUCI Mapping Cybersecurity to CIP
EUCI Mapping Cybersecurity to CIPEUCI Mapping Cybersecurity to CIP
EUCI Mapping Cybersecurity to CIP
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service Presentation
 
MCGlobalTech Service Presentation
MCGlobalTech Service PresentationMCGlobalTech Service Presentation
MCGlobalTech Service Presentation
 
Super CISO 2020: How to Keep Your Job
Super CISO 2020: How to Keep Your JobSuper CISO 2020: How to Keep Your Job
Super CISO 2020: How to Keep Your Job
 
New technologies - Amer Haza'a
New technologies - Amer Haza'aNew technologies - Amer Haza'a
New technologies - Amer Haza'a
 
Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3
 
Cyber Security in The Cloud
Cyber Security in The CloudCyber Security in The Cloud
Cyber Security in The Cloud
 
Nist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quanticoNist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quantico
 
Kmicro Cybersecurity Offerings 2020
Kmicro Cybersecurity Offerings 2020Kmicro Cybersecurity Offerings 2020
Kmicro Cybersecurity Offerings 2020
 
iDEAFest Enteprise InfoSec Program Lessons Learned
iDEAFest Enteprise InfoSec Program Lessons LearnediDEAFest Enteprise InfoSec Program Lessons Learned
iDEAFest Enteprise InfoSec Program Lessons Learned
 
Maclear’s IT GRC Tools – Key Issues and Trends
Maclear’s IT GRC Tools – Key Issues and TrendsMaclear’s IT GRC Tools – Key Issues and Trends
Maclear’s IT GRC Tools – Key Issues and Trends
 
I Syed, Sr. Consultant - Enterprise Information Security Governance, Risk, Co...
I Syed, Sr. Consultant - Enterprise Information Security Governance, Risk, Co...I Syed, Sr. Consultant - Enterprise Information Security Governance, Risk, Co...
I Syed, Sr. Consultant - Enterprise Information Security Governance, Risk, Co...
 
CERTIFIED DATA CENTRE RISK PROFESSIONAL
CERTIFIED DATA CENTRE RISK PROFESSIONALCERTIFIED DATA CENTRE RISK PROFESSIONAL
CERTIFIED DATA CENTRE RISK PROFESSIONAL
 
Walls of Steel, Doors of Wood - Relevance of Application Security
Walls of Steel, Doors of Wood - Relevance of Application SecurityWalls of Steel, Doors of Wood - Relevance of Application Security
Walls of Steel, Doors of Wood - Relevance of Application Security
 
CRISC_certification_training_course_content
CRISC_certification_training_course_contentCRISC_certification_training_course_content
CRISC_certification_training_course_content
 
CRISC_v1_2021_Course_Content & description
CRISC_v1_2021_Course_Content & descriptionCRISC_v1_2021_Course_Content & description
CRISC_v1_2021_Course_Content & description
 

Recently uploaded

BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,noida100girls
 
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...lizamodels9
 
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999Tina Ji
 
2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis UsageNeil Kimberley
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Servicediscovermytutordmt
 
Grateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfGrateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfPaul Menig
 
Progress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitProgress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitHolger Mueller
 
rishikeshgirls.in- Rishikesh call girl.pdf
rishikeshgirls.in- Rishikesh call girl.pdfrishikeshgirls.in- Rishikesh call girl.pdf
rishikeshgirls.in- Rishikesh call girl.pdfmuskan1121w
 
7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...Paul Menig
 
Non Text Magic Studio Magic Design for Presentations L&P.pptx
Non Text Magic Studio Magic Design for Presentations L&P.pptxNon Text Magic Studio Magic Design for Presentations L&P.pptx
Non Text Magic Studio Magic Design for Presentations L&P.pptxAbhayThakur200703
 
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...anilsa9823
 
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppelCorporation
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableDipal Arora
 
Intro to BCG's Carbon Emissions Benchmark_vF.pdf
Intro to BCG's Carbon Emissions Benchmark_vF.pdfIntro to BCG's Carbon Emissions Benchmark_vF.pdf
Intro to BCG's Carbon Emissions Benchmark_vF.pdfpollardmorgan
 
VIP Call Girls Pune Kirti 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Kirti 8617697112 Independent Escort Service PuneVIP Call Girls Pune Kirti 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Kirti 8617697112 Independent Escort Service PuneCall girls in Ahmedabad High profile
 
Sales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for SuccessSales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for SuccessAggregage
 
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With RoomVIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Roomdivyansh0kumar0
 
M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.Aaiza Hassan
 
RE Capital's Visionary Leadership under Newman Leech
RE Capital's Visionary Leadership under Newman LeechRE Capital's Visionary Leadership under Newman Leech
RE Capital's Visionary Leadership under Newman LeechNewman George Leech
 

Recently uploaded (20)

BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
 
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
 
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999
 
2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Service
 
Grateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfGrateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdf
 
Progress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitProgress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst Summit
 
rishikeshgirls.in- Rishikesh call girl.pdf
rishikeshgirls.in- Rishikesh call girl.pdfrishikeshgirls.in- Rishikesh call girl.pdf
rishikeshgirls.in- Rishikesh call girl.pdf
 
7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...
 
Non Text Magic Studio Magic Design for Presentations L&P.pptx
Non Text Magic Studio Magic Design for Presentations L&P.pptxNon Text Magic Studio Magic Design for Presentations L&P.pptx
Non Text Magic Studio Magic Design for Presentations L&P.pptx
 
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
 
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
 
Intro to BCG's Carbon Emissions Benchmark_vF.pdf
Intro to BCG's Carbon Emissions Benchmark_vF.pdfIntro to BCG's Carbon Emissions Benchmark_vF.pdf
Intro to BCG's Carbon Emissions Benchmark_vF.pdf
 
VIP Call Girls Pune Kirti 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Kirti 8617697112 Independent Escort Service PuneVIP Call Girls Pune Kirti 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Kirti 8617697112 Independent Escort Service Pune
 
Sales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for SuccessSales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for Success
 
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With RoomVIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
 
M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.
 
RE Capital's Visionary Leadership under Newman Leech
RE Capital's Visionary Leadership under Newman LeechRE Capital's Visionary Leadership under Newman Leech
RE Capital's Visionary Leadership under Newman Leech
 
Best Practices for Implementing an External Recruiting Partnership
Best Practices for Implementing an External Recruiting PartnershipBest Practices for Implementing an External Recruiting Partnership
Best Practices for Implementing an External Recruiting Partnership
 

Leverage Automation to Protect Your Crown Jewels and Reduce Cyber Risks/Costs

  • 1. We protect your “Crown Jewel” and reduce cyber risks/costs by leveraging Automation GRC IAM DLP Cloud CEO, CIO CSO, CCO vCISO
  • 2. Services, Tools, Skills, Certifications 2 Focus Areas Detailed Description Services Risk Management  ERM, OpsRisk, IT risk, 3rd party risk and Cyber security risk Compliance  SOX, PCI, GDPR, HITRUST, ISO 27000, SOC1/2, FedRAMP, HIPAA,NERC, MAR, NYDFS Governance, Risk and Compliance (GRC)  Program, Process and Technology Implementation vCISO services (CISO As A Service – Substantial $aving$)  Cyber security strategy, Cyber security program development/enhancement, Monthly/Quarterly senior management reporting , yearly board reporting, Cyber security program/technology roadmap and SME support IT/Security Audit co-sourcing - IT/ERP audit, Cyber Security and 3rd party Audit * Retainer – 20 hrs./week commitment. Use cases - Program oversight, Resource until FTE on-boarded , In-flight project, Tool selection/POC/Pilot, Remediation support, Workshops, Policies, Procedures , Standards , Run book development etc. Risk/ Compliance/GRC/Cyber Security Workshops  1/2/5 day(s) duration (workshops/boot camps) * Client can carry forward retainer hrs. to next month/quarter , valid for year .
  • 3. Services, Tools, Skills, Certifications - Cont’d 3 Focus Areas Detailed Description Tools and Specialized Skills • Archer, RSAM, Allgress, Bwise, LockPath, ServiceNow, Oracle GRC • NIST-CSF, FFIEC-CSF, ISO 27001 based cyber program assessments • ServiceNow end-to-end ITSM and GRC services • Cloud Assessment, Roadmap and Migration/Implementation Services Certifications • CISSP, CISA, ITIL, PMP, PCI-QSA, CEH, OSCP Why GRCAlert? • We bring the right team mix (domain/industry expertise) and tools to each client engagement • We help clients meet their objectives & achieve their vision by delivering a total solution, sharing accountability for each of our client’s successes • Customer save on an average 35% compare to full time employee (No vacation, no 401k, no public holidays, no sick days, no medical, no bonuses, no mobile reimbursements, no annual raises, no social security contribution, no training cost, no LTD benefits etc.) • We always offer you the value optimized pricing model !
  • 4.  Limited Security Budget (Total cost of acquiring and retaining seasoned CISO for small and medium businesses is up to $250k-$350K/yr. plus). Additionally, Employee turnover and the market for experienced security talent is very competitive – CISO is no exception!  Scarcity of business and technology savvy experienced CISO professionals.  On-going cyber security demands from internal/external stakeholders  Growing “IT/Cyber Compliance” requirements e.g. GDPR, SOX, PCI, GLBA, ISO27000, SOC1/2, HITRUST, FedRAMP, FISMA, NERC, Privacy etc. Why vCISO? 4
  • 5. vCISO Services vCISO Cyber Strategy Cyber Program GRCMonitoring Reporting 1 2 34 5 • Aligned with Business and IT Strategic objectives e.g. Protect assets (confidential data/IP), brand protection, high availability, M&A, Expansion, new product or services, regulatory mandates, cloud etc. • Management report • Board report • Dashboard • Establish Cyber Security Program • Perform Cyber Program Maturity Assessment • Establish Cyber Program Components: 1. Policies, Standards, Procedures & Guidelines 2. Security architecture and design 3. Identity and Access management 4. Application and Data security 5. Network and Host security 6. Threat and vulnerability management 7. Incident Management 8. Security operations 9. Disaster recovery 10. Security awareness and training 11. Physical security 12. Cloud security 13. 3rd Party/Vendor security management 14. Governance (oversight, funding, PMO, Resources, Metrics, Reports etc.) 15. Risk Management (IT/Cyber Risk, Vendor Risk etc.) 16. Compliance Management (GDPR, PCI,SOX,HIPAA etc.) • Policies, Standards, Procedures, Assets , Vendor repository • Risk & Compliance framework e.g. ISO 27000, NIST, PCI,SOX, HIPAA, HITRUST, SOC1/2, GDPR etc. • Risks and Controls library • Remediation tracking and issues management • Workflow and Notifications • Integration with existing tools e.g. ServiceNow CMDB • Reports and Dashboards • Program delivery • Metrics (KRI/KPI) • Budget 5
  • 6. vCISO Business Value  Cost savings and service continuity  Effective cyber security governance and oversight  Focused, timely and accurate strategic and tactical information  Independent and industry expertise  Flexible and adaptive approach  Increased mutual confidence among internal/external stakeholders CurrentApproach CISO As-A-Service Cost Escalation CISO As-A-Service • Stabilizes Cost If continue with current approach Most CISO organizations are here 6