SlideShare a Scribd company logo

MCGlobalTech Commercial Cybersecurity Capability Statement

William McBorrough
William McBorrough

Mission Critical Global Technology Group (MCGlobalTech) is an information security and IT consulting firm that provides enterprise information security management services for commercial businesses. The document discusses why businesses need a formal security program to take an organized, enterprise-wide approach to managing security risks in a proactive manner. It outlines the key components of a security program and how MCGlobalTech can help clients develop a tailored program to protect their data, systems and meet their unique security needs.

1 of 11
Download to read offline
    M C G l o b a l T e c h 1 3 2 5   G   S t r e e t ,   N W   S u i t e   5 0 0   W a s h i n g t o n ,   D . C .   2 0 0 0 5   P h o n e :   2 0 2 . 3 5 5 . 9 4 4 8 E m a i l :   i n f o @ m c g l o b a l t e c h . c o m   w w w . m c g l o b a l t e c h . c o m     An organized, enterprise-wide approach to managing your security risks that allows you to prioritize your security efforts and maximize your return on security investment. Mission Critical Global Technology Group Enterprise Information Security Management For Commercial Businesses
Mission Critical Global Technology Group E: Info@mcglobaltech.com T: 202-355-9448 www.mcglobaltech.com 1 About  MCGlobalTech     Mission  Critical  Global  Technology  Group  (MCGlobalTech)  is  an  Information  Security  and  IT   Infrastructure  Management  Consulting  firm  founded  by  industry  leaders  who  combine  decades  of   experience  in  industries  such  as  finance,  health  care,  manufacturing,  insurance,  education,  federal,  state,   and  local  government  agencies.      The  Principals  at  MCGlobalTech  have  provided  Information  Security   services  to  private  sector  industries,  state,  and  federal  government  agencies  for  over  25  years.     MCGlobalTech  provides  security  services  and  solutions  to  solve  a  myriad  of  complex  security  challenges   facing  our  clients.    Through  our  corporate  and  personal  work  experiences  and  the  extensive  experience  of   our  partners,  MCGlobalTech  delivers  leading  edge,  cost-­‐effective  security  solutions  to  meet  any   budgetary  requirements.     Our  mission  is  to  be  a  trusted  provider  of  information  technology  services  and  solutions  with  core   competencies  in  cybersecurity,  information  assurance,  security  engineering,  risk  management,  and   security  program  and  project  management.    Our  proven  methodologies  and  scalable  solutions  help  our   clients  achieve  maximum  return  on  their  investment.     At  MCGlobalTech,  we  believe  that  strong  values  create  long-­‐term  relationships  with  our  customers,   employees,  partners,  and  the  communities  we  serve.    At  the  heart  of  everything  we  do,  our  corporate   values  are:     • Providing  customer  satisfaction     • Delivering  innovative  solutions   • Empowering  staff  for  success   • Maintaining  technical  excellence   MCGlobalTech  consultants  provide  a  number   of  innovative  services  and  solutions  to   produce  a  comprehensive  risk  based   protection  strategy  to  protect  our  client’s  data   and  mission  critical  systems.    By  partnering   with  MCGlobalTech,  you  can  be  assured  of  a   tailored  security  program  that  fits  your   unique  business  requirements  instead  of  a   cookie  cutter  –  canned   solution.    MCGlobalTech  also  partners  with   other  service  providers  such  as  industry-­‐   focused  corporations,  technology  vendors  and  security  organizations  to  enhance  and  balance  our   portfolio  of  services.   MCGLOBALTECH Staff   Skills   Success  
Mission Critical Global Technology Group E: Info@mcglobaltech.com T: 202-355-9448 www.mcglobaltech.com 2   Protecting  Your  Business  With  A  Better  Security  Program       Why  You  Need  a  Security  Program   News  reports  of  major  security  breaches  across  government  and  commercial  industries  are  a  constant   reminder  of  the  threats  facing  organizations  large  and  small.  As  business  leaders,  you  must  ensure  your   organization's  assets  are  adequately  protected  against  internal  threats  such  as  disgruntled  employees   and  external  threats  such  as  hackers  and  malicious  software.  These  assets  include  your  mission  critical   data,  the  systems  used  to  store,  process,  and  transport  information  and  the  employees  that  utilize  and   depend  on  these  systems.  To  do  this  in  a  cost-­‐effective,  efficient,  and  effective  proactive  manner,  you  need   a  strong  enterprise  information  security  management  program.  A  security  program  provides  the   framework  for  addressing  security  threats  and  establishing,  implementing,  and  maintaining  an   acceptable  level  of  risk  to  your  organization's  assets  and  operations  as  determined  by  executive   leadership.  There  is  no  “one  size  fits  all”  in  security.  The  scope,  scale,  and  complexity  of  your  security   program  must  be  driven  by  your  organization's  unique  business  and  security  needs  and  security   tolerance  level.  A  security  program  also  allows  you  to  examine  your  organization  holistically  and     • Identify,  classify,  and  categorize  your  assets  that  need  protecting   • Identify  and  evaluate  threats  to  those  assets   • Identify  and  assess  where  those  assets  are  vulnerable  to  evaluated  threats   • Manage  the  resulting  risks  to  those  assets  through  mitigation,  transference,  avoidance  and   acceptance               Current  State  of  Security  Management   The  reality  is  that  all  organizations  are  doing  something  with  respect  to  security.  However,  without  a   formal  security  program,  your  organization,  like  many  others,  will  continue  to  respond  to  network   intrusions,  data  breaches,  system  failures,  and  other  security  incidents  in  an  ad-­‐hoc  and  reactive  manner.   The  organization  will  be  positioned  to  respond  to  individual  incidents,  thereby  not  spending  unnecessary   time,  money,  and  other  resources  to  address  the  symptoms  rather  than  the  root  cause  which  is  usually   the  lack  of  an  enterprise-­‐wide  approach  to  “identifying  and  managing”  your  security  risks  that  allows  you   to  prioritize  your  security  investments  and  efforts.         Evaluate   Assess   Manage   Iden5fy  
Mission Critical Global Technology Group E: Info@mcglobaltech.com T: 202-355-9448 www.mcglobaltech.com 3   The  Case  For  a  Holistic  Approach   According  to  HP’s  2015  Cyber  Threat  Report,  almost  half  of  companies  that  suffered  cyber  attacks  in   2014  were  the  results  of  unpatched  software  or  systems.    This  may  cause  an  affected  company  to  launch   an  aggressive  patching  initiative.  While  applying  security  patches  and  fixes  to  vulnerable  applications  and   servers  is  definitely  needed,  having  unpatched  systems  in  your  network  is  merely  a  symptom  of  a   systemic  problem  that  could  include  lack  of  proper  security  oversight,  policies,  procedures,  risk   management,  security  architecture,  employee  training  etc.,  all  of  which  if  properly  implemented  could   have  contributed  to  preventing  the  breach  and  resulting  cost  of  dealing  with  it.  Unless  all  of  those   elements  are  addressed,  your  organization  will  continue  to  ricochet  from  one  security  incident  to  the   next.  Security  vendors  and  service  providers  are  more  than  willing  to  sell  you  point  solutions  to  deal  with   any  subset  of  technical  security  challenges,  but  as  business  managers  across  industries  and  sectors  face   increasing  threats  and  decreasing  budgets,  you  can  ill-­‐afford  to  continue  down  that  path.     Factors  That  Affect  Your  Security  Program   In  addition  to  business  needs  and  drivers,  additional  factors  that  significantly  impact  your  organization’s   approach  to  security  and  privacy  are  laws,  regulations,  and  industry  standards.  These  include  Sarbanes-­‐ Oxley  Act  (SOX),  Gramm-­‐Leach-­‐Bliley  Act  (GLBA),  Health  Insurance  Portability  and  Accountability  Act   (HIPAA),  Federal  Information  Security  Management  Act  (FISMA),  Payment  Card  Industry  Data  Security   Standard  (PCI  DSS),  and  others,  depending  on  your  specific  industry.  An  Enterprise  Security  Program   takes  into  account  your  organization’s  compliance  requirements  and  protects  against  the  risks  of   penalties  and  fines  due  to  non-­‐compliance.     Security  Program  Standards  and  Best  Practices   The  International  Organization  for  Standardization  (ISO)  and  the  International  Electrotechnical   Commission  (IEC)  provides  recommendations  for  information  security  program  management  (ISO/IEC   27002).    Other  common  security  frameworks  include  National  Institute  of  Science  and  Technology   (NIST),  Control  Objectives  for  Information  and  Related  Technology  (COBIT),  Committee  of  Sponsoring   Organizations  of  the  Treadway  Commission  (COSO)  and  the  HiTRUST  Common  Security  Framework   (CSF).    Regardless  of  which  framework  you  employ,  it  must  be  tailored  to  fit  your  organization’s  business   model,  operations,  and  technology  environment.       Components  of  an  Enterprise  Information  Security  Management  Program   Regardless  of  industry  sector  or  organization  size,  there  are  five  components  that  are  the  foundation  of   any  security  program:       • Designated  Security  Leadership   Security  within  an  organization  is  everyone’s  responsibility.  However,  your  organization  must  designate   a  security  officer  or  manager  to  lead,  implement,  and  manage  the  security  program.  This  is  a  requirement  
Mission Critical Global Technology Group E: Info@mcglobaltech.com T: 202-355-9448 www.mcglobaltech.com 4 for  most  security  regulations  and  standards,  with  some  requiring  that  this  role  be  at  the  executive   management  level.    Your  security  leader  should  have  the  authority  and  support  to  champion  the  cause  of   security  as  a  business  driver  and  enabler  from  the  boardroom  to  the  operations  floor.       • Security  Policy  Framework   Your  security  policy  documents  includes  your  organization’s  leadership  goals  for  managing  security  risk   and  protecting  the  organization  assets.  Your  policy  framework  also  includes  standards,  procedures,  and   guidelines  that  govern  the  implementation  of  the  security  program  across  all  business  units  and   functions.  The  policy  framework  should  be  reviewed  and  updated  periodically  to  ensure  it  keeps  pace   with  the  ever-­‐changing  regulatory  compliance  requirements,  business  operations,  and  technology   landscape.       • Risk  Management  Framework   Your  security  program  must  continuously  assess  threats  and  vulnerabilities  in  order  to  identify,  measure,   and  prioritize  risks  to  the  organization’s  assets  that  must  be  managed.    Periodic  enterprise  risk   assessments  must  be  performed  to  include  security  penetration  testing  of  security  procedures  and   controls  and  employee  security  awareness  and  practices.         • Security  Architecture  and  Operations   An  enterprise  security  architecture  enables  your  organization  to  implement  necessary  technology   infrastructure  that  maximizes  return  on  security  investments  (ROI)  and  minimizes  risk.  A  layered   approach  to  applying  security  controls  allows  you  to  protect  your  data,  applications,  systems  and   networks.  Security  event  monitoring  and  response  allows  your  organization  to  efficiently  detect  and   mitigate  security  incidents  that  lead  to  data  breaches,  system  downtime  and  network  intrusions.       • Security  Awareness  and  Training  Program   A  security  awareness  program  and  role-­‐based  security  training  are  essential  to  educating  your   employees  about  their  roles  and  responsibilities  in  helping  to  maintain  a  strong  security  posture.  Users   are  often  considered  the  “weakest  link”  in  an  organization’s  security  controls,  however,  users  that  are   trained  and  equipped  with  the  tools  needed  to  perform  their  duties  securely  are  your  first  line  of  defense   against  security  threats.          
Mission Critical Global Technology Group E: Info@mcglobaltech.com T: 202-355-9448 www.mcglobaltech.com 5       MCGlobalTech  Enterprise  Information  Security  Management  Service   The  MCGlobalTech  Enterprise  Information  Security  Management  (EISM)  service  helps  protect   organizations  against  security  threats,  regulatory  non-­‐compliance,  and  financial  losses  through  the   effective  implementation  and/or  enhancement  of  the  five  components  of  an  effective  security  program  as   outlined  above.    Our  EISM  methodology  leverages  common  security  frameworks  including  ISO,  NIST,   COBIT,  and  COSO  to  measure  the  maturity  of  your  current  security  management  program.  This  includes  a   comprehensive  assessment  of  your  security  policies,  security  organization  structure,  asset  management,   personnel  security,  physical  and  environmental  security,  security  operations,  security  architecture,  and   technology,  business  continuity  preparedness,  and  security  compliance.       Security)Program)Components) Security)Awareness)and)Training)Program) (Educa9ng)Your)Employees))) Security)Architecture)and)Opera9ons) (Data,)Applica9ons,)Systems)and)Networks))) Risk)Management)Framework) (Iden9fy,)measure)and)priori9ze)risks))) Security)Officer)or)Manager) A)designated)security)officer)or)manager))) Security)Leader) Security)Policy)Framework) (Standards,)Procedures)and)Guidelines))) •  A)security)awareness) program)and)roleLbased) security)training)are) essen9al)to)educa9ng)your) employees)! •  Implement)necessary) technology)infrastructure) that)maximizes)ROI)and) minimizes)risk)) •  Applying)security)controls) to)protect)IT)environment) •  Security)event)monitoring) and)response)) •  Security)policy)documents) organiza9on’s)leadership) goals)for)managing)security) risk)and)protec9ng) organiza9onal)assets) Governance)Team) •  Your)security)program)must) con9nuously)assess)threats) and)vulnerabilities) •  Periodic)enterprise)risk) assessments)must)be) performed)to)include) security)penetra9on)tes9ng) of)security)procedures)and) controls)and)employee) security)awareness)and) prac9ces))! •  Lead,)implement)and) manage)the)security) program)) •  Requirement)for)most) security)regula9ons)and) standards) •  Authority)and)support)to) champion)IS)ini9a9ves))! •  Security)within)an) organiza9on)is)everyone’s) responsibility))
Mission Critical Global Technology Group E: Info@mcglobaltech.com T: 202-355-9448 www.mcglobaltech.com 6 How  MCGlobalTech  Helps  You  Protect  Your  Business  Through  Better  Security   • Security  Leadership   The  most  effective  security  programs  are  focused  on  supporting  the  overall  business  goals  of  the   organization.  MCGlobalTech’s  Security  Management  Subject  Matter  Experts  bring  decades  of  expertise   leading  security  programs  and  initiatives  to  advise  and  support  your  leadership  team  to  better   understand  the  business  loss  potential  and  make  pragmatic  decisions  about  “how  to  invest”  in  making   security  improvements  or  fixes.           Our  Leadership  Advisory  Services  include:   Ø CISO/CIO  Advisory  Services   Ø Virtual  CISO  Support   Ø Enterprise  Information  Security  Program  Assessment   Ø Security  Leadership  Training     • Security  Governance   MCGlobalTech’s  Security  Governance  and  Compliance  Subject  Matter  Experts  protect  your  organization   from  the  risk  of  hefty  monetary  fines,  penalties,  negative  branding,  loss  of  public  confidence,  etc.  due  to   non-­‐compliance  with  the  complex  maze  of  federal,  state,  and  industry  regulations  affecting  your   organization.  We  help  you  create  the  necessary  framework  of  policies,  standards,  and  best  practices  that   ensure  your  business  and  IT  operations  meet  your  regulatory  requirements,  industry  standards,  best   practices,  and  promote  not  only  security  and  privacy,  but  efficiency  reflecting  your  organizational  goals,   mission,  and  commitment  to  security.   Our  Security  Governance  and  Compliance  Services  include:   Ø Enterprise  Security  Governance  Document  Development  and  Review   Ø Enterprise  Security  Policies  Framework  Development  and  Review   Ø Compliance  Readiness  Audits   Ø Operational  Governance  and  Compliance  Support     • Security  Risk  Management   MCGlobalTech’s  Security  Risk  Management  (SRM)  program  incorporates  industry  standards,  such  as   NIST  and  ISO  27001,  and  proven  best  practices  from  our  dozens  of  risk  assessment  engagements  to   effectively  address  both  technical  and  non-­‐technical  business  security  risks.  Our  SRM  program  provides   our  clients  with  a  means  to  enhance  systems  security  and  operational  performance  and  facilitate   informed  decision-­‐making.  The  SRM  program  is  a  metrics-­‐based  program  that  identifies,  quantifies,  and   analyzes  potential  risk  indicators  and  mitigation  performance  throughout  the  operational  life  cycle  in  an   iterative  approach  -­‐  before,  during,  and  after.  The  SRM  program’s  principal  goal  is  to  protect  the  client   and  its  ability  to  perform  its  mission,  not  just  its  IT  assets.  Additionally,  MCGlobalTech’s  SRM  program   coordinates  the  synchronization  of  potential  impairment  to  operations  with  effective  levels  of  security  
Mission Critical Global Technology Group E: Info@mcglobaltech.com T: 202-355-9448 www.mcglobaltech.com 7 controls  and  mitigation  measures.  The  SRM  program  allows  for  developing  risk  management  policies,   ensuring  risk  policy  compliance,  monitoring  risk  mitigation  effectiveness,  and  prioritizing  and  managing   enterprise-­‐wide  security  risks  to  include  interdependencies  through  a  consolidated  risk  mitigation  plan   that  enables  effective  resource  utilization  (funding  and  time  sensitivity).     Our  Security  Risk  Management  Services  include:   Ø Risk  Management  Strategy  Development  and  Implementation   Ø Enterprise  Vulnerability  and  Risk  Assessments   Ø Technology  Infrastructure  Security  Assessments   Ø Vulnerability  Management  and  Penetration  Testing   Ø Continuous  Security  Monitoring     • Security  Architecture  and  Engineering   MCGlobalTech’s  Security  Architects  employ  proven  “defense-­‐in-­‐depth”  strategies  to  achieve  specific  risk-­‐ driven  security  objectives  across  the  IT  enterprise  through  the  implementation  of  technical  security   solutions.  Our  approach  integrates  security  controls  to  the  multiple  business  enterprise  layers  rather   than  a  vendor-­‐centric,  silo-­‐ed,  whack-­‐a-­‐mole  approach  to  address  individual  weaknesses  as  discovered.   These  security  objectives  are  determined  at  the  enterprise  level  as  part  of  an  overall  enterprise   architecture  framework.  A  subset  of  these  high  level  objectives  would  include:     Ø Authentication  –  Identifying  and  verifying  all  users  and  systems   Ø Segmentation  –  Separating  network  traffic,  systems,  and  data  according  to  risk   Ø Access  Control  –  Restricting  access  to  sensitive  systems  and  data     Ø Encryption  –  Protecting  confidentiality  of  data  and  communications   Ø Threat  Detection/Mitigation  –  Identifying  and  reacting  to  system  and  network  threats     To  achieve  these  objectives,  our  security  engineers  implement  best  of  breed  security  solutions  to  protect   client  business  data  and  the  systems  used  to  process,  store,  and  transport  them.  An  effective  layered   defensive  posture  requires  that  these  solutions  and  controls  be  implemented  at  the  Network,  Host,   Application,  and  Data  layers.     These  solutions  include:   Ø Packet  filtering  firewall  with  stateful  inspection   Ø Application  layer  firewalls  with  payload  inspection   Ø Proxy  servers/appliances   Ø Network  segmentation   Ø Network  and  Host  Intrusion  detection  and  prevention   Ø Network  and  Host  anti-­‐virus  detection   Ø Content  monitoring  and  filtering   Ø Mobile  device  management   Ø Privileged  identity  management  
Mission Critical Global Technology Group E: Info@mcglobaltech.com T: 202-355-9448 www.mcglobaltech.com 8 Ø Patch  management   Ø Network,  System,  Application  least  privilege  access  controls   Ø Data  and  Network  encryption   Ø Data  integrity  monitoring  and  loss  prevention     • Security  Training  and  Awareness   MCGlobalTech  offers  information  security  and  compliance  training  to  business  leaders  and  staff  to  help   them  better  protect  their  critical  data  and  systems  against  the  ever-­‐evolving  threat  and  regulatory   landscape.  Our  training  program  provides  custom  security  presentations  and  briefings  tailored  to  your   unique  business  operating  environment  and  requirements.       Our  Security  Training  Services  include:   Ø Executive  Information  Security  Briefings               Ø Security  Program  Management  Training   Ø Risk  Management  Training   Ø End  User  Security  Awareness  Training   Ø HIPAA  Compliance  Training   Ø PCI-­‐DSS  Compliance  Training   Ø FISMA  Compliance  Training   Ø Security  Professional  Development     MCGlobalTech  Security  Management  Service  Delivery  Model   Using  our  proven  four-­‐phased  service  delivery  model:  assessment,  planning,  implementation,  and   monitoring  (APIM),  we  provide  full  EISM  life-­‐cycle  support  for  your  organization.  We  help  you  develop,   implement,  maintain,  and  improve  a  security  program  tailored  to  the  specific  needs  of  your  organization.       Our  model  is  flexible  and  customizable  to  meet  your  organization’s  unique  security  program   management  needs.  Working  with  your  executive  leadership  team  allows  us  to  help  you  guide   investments  in  IT  and  security  to  more  closely  align  with  business  and  mission  goals  and  priorities  while   increasing  ROI  and  decreasing  business  risk.  We  do  not  simply  focus  on  point  solutions  and  services  that   may  simply  address  immediate  challenges.  By  working  at  the  management  and  programmatic  levels  of  an   organization,  we  are  able  to  identify  weaknesses  in  IT  infrastructure  and  security  management  that  are   the  root  cause  to  many  of  the  more  common  IT  and  security  problems  such  as  service  outages,  failed   technology  investments,  data  breaches  and  regulatory,  compliance  penalties.                
Mission Critical Global Technology Group E: Info@mcglobaltech.com T: 202-355-9448 www.mcglobaltech.com 9               Each  phase  of  the  EISM  Service  Delivery  Model  is  designed  around  your  specific  organizational  goals,   challenges  and  culture.  As  your  strategic  security  advisors,  MCGlobalTech  partners  with  you  every  step  of   the  way.   Phase  1:  Assessment   Our  engagements  typically  begin  with  a  full  assessment  of  the   organization’s  information  security  program  and/or  IT   infrastructure  management.    This  includes  a  review  of  your   policies,  processes,  procedures,  required  standards,  people  and   technologies.  We  assess  your  information  security,  IT   infrastructure  and  compliance  risk.  Following  each  assessment                        engagement,  we  provide  you  with  a  detailed  gap  analysis  that                          documents  areas  of  weaknesses  and  recommendations  for                            remediation.         APIM
Mission Critical Global Technology Group E: Info@mcglobaltech.com T: 202-355-9448 www.mcglobaltech.com 10 Phase  2:  Planning   The  planning  phase  is  especially  crucial  to  the  success  of  initiatives   involving  integrating  new  procedures,  technologies  or  operational   processes  into  your  environment.  Many  IT  and  security  initiatives   fail  due  to  a  lack  of  proper  planning  that  takes  into  consideration   organization  culture,  capabilities  and  operational  realities.  We  work   with  all  stakeholders  across  your  organization  to  create  an  efficient,   operationally  feasible  and  priorities-­‐driven  remediation  and                      improvement  plan  of  action  based  of  the  results  of  the  assessment                      and  leadership  prioritization.   Phase  3:  Implementation   During  this  phase,  we  manage  the  successful  implementation  of   your  approved  plan  of  action  to  improve  and  mature  your   organization’s  compliance  readiness,  enterprise  security  program,   and  IT  infrastructure  management.  We  help  develop  appropriate   policies,  effective  procedures  and  practices,  staff  and  management   training  and  expertise  and  capability  augmentation.  Leveraging  our   strategic  partnership  network,  we  help  drive  and  manage  new   technology  integration  and  infrastructure  migration.  We  help  you                    implement  business  focused,  cost-­‐effective  mitigation  strategies  for                              risks  identified  during  the  assessment  engagement.   Phase  4:  Monitor   Our  Continuous  Monitoring  phase  includes  an  on-­‐going   combination  of  performance  monitoring,  security  assessments,   awareness  training,  metrics  reporting,  and  executive  advisory   services.  We  partner  with  your  organization’s  leadership  to  ensure   continuous  improvement  of  IT  infrastructure  and  security   management.  We  help  you  ensure  that  mission  critical  decisions   regarding  your  IT  and  security  are  aligned  with  your  organizational   strategic  goals.     Improving  Your  Security  Program  Reduces  Risks  to  Your  Organization     A  mature  security  program  will  help  your  organization  maintain  focus  and  mitigate  organization-­‐wide   risk  associated  with  information  security.  It  will  also  help  your  organization  identify  and  comply  with   government  regulations,  industry  standards,  and  best  practices  associated  with  your  business,  its   creditability,  and  any  data  or  electronic  assets  it  has  guardianship  over.  Your  security  program  will   enable  you  to  meet  the  security  requirements  of  your  clients  and  your  customers,  contractual  obligations,   while  mitigating  the  risk  of  adverse  legal  action  being  levied  against  you  or  your  organization.  This  is   paramount  for  protecting  your  organization’s  most  important  IT  infrastructure,  data,  brand,  and   reputation.       Contact  MCGlobalTech  today  at  info@mcglobaltech.com  for  a  free  EISM  Quick  Assessment  to  give  you  a  high  level  view  of  how   well  your  organization  manages  security  risks  and  implements  the  critical  components  of  a  security  program.    

Recommended

Information Security Awareness for everyone
Information Security Awareness for everyoneInformation Security Awareness for everyone
Information Security Awareness for everyone
Yasir Nafees
 
Atos - Trusted Partner for your Digital Journey
Atos - Trusted Partner for your Digital Journey Atos - Trusted Partner for your Digital Journey
Atos - Trusted Partner for your Digital Journey
Atos Benelux and the Nordics
 
Digital Transformation Review 10
Digital Transformation Review 10Digital Transformation Review 10
Digital Transformation Review 10
Capgemini
 
Accenture Security Services: Defending and empowering the resilient digital b...
Accenture Security Services: Defending and empowering the resilient digital b...Accenture Security Services: Defending and empowering the resilient digital b...
Accenture Security Services: Defending and empowering the resilient digital b...
Accenture Technology
 
Insights into cyber security and risk
Insights into cyber security and riskInsights into cyber security and risk
Insights into cyber security and riskEY
 
Business Relationship Management and the Service Desk
Business Relationship Management and the Service DeskBusiness Relationship Management and the Service Desk
Business Relationship Management and the Service Desk
Tata Consultancy Services
 
Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee Training
Paige Rasid
 
resilient_training_labs v12 copy.pptx
resilient_training_labs v12 copy.pptxresilient_training_labs v12 copy.pptx
resilient_training_labs v12 copy.pptx
modathernady
 

Recommended

Information Security Awareness for everyone
Information Security Awareness for everyoneInformation Security Awareness for everyone
Information Security Awareness for everyone
Yasir Nafees
 
Atos - Trusted Partner for your Digital Journey
Atos - Trusted Partner for your Digital Journey Atos - Trusted Partner for your Digital Journey
Atos - Trusted Partner for your Digital Journey
Atos Benelux and the Nordics
 
Digital Transformation Review 10
Digital Transformation Review 10Digital Transformation Review 10
Digital Transformation Review 10
Capgemini
 
Accenture Security Services: Defending and empowering the resilient digital b...
Accenture Security Services: Defending and empowering the resilient digital b...Accenture Security Services: Defending and empowering the resilient digital b...
Accenture Security Services: Defending and empowering the resilient digital b...
Accenture Technology
 
Insights into cyber security and risk
Insights into cyber security and riskInsights into cyber security and risk
Insights into cyber security and riskEY
 
Business Relationship Management and the Service Desk
Business Relationship Management and the Service DeskBusiness Relationship Management and the Service Desk
Business Relationship Management and the Service Desk
Tata Consultancy Services
 
Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee Training
Paige Rasid
 
resilient_training_labs v12 copy.pptx
resilient_training_labs v12 copy.pptxresilient_training_labs v12 copy.pptx
resilient_training_labs v12 copy.pptx
modathernady
 
Cybersecurity at a premium: The state of cyber resilience in insurance
Cybersecurity at a premium: The state of cyber resilience in insuranceCybersecurity at a premium: The state of cyber resilience in insurance
Cybersecurity at a premium: The state of cyber resilience in insurance
accenture
 
General Awareness On Cyber Security
General Awareness On Cyber SecurityGeneral Awareness On Cyber Security
General Awareness On Cyber Security
Dominic Rajesh
 
Cybersecurity & Project Management
Cybersecurity & Project ManagementCybersecurity & Project Management
Cybersecurity & Project Management
Fernando Montenegro
 
Top mobile app development company - Mindinventory
Top mobile app development company - MindinventoryTop mobile app development company - Mindinventory
Top mobile app development company - Mindinventory
MindInventory
 
Upgrade Your SOC with Cortex XSOAR & Elastic SIEM
Upgrade Your SOC with Cortex XSOAR & Elastic SIEMUpgrade Your SOC with Cortex XSOAR & Elastic SIEM
Upgrade Your SOC with Cortex XSOAR & Elastic SIEM
Elasticsearch
 
Pavlo Radchuk - OWASP SAMM: Understanding Agile in Security
Pavlo Radchuk - OWASP SAMM: Understanding Agile in SecurityPavlo Radchuk - OWASP SAMM: Understanding Agile in Security
Pavlo Radchuk - OWASP SAMM: Understanding Agile in Security
OWASP Kyiv
 
From Cybersecurity to Cyber Resilience
From Cybersecurity to Cyber ResilienceFrom Cybersecurity to Cyber Resilience
From Cybersecurity to Cyber Resilience
accenture
 
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
David Menken
 
IT Sicherheitsgesetz 2.0
IT Sicherheitsgesetz 2.0 IT Sicherheitsgesetz 2.0
IT Sicherheitsgesetz 2.0
Splunk
 
Office 365 Sales Presentation
Office 365 Sales PresentationOffice 365 Sales Presentation
Office 365 Sales Presentation
Thomas Perdana
 
Understanding ransomware
Understanding ransomwareUnderstanding ransomware
Understanding ransomware
Prathan Phongthiproek
 
Cybersecurity tips for employees
Cybersecurity tips for employeesCybersecurity tips for employees
Cybersecurity tips for employees
Priscila Bernardes
 
Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness TrainingRandy Bowman
 
Company profile
Company profileCompany profile
Company profile
Maxim Shvidkiy
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Program
davidcurriecia
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionals
Krishna Srikanth Manda
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations center
CMR WORLD TECH
 
Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness
Net at Work
 
Accenture Program Project and Service Management
Accenture Program Project and Service ManagementAccenture Program Project and Service Management
Accenture Program Project and Service Management
Accenture Technology
 
Basic Security Training for End Users
Basic Security Training for End UsersBasic Security Training for End Users
Basic Security Training for End Users
Community IT Innovators
 
MCGlobalTech Service Presentation
MCGlobalTech Service PresentationMCGlobalTech Service Presentation
MCGlobalTech Service Presentation
William McBorrough
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service Presentation
William McBorrough
 

More Related Content

What's hot

Cybersecurity at a premium: The state of cyber resilience in insurance
Cybersecurity at a premium: The state of cyber resilience in insuranceCybersecurity at a premium: The state of cyber resilience in insurance
Cybersecurity at a premium: The state of cyber resilience in insurance
accenture
 
General Awareness On Cyber Security
General Awareness On Cyber SecurityGeneral Awareness On Cyber Security
General Awareness On Cyber Security
Dominic Rajesh
 
Cybersecurity & Project Management
Cybersecurity & Project ManagementCybersecurity & Project Management
Cybersecurity & Project Management
Fernando Montenegro
 
Top mobile app development company - Mindinventory
Top mobile app development company - MindinventoryTop mobile app development company - Mindinventory
Top mobile app development company - Mindinventory
MindInventory
 
Upgrade Your SOC with Cortex XSOAR & Elastic SIEM
Upgrade Your SOC with Cortex XSOAR & Elastic SIEMUpgrade Your SOC with Cortex XSOAR & Elastic SIEM
Upgrade Your SOC with Cortex XSOAR & Elastic SIEM
Elasticsearch
 
Pavlo Radchuk - OWASP SAMM: Understanding Agile in Security
Pavlo Radchuk - OWASP SAMM: Understanding Agile in SecurityPavlo Radchuk - OWASP SAMM: Understanding Agile in Security
Pavlo Radchuk - OWASP SAMM: Understanding Agile in Security
OWASP Kyiv
 
From Cybersecurity to Cyber Resilience
From Cybersecurity to Cyber ResilienceFrom Cybersecurity to Cyber Resilience
From Cybersecurity to Cyber Resilience
accenture
 
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
David Menken
 
IT Sicherheitsgesetz 2.0
IT Sicherheitsgesetz 2.0 IT Sicherheitsgesetz 2.0
IT Sicherheitsgesetz 2.0
Splunk
 
Office 365 Sales Presentation
Office 365 Sales PresentationOffice 365 Sales Presentation
Office 365 Sales Presentation
Thomas Perdana
 
Understanding ransomware
Understanding ransomwareUnderstanding ransomware
Understanding ransomware
Prathan Phongthiproek
 
Cybersecurity tips for employees
Cybersecurity tips for employeesCybersecurity tips for employees
Cybersecurity tips for employees
Priscila Bernardes
 
Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness TrainingRandy Bowman
 
Company profile
Company profileCompany profile
Company profile
Maxim Shvidkiy
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Program
davidcurriecia
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionals
Krishna Srikanth Manda
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations center
CMR WORLD TECH
 
Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness
Net at Work
 
Accenture Program Project and Service Management
Accenture Program Project and Service ManagementAccenture Program Project and Service Management
Accenture Program Project and Service Management
Accenture Technology
 
Basic Security Training for End Users
Basic Security Training for End UsersBasic Security Training for End Users
Basic Security Training for End Users
Community IT Innovators
 

What's hot (20)

Cybersecurity at a premium: The state of cyber resilience in insurance
Cybersecurity at a premium: The state of cyber resilience in insuranceCybersecurity at a premium: The state of cyber resilience in insurance
Cybersecurity at a premium: The state of cyber resilience in insurance
 
General Awareness On Cyber Security
General Awareness On Cyber SecurityGeneral Awareness On Cyber Security
General Awareness On Cyber Security
 
Cybersecurity & Project Management
Cybersecurity & Project ManagementCybersecurity & Project Management
Cybersecurity & Project Management
 
Top mobile app development company - Mindinventory
Top mobile app development company - MindinventoryTop mobile app development company - Mindinventory
Top mobile app development company - Mindinventory
 
Upgrade Your SOC with Cortex XSOAR & Elastic SIEM
Upgrade Your SOC with Cortex XSOAR & Elastic SIEMUpgrade Your SOC with Cortex XSOAR & Elastic SIEM
Upgrade Your SOC with Cortex XSOAR & Elastic SIEM
 
Pavlo Radchuk - OWASP SAMM: Understanding Agile in Security
Pavlo Radchuk - OWASP SAMM: Understanding Agile in SecurityPavlo Radchuk - OWASP SAMM: Understanding Agile in Security
Pavlo Radchuk - OWASP SAMM: Understanding Agile in Security
 
From Cybersecurity to Cyber Resilience
From Cybersecurity to Cyber ResilienceFrom Cybersecurity to Cyber Resilience
From Cybersecurity to Cyber Resilience
 
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
 
IT Sicherheitsgesetz 2.0
IT Sicherheitsgesetz 2.0 IT Sicherheitsgesetz 2.0
IT Sicherheitsgesetz 2.0
 
Office 365 Sales Presentation
Office 365 Sales PresentationOffice 365 Sales Presentation
Office 365 Sales Presentation
 
Understanding ransomware
Understanding ransomwareUnderstanding ransomware
Understanding ransomware
 
Cybersecurity tips for employees
Cybersecurity tips for employeesCybersecurity tips for employees
Cybersecurity tips for employees
 
Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness Training
 
Company profile
Company profileCompany profile
Company profile
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Program
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionals
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations center
 
Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness
 
Accenture Program Project and Service Management
Accenture Program Project and Service ManagementAccenture Program Project and Service Management
Accenture Program Project and Service Management
 
Basic Security Training for End Users
Basic Security Training for End UsersBasic Security Training for End Users
Basic Security Training for End Users
 

Similar to MCGlobalTech Commercial Cybersecurity Capability Statement

MCGlobalTech Service Presentation
MCGlobalTech Service PresentationMCGlobalTech Service Presentation
MCGlobalTech Service Presentation
William McBorrough
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service Presentation
William McBorrough
 
eCrime-report-2011-accessible
eCrime-report-2011-accessibleeCrime-report-2011-accessible
eCrime-report-2011-accessibleCharmaine Servado
 
Small Business Playbook for Security and Compliance Success.pdf
Small Business Playbook for Security and Compliance Success.pdfSmall Business Playbook for Security and Compliance Success.pdf
Small Business Playbook for Security and Compliance Success.pdf
elizabethrdusek
 
Small Business Playbook for Security and Compliance Success.pptx
Small Business Playbook for Security and Compliance Success.pptxSmall Business Playbook for Security and Compliance Success.pptx
Small Business Playbook for Security and Compliance Success.pptx
elizabethrdusek
 
Cyber risk management-white-paper-v8 (2) 2015
Cyber risk management-white-paper-v8 (2) 2015Cyber risk management-white-paper-v8 (2) 2015
Cyber risk management-white-paper-v8 (2) 2015
Accounting_Whitepapers
 
The 10 most promising enterprise security solution providers 2019
The 10 most promising enterprise security solution providers 2019The 10 most promising enterprise security solution providers 2019
The 10 most promising enterprise security solution providers 2019
Insights success media and technology pvt ltd
 
managed-security-for-a-not-so-secure-world-wp090991
managed-security-for-a-not-so-secure-world-wp090991managed-security-for-a-not-so-secure-world-wp090991
managed-security-for-a-not-so-secure-world-wp090991Jim Romeo
 
Strategic Insights on IT & Cyber Risk Assessments.pdf
Strategic Insights on IT & Cyber Risk Assessments.pdfStrategic Insights on IT & Cyber Risk Assessments.pdf
Strategic Insights on IT & Cyber Risk Assessments.pdf
lilabroughton259
 
Integrating-Cyber-Security-for-Increased-Effectiveness
Integrating-Cyber-Security-for-Increased-EffectivenessIntegrating-Cyber-Security-for-Increased-Effectiveness
Integrating-Cyber-Security-for-Increased-EffectivenessAyham Kochaji
 
CyberM3 Business Enablement: Cybersecurity That Empowers Your Business with C...
CyberM3 Business Enablement: Cybersecurity That Empowers Your Business with C...CyberM3 Business Enablement: Cybersecurity That Empowers Your Business with C...
CyberM3 Business Enablement: Cybersecurity That Empowers Your Business with C...
Booz Allen Hamilton
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
Anil
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
Anil
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementDaren Dunkel
 
Cybersecurity through the Deloitte lens
Cybersecurity through the Deloitte lensCybersecurity through the Deloitte lens
Cybersecurity through the Deloitte lens
aakash malhotra
 
4 Key Benefits of Managed IT Security Services – Devlabs Global
4 Key Benefits of Managed IT Security Services – Devlabs Global4 Key Benefits of Managed IT Security Services – Devlabs Global
4 Key Benefits of Managed IT Security Services – Devlabs Global
DevLabs Global
 
BBOX Business Risk
BBOX Business RiskBBOX Business Risk
BBOX Business RiskBrad Foster
 
Protecting the Core of Your Network
Protecting the Core of Your Network Protecting the Core of Your Network
Protecting the Core of Your Network
Mighty Guides, Inc.
 
security-team-guide-reducing-operational-risk.pdf
security-team-guide-reducing-operational-risk.pdfsecurity-team-guide-reducing-operational-risk.pdf
security-team-guide-reducing-operational-risk.pdf
gokuforhelp
 
Meraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless worldMeraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless worldnooralmousa
 

Similar to MCGlobalTech Commercial Cybersecurity Capability Statement (20)

MCGlobalTech Service Presentation
MCGlobalTech Service PresentationMCGlobalTech Service Presentation
MCGlobalTech Service Presentation
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service Presentation
 
eCrime-report-2011-accessible
eCrime-report-2011-accessibleeCrime-report-2011-accessible
eCrime-report-2011-accessible
 
Small Business Playbook for Security and Compliance Success.pdf
Small Business Playbook for Security and Compliance Success.pdfSmall Business Playbook for Security and Compliance Success.pdf
Small Business Playbook for Security and Compliance Success.pdf
 
Small Business Playbook for Security and Compliance Success.pptx
Small Business Playbook for Security and Compliance Success.pptxSmall Business Playbook for Security and Compliance Success.pptx
Small Business Playbook for Security and Compliance Success.pptx
 
Cyber risk management-white-paper-v8 (2) 2015
Cyber risk management-white-paper-v8 (2) 2015Cyber risk management-white-paper-v8 (2) 2015
Cyber risk management-white-paper-v8 (2) 2015
 
The 10 most promising enterprise security solution providers 2019
The 10 most promising enterprise security solution providers 2019The 10 most promising enterprise security solution providers 2019
The 10 most promising enterprise security solution providers 2019
 
managed-security-for-a-not-so-secure-world-wp090991
managed-security-for-a-not-so-secure-world-wp090991managed-security-for-a-not-so-secure-world-wp090991
managed-security-for-a-not-so-secure-world-wp090991
 
Strategic Insights on IT & Cyber Risk Assessments.pdf
Strategic Insights on IT & Cyber Risk Assessments.pdfStrategic Insights on IT & Cyber Risk Assessments.pdf
Strategic Insights on IT & Cyber Risk Assessments.pdf
 
Integrating-Cyber-Security-for-Increased-Effectiveness
Integrating-Cyber-Security-for-Increased-EffectivenessIntegrating-Cyber-Security-for-Increased-Effectiveness
Integrating-Cyber-Security-for-Increased-Effectiveness
 
CyberM3 Business Enablement: Cybersecurity That Empowers Your Business with C...
CyberM3 Business Enablement: Cybersecurity That Empowers Your Business with C...CyberM3 Business Enablement: Cybersecurity That Empowers Your Business with C...
CyberM3 Business Enablement: Cybersecurity That Empowers Your Business with C...
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk Management
 
Cybersecurity through the Deloitte lens
Cybersecurity through the Deloitte lensCybersecurity through the Deloitte lens
Cybersecurity through the Deloitte lens
 
4 Key Benefits of Managed IT Security Services – Devlabs Global
4 Key Benefits of Managed IT Security Services – Devlabs Global4 Key Benefits of Managed IT Security Services – Devlabs Global
4 Key Benefits of Managed IT Security Services – Devlabs Global
 
BBOX Business Risk
BBOX Business RiskBBOX Business Risk
BBOX Business Risk
 
Protecting the Core of Your Network
Protecting the Core of Your Network Protecting the Core of Your Network
Protecting the Core of Your Network
 
security-team-guide-reducing-operational-risk.pdf
security-team-guide-reducing-operational-risk.pdfsecurity-team-guide-reducing-operational-risk.pdf
security-team-guide-reducing-operational-risk.pdf
 
Meraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless worldMeraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless world
 

More from William McBorrough

MCGlobalTech CMMC Managed Compliance Service
MCGlobalTech CMMC Managed Compliance ServiceMCGlobalTech CMMC Managed Compliance Service
MCGlobalTech CMMC Managed Compliance Service
William McBorrough
 
MCGlobalTech Managed Security Compliance Program
MCGlobalTech Managed Security Compliance ProgramMCGlobalTech Managed Security Compliance Program
MCGlobalTech Managed Security Compliance Program
William McBorrough
 
MCGlobalTech Cyber Capability Statement
MCGlobalTech Cyber Capability Statement MCGlobalTech Cyber Capability Statement
MCGlobalTech Cyber Capability Statement
William McBorrough
 
Cybersecurity Career Information by Next Gen Cyber
Cybersecurity Career Information by Next Gen CyberCybersecurity Career Information by Next Gen Cyber
Cybersecurity Career Information by Next Gen Cyber
William McBorrough
 
Improving Cyber Readiness with the NIST Cybersecurity Framework
Improving Cyber Readiness with the NIST Cybersecurity FrameworkImproving Cyber Readiness with the NIST Cybersecurity Framework
Improving Cyber Readiness with the NIST Cybersecurity Framework
William McBorrough
 
MCG Cybersecurity Webinar Series - Risk Management
MCG Cybersecurity Webinar Series - Risk ManagementMCG Cybersecurity Webinar Series - Risk Management
MCG Cybersecurity Webinar Series - Risk Management
William McBorrough
 
MCG Cybersecurity Webinar Series - Risk Management
MCG Cybersecurity Webinar Series - Risk ManagementMCG Cybersecurity Webinar Series - Risk Management
MCG Cybersecurity Webinar Series - Risk Management
William McBorrough
 
MCGlobalTech Enterprise Risk Management Program
MCGlobalTech Enterprise Risk Management ProgramMCGlobalTech Enterprise Risk Management Program
MCGlobalTech Enterprise Risk Management Program
William McBorrough
 
MCGlobalTech Cyber Capability Statement_Final
MCGlobalTech Cyber Capability Statement_FinalMCGlobalTech Cyber Capability Statement_Final
MCGlobalTech Cyber Capability Statement_FinalWilliam McBorrough
 
Information Security Continuous Monitoring within a Risk Management Framework
Information Security Continuous Monitoring within a Risk Management FrameworkInformation Security Continuous Monitoring within a Risk Management Framework
Information Security Continuous Monitoring within a Risk Management Framework
William McBorrough
 
MCGlobalTech Capability Statement
MCGlobalTech Capability StatementMCGlobalTech Capability Statement
MCGlobalTech Capability Statement
William McBorrough
 
Managing Security Risks in Manufacturing
Managing Security Risks in ManufacturingManaging Security Risks in Manufacturing
Managing Security Risks in Manufacturing
William McBorrough
 
Cyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial IndustryCyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial Industry
William McBorrough
 
Protecting Customer Confidential Information
Protecting Customer Confidential InformationProtecting Customer Confidential Information
Protecting Customer Confidential Information
William McBorrough
 
Need for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure ProtectionNeed for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure Protection
William McBorrough
 
Need for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure ProtectionNeed for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure Protection
William McBorrough
 
No National 'Stand Your Cyberground' Law Please
No National 'Stand Your Cyberground' Law PleaseNo National 'Stand Your Cyberground' Law Please
No National 'Stand Your Cyberground' Law Please
William McBorrough
 
FCC Report on Google Street View Wi-Fi Data Snooping
FCC Report on Google Street View Wi-Fi Data SnoopingFCC Report on Google Street View Wi-Fi Data Snooping
FCC Report on Google Street View Wi-Fi Data Snooping
William McBorrough
 
Cloud Computing - Security Benefits and Risks
Cloud Computing - Security Benefits and RisksCloud Computing - Security Benefits and Risks
Cloud Computing - Security Benefits and Risks
William McBorrough
 

More from William McBorrough (20)

MCGlobalTech CMMC Managed Compliance Service
MCGlobalTech CMMC Managed Compliance ServiceMCGlobalTech CMMC Managed Compliance Service
MCGlobalTech CMMC Managed Compliance Service
 
MCGlobalTech Managed Security Compliance Program
MCGlobalTech Managed Security Compliance ProgramMCGlobalTech Managed Security Compliance Program
MCGlobalTech Managed Security Compliance Program
 
MCGlobalTech Cyber Capability Statement
MCGlobalTech Cyber Capability Statement MCGlobalTech Cyber Capability Statement
MCGlobalTech Cyber Capability Statement
 
Cybersecurity Career Information by Next Gen Cyber
Cybersecurity Career Information by Next Gen CyberCybersecurity Career Information by Next Gen Cyber
Cybersecurity Career Information by Next Gen Cyber
 
Improving Cyber Readiness with the NIST Cybersecurity Framework
Improving Cyber Readiness with the NIST Cybersecurity FrameworkImproving Cyber Readiness with the NIST Cybersecurity Framework
Improving Cyber Readiness with the NIST Cybersecurity Framework
 
MCG Cybersecurity Webinar Series - Risk Management
MCG Cybersecurity Webinar Series - Risk ManagementMCG Cybersecurity Webinar Series - Risk Management
MCG Cybersecurity Webinar Series - Risk Management
 
MCG Cybersecurity Webinar Series - Risk Management
MCG Cybersecurity Webinar Series - Risk ManagementMCG Cybersecurity Webinar Series - Risk Management
MCG Cybersecurity Webinar Series - Risk Management
 
MCGlobalTech Enterprise Risk Management Program
MCGlobalTech Enterprise Risk Management ProgramMCGlobalTech Enterprise Risk Management Program
MCGlobalTech Enterprise Risk Management Program
 
MCGlobalTech Cyber Capability Statement_Final
MCGlobalTech Cyber Capability Statement_FinalMCGlobalTech Cyber Capability Statement_Final
MCGlobalTech Cyber Capability Statement_Final
 
MCG_OnePageBrochure_Final
MCG_OnePageBrochure_FinalMCG_OnePageBrochure_Final
MCG_OnePageBrochure_Final
 
Information Security Continuous Monitoring within a Risk Management Framework
Information Security Continuous Monitoring within a Risk Management FrameworkInformation Security Continuous Monitoring within a Risk Management Framework
Information Security Continuous Monitoring within a Risk Management Framework
 
MCGlobalTech Capability Statement
MCGlobalTech Capability StatementMCGlobalTech Capability Statement
MCGlobalTech Capability Statement
 
Managing Security Risks in Manufacturing
Managing Security Risks in ManufacturingManaging Security Risks in Manufacturing
Managing Security Risks in Manufacturing
 
Cyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial IndustryCyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial Industry
 
Protecting Customer Confidential Information
Protecting Customer Confidential InformationProtecting Customer Confidential Information
Protecting Customer Confidential Information
 
Need for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure ProtectionNeed for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure Protection
 
Need for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure ProtectionNeed for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure Protection
 
No National 'Stand Your Cyberground' Law Please
No National 'Stand Your Cyberground' Law PleaseNo National 'Stand Your Cyberground' Law Please
No National 'Stand Your Cyberground' Law Please
 
FCC Report on Google Street View Wi-Fi Data Snooping
FCC Report on Google Street View Wi-Fi Data SnoopingFCC Report on Google Street View Wi-Fi Data Snooping
FCC Report on Google Street View Wi-Fi Data Snooping
 
Cloud Computing - Security Benefits and Risks
Cloud Computing - Security Benefits and RisksCloud Computing - Security Benefits and Risks
Cloud Computing - Security Benefits and Risks
 

MCGlobalTech Commercial Cybersecurity Capability Statement

  • 1.     M C G l o b a l T e c h 1 3 2 5   G   S t r e e t ,   N W   S u i t e   5 0 0   W a s h i n g t o n ,   D . C .   2 0 0 0 5   P h o n e :   2 0 2 . 3 5 5 . 9 4 4 8 E m a i l :   i n f o @ m c g l o b a l t e c h . c o m   w w w . m c g l o b a l t e c h . c o m     An organized, enterprise-wide approach to managing your security risks that allows you to prioritize your security efforts and maximize your return on security investment. Mission Critical Global Technology Group Enterprise Information Security Management For Commercial Businesses
  • 2. Mission Critical Global Technology Group E: Info@mcglobaltech.com T: 202-355-9448 www.mcglobaltech.com 1 About  MCGlobalTech     Mission  Critical  Global  Technology  Group  (MCGlobalTech)  is  an  Information  Security  and  IT   Infrastructure  Management  Consulting  firm  founded  by  industry  leaders  who  combine  decades  of   experience  in  industries  such  as  finance,  health  care,  manufacturing,  insurance,  education,  federal,  state,   and  local  government  agencies.      The  Principals  at  MCGlobalTech  have  provided  Information  Security   services  to  private  sector  industries,  state,  and  federal  government  agencies  for  over  25  years.     MCGlobalTech  provides  security  services  and  solutions  to  solve  a  myriad  of  complex  security  challenges   facing  our  clients.    Through  our  corporate  and  personal  work  experiences  and  the  extensive  experience  of   our  partners,  MCGlobalTech  delivers  leading  edge,  cost-­‐effective  security  solutions  to  meet  any   budgetary  requirements.     Our  mission  is  to  be  a  trusted  provider  of  information  technology  services  and  solutions  with  core   competencies  in  cybersecurity,  information  assurance,  security  engineering,  risk  management,  and   security  program  and  project  management.    Our  proven  methodologies  and  scalable  solutions  help  our   clients  achieve  maximum  return  on  their  investment.     At  MCGlobalTech,  we  believe  that  strong  values  create  long-­‐term  relationships  with  our  customers,   employees,  partners,  and  the  communities  we  serve.    At  the  heart  of  everything  we  do,  our  corporate   values  are:     • Providing  customer  satisfaction     • Delivering  innovative  solutions   • Empowering  staff  for  success   • Maintaining  technical  excellence   MCGlobalTech  consultants  provide  a  number   of  innovative  services  and  solutions  to   produce  a  comprehensive  risk  based   protection  strategy  to  protect  our  client’s  data   and  mission  critical  systems.    By  partnering   with  MCGlobalTech,  you  can  be  assured  of  a   tailored  security  program  that  fits  your   unique  business  requirements  instead  of  a   cookie  cutter  –  canned   solution.    MCGlobalTech  also  partners  with   other  service  providers  such  as  industry-­‐   focused  corporations,  technology  vendors  and  security  organizations  to  enhance  and  balance  our   portfolio  of  services.   MCGLOBALTECH Staff   Skills   Success  
  • 3. Mission Critical Global Technology Group E: Info@mcglobaltech.com T: 202-355-9448 www.mcglobaltech.com 2   Protecting  Your  Business  With  A  Better  Security  Program       Why  You  Need  a  Security  Program   News  reports  of  major  security  breaches  across  government  and  commercial  industries  are  a  constant   reminder  of  the  threats  facing  organizations  large  and  small.  As  business  leaders,  you  must  ensure  your   organization's  assets  are  adequately  protected  against  internal  threats  such  as  disgruntled  employees   and  external  threats  such  as  hackers  and  malicious  software.  These  assets  include  your  mission  critical   data,  the  systems  used  to  store,  process,  and  transport  information  and  the  employees  that  utilize  and   depend  on  these  systems.  To  do  this  in  a  cost-­‐effective,  efficient,  and  effective  proactive  manner,  you  need   a  strong  enterprise  information  security  management  program.  A  security  program  provides  the   framework  for  addressing  security  threats  and  establishing,  implementing,  and  maintaining  an   acceptable  level  of  risk  to  your  organization's  assets  and  operations  as  determined  by  executive   leadership.  There  is  no  “one  size  fits  all”  in  security.  The  scope,  scale,  and  complexity  of  your  security   program  must  be  driven  by  your  organization's  unique  business  and  security  needs  and  security   tolerance  level.  A  security  program  also  allows  you  to  examine  your  organization  holistically  and     • Identify,  classify,  and  categorize  your  assets  that  need  protecting   • Identify  and  evaluate  threats  to  those  assets   • Identify  and  assess  where  those  assets  are  vulnerable  to  evaluated  threats   • Manage  the  resulting  risks  to  those  assets  through  mitigation,  transference,  avoidance  and   acceptance               Current  State  of  Security  Management   The  reality  is  that  all  organizations  are  doing  something  with  respect  to  security.  However,  without  a   formal  security  program,  your  organization,  like  many  others,  will  continue  to  respond  to  network   intrusions,  data  breaches,  system  failures,  and  other  security  incidents  in  an  ad-­‐hoc  and  reactive  manner.   The  organization  will  be  positioned  to  respond  to  individual  incidents,  thereby  not  spending  unnecessary   time,  money,  and  other  resources  to  address  the  symptoms  rather  than  the  root  cause  which  is  usually   the  lack  of  an  enterprise-­‐wide  approach  to  “identifying  and  managing”  your  security  risks  that  allows  you   to  prioritize  your  security  investments  and  efforts.         Evaluate   Assess   Manage   Iden5fy  
  • 4. Mission Critical Global Technology Group E: Info@mcglobaltech.com T: 202-355-9448 www.mcglobaltech.com 3   The  Case  For  a  Holistic  Approach   According  to  HP’s  2015  Cyber  Threat  Report,  almost  half  of  companies  that  suffered  cyber  attacks  in   2014  were  the  results  of  unpatched  software  or  systems.    This  may  cause  an  affected  company  to  launch   an  aggressive  patching  initiative.  While  applying  security  patches  and  fixes  to  vulnerable  applications  and   servers  is  definitely  needed,  having  unpatched  systems  in  your  network  is  merely  a  symptom  of  a   systemic  problem  that  could  include  lack  of  proper  security  oversight,  policies,  procedures,  risk   management,  security  architecture,  employee  training  etc.,  all  of  which  if  properly  implemented  could   have  contributed  to  preventing  the  breach  and  resulting  cost  of  dealing  with  it.  Unless  all  of  those   elements  are  addressed,  your  organization  will  continue  to  ricochet  from  one  security  incident  to  the   next.  Security  vendors  and  service  providers  are  more  than  willing  to  sell  you  point  solutions  to  deal  with   any  subset  of  technical  security  challenges,  but  as  business  managers  across  industries  and  sectors  face   increasing  threats  and  decreasing  budgets,  you  can  ill-­‐afford  to  continue  down  that  path.     Factors  That  Affect  Your  Security  Program   In  addition  to  business  needs  and  drivers,  additional  factors  that  significantly  impact  your  organization’s   approach  to  security  and  privacy  are  laws,  regulations,  and  industry  standards.  These  include  Sarbanes-­‐ Oxley  Act  (SOX),  Gramm-­‐Leach-­‐Bliley  Act  (GLBA),  Health  Insurance  Portability  and  Accountability  Act   (HIPAA),  Federal  Information  Security  Management  Act  (FISMA),  Payment  Card  Industry  Data  Security   Standard  (PCI  DSS),  and  others,  depending  on  your  specific  industry.  An  Enterprise  Security  Program   takes  into  account  your  organization’s  compliance  requirements  and  protects  against  the  risks  of   penalties  and  fines  due  to  non-­‐compliance.     Security  Program  Standards  and  Best  Practices   The  International  Organization  for  Standardization  (ISO)  and  the  International  Electrotechnical   Commission  (IEC)  provides  recommendations  for  information  security  program  management  (ISO/IEC   27002).    Other  common  security  frameworks  include  National  Institute  of  Science  and  Technology   (NIST),  Control  Objectives  for  Information  and  Related  Technology  (COBIT),  Committee  of  Sponsoring   Organizations  of  the  Treadway  Commission  (COSO)  and  the  HiTRUST  Common  Security  Framework   (CSF).    Regardless  of  which  framework  you  employ,  it  must  be  tailored  to  fit  your  organization’s  business   model,  operations,  and  technology  environment.       Components  of  an  Enterprise  Information  Security  Management  Program   Regardless  of  industry  sector  or  organization  size,  there  are  five  components  that  are  the  foundation  of   any  security  program:       • Designated  Security  Leadership   Security  within  an  organization  is  everyone’s  responsibility.  However,  your  organization  must  designate   a  security  officer  or  manager  to  lead,  implement,  and  manage  the  security  program.  This  is  a  requirement  
  • 5. Mission Critical Global Technology Group E: Info@mcglobaltech.com T: 202-355-9448 www.mcglobaltech.com 4 for  most  security  regulations  and  standards,  with  some  requiring  that  this  role  be  at  the  executive   management  level.    Your  security  leader  should  have  the  authority  and  support  to  champion  the  cause  of   security  as  a  business  driver  and  enabler  from  the  boardroom  to  the  operations  floor.       • Security  Policy  Framework   Your  security  policy  documents  includes  your  organization’s  leadership  goals  for  managing  security  risk   and  protecting  the  organization  assets.  Your  policy  framework  also  includes  standards,  procedures,  and   guidelines  that  govern  the  implementation  of  the  security  program  across  all  business  units  and   functions.  The  policy  framework  should  be  reviewed  and  updated  periodically  to  ensure  it  keeps  pace   with  the  ever-­‐changing  regulatory  compliance  requirements,  business  operations,  and  technology   landscape.       • Risk  Management  Framework   Your  security  program  must  continuously  assess  threats  and  vulnerabilities  in  order  to  identify,  measure,   and  prioritize  risks  to  the  organization’s  assets  that  must  be  managed.    Periodic  enterprise  risk   assessments  must  be  performed  to  include  security  penetration  testing  of  security  procedures  and   controls  and  employee  security  awareness  and  practices.         • Security  Architecture  and  Operations   An  enterprise  security  architecture  enables  your  organization  to  implement  necessary  technology   infrastructure  that  maximizes  return  on  security  investments  (ROI)  and  minimizes  risk.  A  layered   approach  to  applying  security  controls  allows  you  to  protect  your  data,  applications,  systems  and   networks.  Security  event  monitoring  and  response  allows  your  organization  to  efficiently  detect  and   mitigate  security  incidents  that  lead  to  data  breaches,  system  downtime  and  network  intrusions.       • Security  Awareness  and  Training  Program   A  security  awareness  program  and  role-­‐based  security  training  are  essential  to  educating  your   employees  about  their  roles  and  responsibilities  in  helping  to  maintain  a  strong  security  posture.  Users   are  often  considered  the  “weakest  link”  in  an  organization’s  security  controls,  however,  users  that  are   trained  and  equipped  with  the  tools  needed  to  perform  their  duties  securely  are  your  first  line  of  defense   against  security  threats.          
  • 6. Mission Critical Global Technology Group E: Info@mcglobaltech.com T: 202-355-9448 www.mcglobaltech.com 5       MCGlobalTech  Enterprise  Information  Security  Management  Service   The  MCGlobalTech  Enterprise  Information  Security  Management  (EISM)  service  helps  protect   organizations  against  security  threats,  regulatory  non-­‐compliance,  and  financial  losses  through  the   effective  implementation  and/or  enhancement  of  the  five  components  of  an  effective  security  program  as   outlined  above.    Our  EISM  methodology  leverages  common  security  frameworks  including  ISO,  NIST,   COBIT,  and  COSO  to  measure  the  maturity  of  your  current  security  management  program.  This  includes  a   comprehensive  assessment  of  your  security  policies,  security  organization  structure,  asset  management,   personnel  security,  physical  and  environmental  security,  security  operations,  security  architecture,  and   technology,  business  continuity  preparedness,  and  security  compliance.       Security)Program)Components) Security)Awareness)and)Training)Program) (Educa9ng)Your)Employees))) Security)Architecture)and)Opera9ons) (Data,)Applica9ons,)Systems)and)Networks))) Risk)Management)Framework) (Iden9fy,)measure)and)priori9ze)risks))) Security)Officer)or)Manager) A)designated)security)officer)or)manager))) Security)Leader) Security)Policy)Framework) (Standards,)Procedures)and)Guidelines))) •  A)security)awareness) program)and)roleLbased) security)training)are) essen9al)to)educa9ng)your) employees)! •  Implement)necessary) technology)infrastructure) that)maximizes)ROI)and) minimizes)risk)) •  Applying)security)controls) to)protect)IT)environment) •  Security)event)monitoring) and)response)) •  Security)policy)documents) organiza9on’s)leadership) goals)for)managing)security) risk)and)protec9ng) organiza9onal)assets) Governance)Team) •  Your)security)program)must) con9nuously)assess)threats) and)vulnerabilities) •  Periodic)enterprise)risk) assessments)must)be) performed)to)include) security)penetra9on)tes9ng) of)security)procedures)and) controls)and)employee) security)awareness)and) prac9ces))! •  Lead,)implement)and) manage)the)security) program)) •  Requirement)for)most) security)regula9ons)and) standards) •  Authority)and)support)to) champion)IS)ini9a9ves))! •  Security)within)an) organiza9on)is)everyone’s) responsibility))
  • 7. Mission Critical Global Technology Group E: Info@mcglobaltech.com T: 202-355-9448 www.mcglobaltech.com 6 How  MCGlobalTech  Helps  You  Protect  Your  Business  Through  Better  Security   • Security  Leadership   The  most  effective  security  programs  are  focused  on  supporting  the  overall  business  goals  of  the   organization.  MCGlobalTech’s  Security  Management  Subject  Matter  Experts  bring  decades  of  expertise   leading  security  programs  and  initiatives  to  advise  and  support  your  leadership  team  to  better   understand  the  business  loss  potential  and  make  pragmatic  decisions  about  “how  to  invest”  in  making   security  improvements  or  fixes.           Our  Leadership  Advisory  Services  include:   Ø CISO/CIO  Advisory  Services   Ø Virtual  CISO  Support   Ø Enterprise  Information  Security  Program  Assessment   Ø Security  Leadership  Training     • Security  Governance   MCGlobalTech’s  Security  Governance  and  Compliance  Subject  Matter  Experts  protect  your  organization   from  the  risk  of  hefty  monetary  fines,  penalties,  negative  branding,  loss  of  public  confidence,  etc.  due  to   non-­‐compliance  with  the  complex  maze  of  federal,  state,  and  industry  regulations  affecting  your   organization.  We  help  you  create  the  necessary  framework  of  policies,  standards,  and  best  practices  that   ensure  your  business  and  IT  operations  meet  your  regulatory  requirements,  industry  standards,  best   practices,  and  promote  not  only  security  and  privacy,  but  efficiency  reflecting  your  organizational  goals,   mission,  and  commitment  to  security.   Our  Security  Governance  and  Compliance  Services  include:   Ø Enterprise  Security  Governance  Document  Development  and  Review   Ø Enterprise  Security  Policies  Framework  Development  and  Review   Ø Compliance  Readiness  Audits   Ø Operational  Governance  and  Compliance  Support     • Security  Risk  Management   MCGlobalTech’s  Security  Risk  Management  (SRM)  program  incorporates  industry  standards,  such  as   NIST  and  ISO  27001,  and  proven  best  practices  from  our  dozens  of  risk  assessment  engagements  to   effectively  address  both  technical  and  non-­‐technical  business  security  risks.  Our  SRM  program  provides   our  clients  with  a  means  to  enhance  systems  security  and  operational  performance  and  facilitate   informed  decision-­‐making.  The  SRM  program  is  a  metrics-­‐based  program  that  identifies,  quantifies,  and   analyzes  potential  risk  indicators  and  mitigation  performance  throughout  the  operational  life  cycle  in  an   iterative  approach  -­‐  before,  during,  and  after.  The  SRM  program’s  principal  goal  is  to  protect  the  client   and  its  ability  to  perform  its  mission,  not  just  its  IT  assets.  Additionally,  MCGlobalTech’s  SRM  program   coordinates  the  synchronization  of  potential  impairment  to  operations  with  effective  levels  of  security  
  • 8. Mission Critical Global Technology Group E: Info@mcglobaltech.com T: 202-355-9448 www.mcglobaltech.com 7 controls  and  mitigation  measures.  The  SRM  program  allows  for  developing  risk  management  policies,   ensuring  risk  policy  compliance,  monitoring  risk  mitigation  effectiveness,  and  prioritizing  and  managing   enterprise-­‐wide  security  risks  to  include  interdependencies  through  a  consolidated  risk  mitigation  plan   that  enables  effective  resource  utilization  (funding  and  time  sensitivity).     Our  Security  Risk  Management  Services  include:   Ø Risk  Management  Strategy  Development  and  Implementation   Ø Enterprise  Vulnerability  and  Risk  Assessments   Ø Technology  Infrastructure  Security  Assessments   Ø Vulnerability  Management  and  Penetration  Testing   Ø Continuous  Security  Monitoring     • Security  Architecture  and  Engineering   MCGlobalTech’s  Security  Architects  employ  proven  “defense-­‐in-­‐depth”  strategies  to  achieve  specific  risk-­‐ driven  security  objectives  across  the  IT  enterprise  through  the  implementation  of  technical  security   solutions.  Our  approach  integrates  security  controls  to  the  multiple  business  enterprise  layers  rather   than  a  vendor-­‐centric,  silo-­‐ed,  whack-­‐a-­‐mole  approach  to  address  individual  weaknesses  as  discovered.   These  security  objectives  are  determined  at  the  enterprise  level  as  part  of  an  overall  enterprise   architecture  framework.  A  subset  of  these  high  level  objectives  would  include:     Ø Authentication  –  Identifying  and  verifying  all  users  and  systems   Ø Segmentation  –  Separating  network  traffic,  systems,  and  data  according  to  risk   Ø Access  Control  –  Restricting  access  to  sensitive  systems  and  data     Ø Encryption  –  Protecting  confidentiality  of  data  and  communications   Ø Threat  Detection/Mitigation  –  Identifying  and  reacting  to  system  and  network  threats     To  achieve  these  objectives,  our  security  engineers  implement  best  of  breed  security  solutions  to  protect   client  business  data  and  the  systems  used  to  process,  store,  and  transport  them.  An  effective  layered   defensive  posture  requires  that  these  solutions  and  controls  be  implemented  at  the  Network,  Host,   Application,  and  Data  layers.     These  solutions  include:   Ø Packet  filtering  firewall  with  stateful  inspection   Ø Application  layer  firewalls  with  payload  inspection   Ø Proxy  servers/appliances   Ø Network  segmentation   Ø Network  and  Host  Intrusion  detection  and  prevention   Ø Network  and  Host  anti-­‐virus  detection   Ø Content  monitoring  and  filtering   Ø Mobile  device  management   Ø Privileged  identity  management  
  • 9. Mission Critical Global Technology Group E: Info@mcglobaltech.com T: 202-355-9448 www.mcglobaltech.com 8 Ø Patch  management   Ø Network,  System,  Application  least  privilege  access  controls   Ø Data  and  Network  encryption   Ø Data  integrity  monitoring  and  loss  prevention     • Security  Training  and  Awareness   MCGlobalTech  offers  information  security  and  compliance  training  to  business  leaders  and  staff  to  help   them  better  protect  their  critical  data  and  systems  against  the  ever-­‐evolving  threat  and  regulatory   landscape.  Our  training  program  provides  custom  security  presentations  and  briefings  tailored  to  your   unique  business  operating  environment  and  requirements.       Our  Security  Training  Services  include:   Ø Executive  Information  Security  Briefings               Ø Security  Program  Management  Training   Ø Risk  Management  Training   Ø End  User  Security  Awareness  Training   Ø HIPAA  Compliance  Training   Ø PCI-­‐DSS  Compliance  Training   Ø FISMA  Compliance  Training   Ø Security  Professional  Development     MCGlobalTech  Security  Management  Service  Delivery  Model   Using  our  proven  four-­‐phased  service  delivery  model:  assessment,  planning,  implementation,  and   monitoring  (APIM),  we  provide  full  EISM  life-­‐cycle  support  for  your  organization.  We  help  you  develop,   implement,  maintain,  and  improve  a  security  program  tailored  to  the  specific  needs  of  your  organization.       Our  model  is  flexible  and  customizable  to  meet  your  organization’s  unique  security  program   management  needs.  Working  with  your  executive  leadership  team  allows  us  to  help  you  guide   investments  in  IT  and  security  to  more  closely  align  with  business  and  mission  goals  and  priorities  while   increasing  ROI  and  decreasing  business  risk.  We  do  not  simply  focus  on  point  solutions  and  services  that   may  simply  address  immediate  challenges.  By  working  at  the  management  and  programmatic  levels  of  an   organization,  we  are  able  to  identify  weaknesses  in  IT  infrastructure  and  security  management  that  are   the  root  cause  to  many  of  the  more  common  IT  and  security  problems  such  as  service  outages,  failed   technology  investments,  data  breaches  and  regulatory,  compliance  penalties.                
  • 10. Mission Critical Global Technology Group E: Info@mcglobaltech.com T: 202-355-9448 www.mcglobaltech.com 9               Each  phase  of  the  EISM  Service  Delivery  Model  is  designed  around  your  specific  organizational  goals,   challenges  and  culture.  As  your  strategic  security  advisors,  MCGlobalTech  partners  with  you  every  step  of   the  way.   Phase  1:  Assessment   Our  engagements  typically  begin  with  a  full  assessment  of  the   organization’s  information  security  program  and/or  IT   infrastructure  management.    This  includes  a  review  of  your   policies,  processes,  procedures,  required  standards,  people  and   technologies.  We  assess  your  information  security,  IT   infrastructure  and  compliance  risk.  Following  each  assessment                        engagement,  we  provide  you  with  a  detailed  gap  analysis  that                          documents  areas  of  weaknesses  and  recommendations  for                            remediation.         APIM
  • 11. Mission Critical Global Technology Group E: Info@mcglobaltech.com T: 202-355-9448 www.mcglobaltech.com 10 Phase  2:  Planning   The  planning  phase  is  especially  crucial  to  the  success  of  initiatives   involving  integrating  new  procedures,  technologies  or  operational   processes  into  your  environment.  Many  IT  and  security  initiatives   fail  due  to  a  lack  of  proper  planning  that  takes  into  consideration   organization  culture,  capabilities  and  operational  realities.  We  work   with  all  stakeholders  across  your  organization  to  create  an  efficient,   operationally  feasible  and  priorities-­‐driven  remediation  and                      improvement  plan  of  action  based  of  the  results  of  the  assessment                      and  leadership  prioritization.   Phase  3:  Implementation   During  this  phase,  we  manage  the  successful  implementation  of   your  approved  plan  of  action  to  improve  and  mature  your   organization’s  compliance  readiness,  enterprise  security  program,   and  IT  infrastructure  management.  We  help  develop  appropriate   policies,  effective  procedures  and  practices,  staff  and  management   training  and  expertise  and  capability  augmentation.  Leveraging  our   strategic  partnership  network,  we  help  drive  and  manage  new   technology  integration  and  infrastructure  migration.  We  help  you                    implement  business  focused,  cost-­‐effective  mitigation  strategies  for                              risks  identified  during  the  assessment  engagement.   Phase  4:  Monitor   Our  Continuous  Monitoring  phase  includes  an  on-­‐going   combination  of  performance  monitoring,  security  assessments,   awareness  training,  metrics  reporting,  and  executive  advisory   services.  We  partner  with  your  organization’s  leadership  to  ensure   continuous  improvement  of  IT  infrastructure  and  security   management.  We  help  you  ensure  that  mission  critical  decisions   regarding  your  IT  and  security  are  aligned  with  your  organizational   strategic  goals.     Improving  Your  Security  Program  Reduces  Risks  to  Your  Organization     A  mature  security  program  will  help  your  organization  maintain  focus  and  mitigate  organization-­‐wide   risk  associated  with  information  security.  It  will  also  help  your  organization  identify  and  comply  with   government  regulations,  industry  standards,  and  best  practices  associated  with  your  business,  its   creditability,  and  any  data  or  electronic  assets  it  has  guardianship  over.  Your  security  program  will   enable  you  to  meet  the  security  requirements  of  your  clients  and  your  customers,  contractual  obligations,   while  mitigating  the  risk  of  adverse  legal  action  being  levied  against  you  or  your  organization.  This  is   paramount  for  protecting  your  organization’s  most  important  IT  infrastructure,  data,  brand,  and   reputation.       Contact  MCGlobalTech  today  at  info@mcglobaltech.com  for  a  free  EISM  Quick  Assessment  to  give  you  a  high  level  view  of  how   well  your  organization  manages  security  risks  and  implements  the  critical  components  of  a  security  program.