Mission Critical Global Technology Group (MCGlobalTech) is an information security and IT consulting firm that provides enterprise information security management services for commercial businesses. The document discusses why businesses need a formal security program to take an organized, enterprise-wide approach to managing security risks in a proactive manner. It outlines the key components of a security program and how MCGlobalTech can help clients develop a tailored program to protect their data, systems and meet their unique security needs.
Information Security Awareness for everyoneYasir Nafees
SAFE (which stands for Security Awareness For Everyone) is an information security awareness program designed to help organizations creating a well informed and risk-aware culture. SAFE focuses on learning to make it important for everyone to be fully informed and take responsibility to protect organization’s most important asset, “The Information”.
At Atos, through digital transformation we strive to create the firm of tomorrow. We believe that bringing together people, technology and business is the way forward.
Every day, we power progress for our clients and partners. It is our unique approach as business technologists that makes this possible.
Digital technologies allow organizations to reinvent themselves – transforming the core of the business and finding and exploiting new sources of value. However, many organizations are struggling to reinvent themselves because they run up against a significant barrier – culture. Our research shows that culture is the number 1 barrier to digital transformation.
This edition of the Digital Transformation Review focuses on this critical, but neglected, topic:
How are large and traditional organizations tackling the thorny issue of digital culture?
What do digital-native firms do differently when it comes to digital culture?
What advice do leading academics have for organizations attempting to get digital culture change right?
We share the insights of key leaders and experts on this topic, representing the views of traditional companies, academia, and the Silicon Valley. We also outline Capgeminis’ point of view on how organizations can close the growing employee-leadership gap in digital culture, drawing on an extensive global survey.
Accenture Security Services: Defending and empowering the resilient digital b...Accenture Technology
The impact of security threats is increasingly devastating. With the explosion of the IoT, cloud and mobile, digital technology is now pervasive. The opportunities for attack are surging, opening up new areas of vulnerability for security, privacy and data integrity. To truly defend and empower your organization, you also need to detect, intercept and remediate even the most unthinkable threats.
Information Security Awareness for everyoneYasir Nafees
SAFE (which stands for Security Awareness For Everyone) is an information security awareness program designed to help organizations creating a well informed and risk-aware culture. SAFE focuses on learning to make it important for everyone to be fully informed and take responsibility to protect organization’s most important asset, “The Information”.
At Atos, through digital transformation we strive to create the firm of tomorrow. We believe that bringing together people, technology and business is the way forward.
Every day, we power progress for our clients and partners. It is our unique approach as business technologists that makes this possible.
Digital technologies allow organizations to reinvent themselves – transforming the core of the business and finding and exploiting new sources of value. However, many organizations are struggling to reinvent themselves because they run up against a significant barrier – culture. Our research shows that culture is the number 1 barrier to digital transformation.
This edition of the Digital Transformation Review focuses on this critical, but neglected, topic:
How are large and traditional organizations tackling the thorny issue of digital culture?
What do digital-native firms do differently when it comes to digital culture?
What advice do leading academics have for organizations attempting to get digital culture change right?
We share the insights of key leaders and experts on this topic, representing the views of traditional companies, academia, and the Silicon Valley. We also outline Capgeminis’ point of view on how organizations can close the growing employee-leadership gap in digital culture, drawing on an extensive global survey.
Accenture Security Services: Defending and empowering the resilient digital b...Accenture Technology
The impact of security threats is increasingly devastating. With the explosion of the IoT, cloud and mobile, digital technology is now pervasive. The opportunities for attack are surging, opening up new areas of vulnerability for security, privacy and data integrity. To truly defend and empower your organization, you also need to detect, intercept and remediate even the most unthinkable threats.
Cybersecurity at a premium: The state of cyber resilience in insuranceaccenture
Accenture’s report finds insurance firms could do more to prevent security breaches and strengthen cyber resilience. Read our report to see how Accenture can help your insurance firm become a cybersecurity leader: https://accntu.re/31i8ic3
This is a presentation that I shared with a group of College students on Cyber Security.
This was part of the Cyber Safe Tamil Nadu 2009 program organized jointly by NASSCOM, DSCI and the Tamil Nadu police.
A presentation on how project managers should consider cybersecurity in their project delivery activities. Delivered at the PMI-SOC Cybersecurity workshop on September 26th, 2015, in Toronto.
Top mobile app development company - MindinventoryMindInventory
Top mobile app development company with over 500 apps built, offering Android, iPhone, iPad and web application Development services. Get free quote now
Upgrade Your SOC with Cortex XSOAR & Elastic SIEMElasticsearch
Together, Cortex XSOAR and Elastic SIEM deliver a flexible and effective solution for today's security operations teams. Combining Cortex XSOAR's robust orchestration, automation, and case management capabilities with Elastic's open collection, search, and analytics abilities provides the comprehensive end-to-end strategy SOC teams need to gain visibility to stop threats.
The slideshare identifies the six steps to moving beyond cybersecurity to cyber resilience. Ensuring federal agencies maintain continuous operations while under persistent threat. Learn more: https://accntu.re/2Q2cdDj
The complete guide on how to prevent an IT security breach.
Some of the tips include:
♦ Why keeping a clean desk matters
♦ How to avoid email threats, including five ways to block phishing attack
♦ How your employees can secure their mobile devices
♦ Website browsing best practices.
Cyber Security Awareness Session for Executives and Non-IT professionalsKrishna Srikanth Manda
Cyber Security Awareness Session conducted by Lightracers Consulting, for Management and non-IT employees. In this learning presentation, we will look at - What is Cyber Crime, Types of Cyber crime, What is Cyber Security, Types of Threats, Social Engineering techniques, Identifying legitimate and secure websites, Protection measures, Cyber Law in India followed by a small quiz.
Competing successfully in a high-velocity, digital-driven world places increasing demands on an organization’s ability to execute and deliver projects at a rapid pace. These pressures have made program, project and service management (PPSM) a valued capability across the enterprise
This month, Community IT presents basic IT security training for end users. Learn about common threats and the best techniques for dealing with them. This webinar is intended for a broad audience of both technical and non-technical staff.
Cybersecurity at a premium: The state of cyber resilience in insuranceaccenture
Accenture’s report finds insurance firms could do more to prevent security breaches and strengthen cyber resilience. Read our report to see how Accenture can help your insurance firm become a cybersecurity leader: https://accntu.re/31i8ic3
This is a presentation that I shared with a group of College students on Cyber Security.
This was part of the Cyber Safe Tamil Nadu 2009 program organized jointly by NASSCOM, DSCI and the Tamil Nadu police.
A presentation on how project managers should consider cybersecurity in their project delivery activities. Delivered at the PMI-SOC Cybersecurity workshop on September 26th, 2015, in Toronto.
Top mobile app development company - MindinventoryMindInventory
Top mobile app development company with over 500 apps built, offering Android, iPhone, iPad and web application Development services. Get free quote now
Upgrade Your SOC with Cortex XSOAR & Elastic SIEMElasticsearch
Together, Cortex XSOAR and Elastic SIEM deliver a flexible and effective solution for today's security operations teams. Combining Cortex XSOAR's robust orchestration, automation, and case management capabilities with Elastic's open collection, search, and analytics abilities provides the comprehensive end-to-end strategy SOC teams need to gain visibility to stop threats.
The slideshare identifies the six steps to moving beyond cybersecurity to cyber resilience. Ensuring federal agencies maintain continuous operations while under persistent threat. Learn more: https://accntu.re/2Q2cdDj
The complete guide on how to prevent an IT security breach.
Some of the tips include:
♦ Why keeping a clean desk matters
♦ How to avoid email threats, including five ways to block phishing attack
♦ How your employees can secure their mobile devices
♦ Website browsing best practices.
Cyber Security Awareness Session for Executives and Non-IT professionalsKrishna Srikanth Manda
Cyber Security Awareness Session conducted by Lightracers Consulting, for Management and non-IT employees. In this learning presentation, we will look at - What is Cyber Crime, Types of Cyber crime, What is Cyber Security, Types of Threats, Social Engineering techniques, Identifying legitimate and secure websites, Protection measures, Cyber Law in India followed by a small quiz.
Competing successfully in a high-velocity, digital-driven world places increasing demands on an organization’s ability to execute and deliver projects at a rapid pace. These pressures have made program, project and service management (PPSM) a valued capability across the enterprise
This month, Community IT presents basic IT security training for end users. Learn about common threats and the best techniques for dealing with them. This webinar is intended for a broad audience of both technical and non-technical staff.
Recognizing the renowned enterprise security solution providers, Insights Success has enlisted “The 10 Most Promising Enterprise Security Solution Providers, 2019”
Cyber-attacks are an alarming threat to all types of businesses & organizations.The risk of a cyber-attack is not just a risk to your company but also to your privacy.Hence, cybersecurity is crucial for every business. Cybersecurity protects critical data from cyber attackers. This includes sensitive data, governmental and industry information, personal information, personally identifiable information (PII), intellectual property, and protected health information (PHI). If you are looking for tools to fight against cyber threats, then Techwave’s tools & technologies with adequate controls will help your organization stay protected.
Cyber-attacks are an alarming threat to all types of businesses & organizations.The risk of a cyber-attack is not just a risk to your company but also to your privacy.Hence, cybersecurity is crucial for every business. Cybersecurity protects critical data from cyber attackers. This includes sensitive data, governmental and industry information, personal information, personally identifiable information (PII), intellectual property, and protected health information (PHI). If you are looking for tools to fight against cyber threats, then Techwave’s tools & technologies with adequate controls will help your organization stay protected.
Preparing your enterprise against cyber-attacks is no longer a luxury but a necessity. And only those who have leveraged technology without any fear of being destroyed with a single cyber-attack can only be considered to have a digital advantage. This will not only enhance their performance but also put them one step ahead of the competition. Learn how cybersecurity is linked with digital maturity with the following link.
4 Key Benefits of Managed IT Security Services – Devlabs GlobalDevLabs Global
Managed IT security services provide a proactive and comprehensive approach to protecting your organization’s digital assets. With a team of skilled professionals continuously monitoring your systems, potential vulnerabilities can be identified and addressed before they are exploited. These services employ advanced threat detection tools, real-time monitoring, and regular security updates to stay ahead of evolving cyber threats.
The MCGlobalTech Managed Security Compliance Program helps small business government contractors meet the DFARS/NIST 800-171 compliance requirements by managing their security and compliance. Save Money. Run your business. Leave it to the experts.
Our mission is to be a trusted provider of information technology services and solutions with core competencies in cybersecurity, information assurance, security engineering, risk management and security program and project management. Our proven methodologies and scalable solutions help our clients achieve maximum return on their investment.
The cybersecurity field is broad, diverse and require a wide array of knowledge, skills and experience. Knowing what you want to achieve is the first step in getting there.
Improving Cyber Readiness with the NIST Cybersecurity FrameworkWilliam McBorrough
Still need a prime on the CSF? Check out my article for the Access Business Team January 2017 Newsletter on how business can improve their cyber readiness with the NIST Cybersecurity Framework.
Learn the five steps all businesses must follow to protect themselves from costly data breaches. This will be the first of a monthly series to educational webinars for small business leaders. Knowing is the first step in protecting your business.
Learn the five steps all businesses must follow to protect themselves from costly data breaches. This will be the first of a monthly series to educational webinars for small business leaders. Knowing is the first step in protecting your business.
MCGlobalTech presentation to manufacturing sector executives on managing cybersecurity risks by implementing an enterprise information security management program.
1.
M C G l o b a l T e c h
1 3 2 5
G
S t r e e t ,
N W
S u i t e
5 0 0
W a s h i n g t o n ,
D . C .
2 0 0 0 5
P h o n e :
2 0 2 . 3 5 5 . 9 4 4 8 E m a i l :
i n f o @ m c g l o b a l t e c h . c o m
w w w . m c g l o b a l t e c h . c o m
An organized, enterprise-wide approach to
managing your security risks that allows you to
prioritize your security efforts and maximize
your return on security investment.
Mission Critical Global Technology Group
Enterprise Information Security
Management
For Commercial Businesses
2. Mission Critical Global Technology Group
E: Info@mcglobaltech.com T: 202-355-9448
www.mcglobaltech.com
1
About
MCGlobalTech
Mission
Critical
Global
Technology
Group
(MCGlobalTech)
is
an
Information
Security
and
IT
Infrastructure
Management
Consulting
firm
founded
by
industry
leaders
who
combine
decades
of
experience
in
industries
such
as
finance,
health
care,
manufacturing,
insurance,
education,
federal,
state,
and
local
government
agencies.
The
Principals
at
MCGlobalTech
have
provided
Information
Security
services
to
private
sector
industries,
state,
and
federal
government
agencies
for
over
25
years.
MCGlobalTech
provides
security
services
and
solutions
to
solve
a
myriad
of
complex
security
challenges
facing
our
clients.
Through
our
corporate
and
personal
work
experiences
and
the
extensive
experience
of
our
partners,
MCGlobalTech
delivers
leading
edge,
cost-‐effective
security
solutions
to
meet
any
budgetary
requirements.
Our
mission
is
to
be
a
trusted
provider
of
information
technology
services
and
solutions
with
core
competencies
in
cybersecurity,
information
assurance,
security
engineering,
risk
management,
and
security
program
and
project
management.
Our
proven
methodologies
and
scalable
solutions
help
our
clients
achieve
maximum
return
on
their
investment.
At
MCGlobalTech,
we
believe
that
strong
values
create
long-‐term
relationships
with
our
customers,
employees,
partners,
and
the
communities
we
serve.
At
the
heart
of
everything
we
do,
our
corporate
values
are:
• Providing
customer
satisfaction
• Delivering
innovative
solutions
• Empowering
staff
for
success
• Maintaining
technical
excellence
MCGlobalTech
consultants
provide
a
number
of
innovative
services
and
solutions
to
produce
a
comprehensive
risk
based
protection
strategy
to
protect
our
client’s
data
and
mission
critical
systems.
By
partnering
with
MCGlobalTech,
you
can
be
assured
of
a
tailored
security
program
that
fits
your
unique
business
requirements
instead
of
a
cookie
cutter
–
canned
solution.
MCGlobalTech
also
partners
with
other
service
providers
such
as
industry-‐
focused
corporations,
technology
vendors
and
security
organizations
to
enhance
and
balance
our
portfolio
of
services.
MCGLOBALTECH
Staff
Skills
Success
3. Mission Critical Global Technology Group
E: Info@mcglobaltech.com T: 202-355-9448
www.mcglobaltech.com
2
Protecting
Your
Business
With
A
Better
Security
Program
Why
You
Need
a
Security
Program
News
reports
of
major
security
breaches
across
government
and
commercial
industries
are
a
constant
reminder
of
the
threats
facing
organizations
large
and
small.
As
business
leaders,
you
must
ensure
your
organization's
assets
are
adequately
protected
against
internal
threats
such
as
disgruntled
employees
and
external
threats
such
as
hackers
and
malicious
software.
These
assets
include
your
mission
critical
data,
the
systems
used
to
store,
process,
and
transport
information
and
the
employees
that
utilize
and
depend
on
these
systems.
To
do
this
in
a
cost-‐effective,
efficient,
and
effective
proactive
manner,
you
need
a
strong
enterprise
information
security
management
program.
A
security
program
provides
the
framework
for
addressing
security
threats
and
establishing,
implementing,
and
maintaining
an
acceptable
level
of
risk
to
your
organization's
assets
and
operations
as
determined
by
executive
leadership.
There
is
no
“one
size
fits
all”
in
security.
The
scope,
scale,
and
complexity
of
your
security
program
must
be
driven
by
your
organization's
unique
business
and
security
needs
and
security
tolerance
level.
A
security
program
also
allows
you
to
examine
your
organization
holistically
and
• Identify,
classify,
and
categorize
your
assets
that
need
protecting
• Identify
and
evaluate
threats
to
those
assets
• Identify
and
assess
where
those
assets
are
vulnerable
to
evaluated
threats
• Manage
the
resulting
risks
to
those
assets
through
mitigation,
transference,
avoidance
and
acceptance
Current
State
of
Security
Management
The
reality
is
that
all
organizations
are
doing
something
with
respect
to
security.
However,
without
a
formal
security
program,
your
organization,
like
many
others,
will
continue
to
respond
to
network
intrusions,
data
breaches,
system
failures,
and
other
security
incidents
in
an
ad-‐hoc
and
reactive
manner.
The
organization
will
be
positioned
to
respond
to
individual
incidents,
thereby
not
spending
unnecessary
time,
money,
and
other
resources
to
address
the
symptoms
rather
than
the
root
cause
which
is
usually
the
lack
of
an
enterprise-‐wide
approach
to
“identifying
and
managing”
your
security
risks
that
allows
you
to
prioritize
your
security
investments
and
efforts.
Evaluate
Assess
Manage
Iden5fy
4. Mission Critical Global Technology Group
E: Info@mcglobaltech.com T: 202-355-9448
www.mcglobaltech.com
3
The
Case
For
a
Holistic
Approach
According
to
HP’s
2015
Cyber
Threat
Report,
almost
half
of
companies
that
suffered
cyber
attacks
in
2014
were
the
results
of
unpatched
software
or
systems.
This
may
cause
an
affected
company
to
launch
an
aggressive
patching
initiative.
While
applying
security
patches
and
fixes
to
vulnerable
applications
and
servers
is
definitely
needed,
having
unpatched
systems
in
your
network
is
merely
a
symptom
of
a
systemic
problem
that
could
include
lack
of
proper
security
oversight,
policies,
procedures,
risk
management,
security
architecture,
employee
training
etc.,
all
of
which
if
properly
implemented
could
have
contributed
to
preventing
the
breach
and
resulting
cost
of
dealing
with
it.
Unless
all
of
those
elements
are
addressed,
your
organization
will
continue
to
ricochet
from
one
security
incident
to
the
next.
Security
vendors
and
service
providers
are
more
than
willing
to
sell
you
point
solutions
to
deal
with
any
subset
of
technical
security
challenges,
but
as
business
managers
across
industries
and
sectors
face
increasing
threats
and
decreasing
budgets,
you
can
ill-‐afford
to
continue
down
that
path.
Factors
That
Affect
Your
Security
Program
In
addition
to
business
needs
and
drivers,
additional
factors
that
significantly
impact
your
organization’s
approach
to
security
and
privacy
are
laws,
regulations,
and
industry
standards.
These
include
Sarbanes-‐
Oxley
Act
(SOX),
Gramm-‐Leach-‐Bliley
Act
(GLBA),
Health
Insurance
Portability
and
Accountability
Act
(HIPAA),
Federal
Information
Security
Management
Act
(FISMA),
Payment
Card
Industry
Data
Security
Standard
(PCI
DSS),
and
others,
depending
on
your
specific
industry.
An
Enterprise
Security
Program
takes
into
account
your
organization’s
compliance
requirements
and
protects
against
the
risks
of
penalties
and
fines
due
to
non-‐compliance.
Security
Program
Standards
and
Best
Practices
The
International
Organization
for
Standardization
(ISO)
and
the
International
Electrotechnical
Commission
(IEC)
provides
recommendations
for
information
security
program
management
(ISO/IEC
27002).
Other
common
security
frameworks
include
National
Institute
of
Science
and
Technology
(NIST),
Control
Objectives
for
Information
and
Related
Technology
(COBIT),
Committee
of
Sponsoring
Organizations
of
the
Treadway
Commission
(COSO)
and
the
HiTRUST
Common
Security
Framework
(CSF).
Regardless
of
which
framework
you
employ,
it
must
be
tailored
to
fit
your
organization’s
business
model,
operations,
and
technology
environment.
Components
of
an
Enterprise
Information
Security
Management
Program
Regardless
of
industry
sector
or
organization
size,
there
are
five
components
that
are
the
foundation
of
any
security
program:
• Designated
Security
Leadership
Security
within
an
organization
is
everyone’s
responsibility.
However,
your
organization
must
designate
a
security
officer
or
manager
to
lead,
implement,
and
manage
the
security
program.
This
is
a
requirement
5. Mission Critical Global Technology Group
E: Info@mcglobaltech.com T: 202-355-9448
www.mcglobaltech.com
4
for
most
security
regulations
and
standards,
with
some
requiring
that
this
role
be
at
the
executive
management
level.
Your
security
leader
should
have
the
authority
and
support
to
champion
the
cause
of
security
as
a
business
driver
and
enabler
from
the
boardroom
to
the
operations
floor.
• Security
Policy
Framework
Your
security
policy
documents
includes
your
organization’s
leadership
goals
for
managing
security
risk
and
protecting
the
organization
assets.
Your
policy
framework
also
includes
standards,
procedures,
and
guidelines
that
govern
the
implementation
of
the
security
program
across
all
business
units
and
functions.
The
policy
framework
should
be
reviewed
and
updated
periodically
to
ensure
it
keeps
pace
with
the
ever-‐changing
regulatory
compliance
requirements,
business
operations,
and
technology
landscape.
• Risk
Management
Framework
Your
security
program
must
continuously
assess
threats
and
vulnerabilities
in
order
to
identify,
measure,
and
prioritize
risks
to
the
organization’s
assets
that
must
be
managed.
Periodic
enterprise
risk
assessments
must
be
performed
to
include
security
penetration
testing
of
security
procedures
and
controls
and
employee
security
awareness
and
practices.
• Security
Architecture
and
Operations
An
enterprise
security
architecture
enables
your
organization
to
implement
necessary
technology
infrastructure
that
maximizes
return
on
security
investments
(ROI)
and
minimizes
risk.
A
layered
approach
to
applying
security
controls
allows
you
to
protect
your
data,
applications,
systems
and
networks.
Security
event
monitoring
and
response
allows
your
organization
to
efficiently
detect
and
mitigate
security
incidents
that
lead
to
data
breaches,
system
downtime
and
network
intrusions.
• Security
Awareness
and
Training
Program
A
security
awareness
program
and
role-‐based
security
training
are
essential
to
educating
your
employees
about
their
roles
and
responsibilities
in
helping
to
maintain
a
strong
security
posture.
Users
are
often
considered
the
“weakest
link”
in
an
organization’s
security
controls,
however,
users
that
are
trained
and
equipped
with
the
tools
needed
to
perform
their
duties
securely
are
your
first
line
of
defense
against
security
threats.
6. Mission Critical Global Technology Group
E: Info@mcglobaltech.com T: 202-355-9448
www.mcglobaltech.com
5
MCGlobalTech
Enterprise
Information
Security
Management
Service
The
MCGlobalTech
Enterprise
Information
Security
Management
(EISM)
service
helps
protect
organizations
against
security
threats,
regulatory
non-‐compliance,
and
financial
losses
through
the
effective
implementation
and/or
enhancement
of
the
five
components
of
an
effective
security
program
as
outlined
above.
Our
EISM
methodology
leverages
common
security
frameworks
including
ISO,
NIST,
COBIT,
and
COSO
to
measure
the
maturity
of
your
current
security
management
program.
This
includes
a
comprehensive
assessment
of
your
security
policies,
security
organization
structure,
asset
management,
personnel
security,
physical
and
environmental
security,
security
operations,
security
architecture,
and
technology,
business
continuity
preparedness,
and
security
compliance.
Security)Program)Components)
Security)Awareness)and)Training)Program)
(Educa9ng)Your)Employees)))
Security)Architecture)and)Opera9ons)
(Data,)Applica9ons,)Systems)and)Networks)))
Risk)Management)Framework)
(Iden9fy,)measure)and)priori9ze)risks)))
Security)Officer)or)Manager)
A)designated)security)officer)or)manager)))
Security)Leader)
Security)Policy)Framework)
(Standards,)Procedures)and)Guidelines)))
• A)security)awareness)
program)and)roleLbased)
security)training)are)
essen9al)to)educa9ng)your)
employees)!
• Implement)necessary)
technology)infrastructure)
that)maximizes)ROI)and)
minimizes)risk))
• Applying)security)controls)
to)protect)IT)environment)
• Security)event)monitoring)
and)response))
• Security)policy)documents)
organiza9on’s)leadership)
goals)for)managing)security)
risk)and)protec9ng)
organiza9onal)assets)
Governance)Team)
• Your)security)program)must)
con9nuously)assess)threats)
and)vulnerabilities)
• Periodic)enterprise)risk)
assessments)must)be)
performed)to)include)
security)penetra9on)tes9ng)
of)security)procedures)and)
controls)and)employee)
security)awareness)and)
prac9ces))!
• Lead,)implement)and)
manage)the)security)
program))
• Requirement)for)most)
security)regula9ons)and)
standards)
• Authority)and)support)to)
champion)IS)ini9a9ves))!
• Security)within)an)
organiza9on)is)everyone’s)
responsibility))
7. Mission Critical Global Technology Group
E: Info@mcglobaltech.com T: 202-355-9448
www.mcglobaltech.com
6
How
MCGlobalTech
Helps
You
Protect
Your
Business
Through
Better
Security
• Security
Leadership
The
most
effective
security
programs
are
focused
on
supporting
the
overall
business
goals
of
the
organization.
MCGlobalTech’s
Security
Management
Subject
Matter
Experts
bring
decades
of
expertise
leading
security
programs
and
initiatives
to
advise
and
support
your
leadership
team
to
better
understand
the
business
loss
potential
and
make
pragmatic
decisions
about
“how
to
invest”
in
making
security
improvements
or
fixes.
Our
Leadership
Advisory
Services
include:
Ø CISO/CIO
Advisory
Services
Ø Virtual
CISO
Support
Ø Enterprise
Information
Security
Program
Assessment
Ø Security
Leadership
Training
• Security
Governance
MCGlobalTech’s
Security
Governance
and
Compliance
Subject
Matter
Experts
protect
your
organization
from
the
risk
of
hefty
monetary
fines,
penalties,
negative
branding,
loss
of
public
confidence,
etc.
due
to
non-‐compliance
with
the
complex
maze
of
federal,
state,
and
industry
regulations
affecting
your
organization.
We
help
you
create
the
necessary
framework
of
policies,
standards,
and
best
practices
that
ensure
your
business
and
IT
operations
meet
your
regulatory
requirements,
industry
standards,
best
practices,
and
promote
not
only
security
and
privacy,
but
efficiency
reflecting
your
organizational
goals,
mission,
and
commitment
to
security.
Our
Security
Governance
and
Compliance
Services
include:
Ø Enterprise
Security
Governance
Document
Development
and
Review
Ø Enterprise
Security
Policies
Framework
Development
and
Review
Ø Compliance
Readiness
Audits
Ø Operational
Governance
and
Compliance
Support
• Security
Risk
Management
MCGlobalTech’s
Security
Risk
Management
(SRM)
program
incorporates
industry
standards,
such
as
NIST
and
ISO
27001,
and
proven
best
practices
from
our
dozens
of
risk
assessment
engagements
to
effectively
address
both
technical
and
non-‐technical
business
security
risks.
Our
SRM
program
provides
our
clients
with
a
means
to
enhance
systems
security
and
operational
performance
and
facilitate
informed
decision-‐making.
The
SRM
program
is
a
metrics-‐based
program
that
identifies,
quantifies,
and
analyzes
potential
risk
indicators
and
mitigation
performance
throughout
the
operational
life
cycle
in
an
iterative
approach
-‐
before,
during,
and
after.
The
SRM
program’s
principal
goal
is
to
protect
the
client
and
its
ability
to
perform
its
mission,
not
just
its
IT
assets.
Additionally,
MCGlobalTech’s
SRM
program
coordinates
the
synchronization
of
potential
impairment
to
operations
with
effective
levels
of
security
8. Mission Critical Global Technology Group
E: Info@mcglobaltech.com T: 202-355-9448
www.mcglobaltech.com
7
controls
and
mitigation
measures.
The
SRM
program
allows
for
developing
risk
management
policies,
ensuring
risk
policy
compliance,
monitoring
risk
mitigation
effectiveness,
and
prioritizing
and
managing
enterprise-‐wide
security
risks
to
include
interdependencies
through
a
consolidated
risk
mitigation
plan
that
enables
effective
resource
utilization
(funding
and
time
sensitivity).
Our
Security
Risk
Management
Services
include:
Ø Risk
Management
Strategy
Development
and
Implementation
Ø Enterprise
Vulnerability
and
Risk
Assessments
Ø Technology
Infrastructure
Security
Assessments
Ø Vulnerability
Management
and
Penetration
Testing
Ø Continuous
Security
Monitoring
• Security
Architecture
and
Engineering
MCGlobalTech’s
Security
Architects
employ
proven
“defense-‐in-‐depth”
strategies
to
achieve
specific
risk-‐
driven
security
objectives
across
the
IT
enterprise
through
the
implementation
of
technical
security
solutions.
Our
approach
integrates
security
controls
to
the
multiple
business
enterprise
layers
rather
than
a
vendor-‐centric,
silo-‐ed,
whack-‐a-‐mole
approach
to
address
individual
weaknesses
as
discovered.
These
security
objectives
are
determined
at
the
enterprise
level
as
part
of
an
overall
enterprise
architecture
framework.
A
subset
of
these
high
level
objectives
would
include:
Ø Authentication
–
Identifying
and
verifying
all
users
and
systems
Ø Segmentation
–
Separating
network
traffic,
systems,
and
data
according
to
risk
Ø Access
Control
–
Restricting
access
to
sensitive
systems
and
data
Ø Encryption
–
Protecting
confidentiality
of
data
and
communications
Ø Threat
Detection/Mitigation
–
Identifying
and
reacting
to
system
and
network
threats
To
achieve
these
objectives,
our
security
engineers
implement
best
of
breed
security
solutions
to
protect
client
business
data
and
the
systems
used
to
process,
store,
and
transport
them.
An
effective
layered
defensive
posture
requires
that
these
solutions
and
controls
be
implemented
at
the
Network,
Host,
Application,
and
Data
layers.
These
solutions
include:
Ø Packet
filtering
firewall
with
stateful
inspection
Ø Application
layer
firewalls
with
payload
inspection
Ø Proxy
servers/appliances
Ø Network
segmentation
Ø Network
and
Host
Intrusion
detection
and
prevention
Ø Network
and
Host
anti-‐virus
detection
Ø Content
monitoring
and
filtering
Ø Mobile
device
management
Ø Privileged
identity
management
9. Mission Critical Global Technology Group
E: Info@mcglobaltech.com T: 202-355-9448
www.mcglobaltech.com
8
Ø Patch
management
Ø Network,
System,
Application
least
privilege
access
controls
Ø Data
and
Network
encryption
Ø Data
integrity
monitoring
and
loss
prevention
• Security
Training
and
Awareness
MCGlobalTech
offers
information
security
and
compliance
training
to
business
leaders
and
staff
to
help
them
better
protect
their
critical
data
and
systems
against
the
ever-‐evolving
threat
and
regulatory
landscape.
Our
training
program
provides
custom
security
presentations
and
briefings
tailored
to
your
unique
business
operating
environment
and
requirements.
Our
Security
Training
Services
include:
Ø Executive
Information
Security
Briefings
Ø Security
Program
Management
Training
Ø Risk
Management
Training
Ø End
User
Security
Awareness
Training
Ø HIPAA
Compliance
Training
Ø PCI-‐DSS
Compliance
Training
Ø FISMA
Compliance
Training
Ø Security
Professional
Development
MCGlobalTech
Security
Management
Service
Delivery
Model
Using
our
proven
four-‐phased
service
delivery
model:
assessment,
planning,
implementation,
and
monitoring
(APIM),
we
provide
full
EISM
life-‐cycle
support
for
your
organization.
We
help
you
develop,
implement,
maintain,
and
improve
a
security
program
tailored
to
the
specific
needs
of
your
organization.
Our
model
is
flexible
and
customizable
to
meet
your
organization’s
unique
security
program
management
needs.
Working
with
your
executive
leadership
team
allows
us
to
help
you
guide
investments
in
IT
and
security
to
more
closely
align
with
business
and
mission
goals
and
priorities
while
increasing
ROI
and
decreasing
business
risk.
We
do
not
simply
focus
on
point
solutions
and
services
that
may
simply
address
immediate
challenges.
By
working
at
the
management
and
programmatic
levels
of
an
organization,
we
are
able
to
identify
weaknesses
in
IT
infrastructure
and
security
management
that
are
the
root
cause
to
many
of
the
more
common
IT
and
security
problems
such
as
service
outages,
failed
technology
investments,
data
breaches
and
regulatory,
compliance
penalties.
10. Mission Critical Global Technology Group
E: Info@mcglobaltech.com T: 202-355-9448
www.mcglobaltech.com
9
Each
phase
of
the
EISM
Service
Delivery
Model
is
designed
around
your
specific
organizational
goals,
challenges
and
culture.
As
your
strategic
security
advisors,
MCGlobalTech
partners
with
you
every
step
of
the
way.
Phase
1:
Assessment
Our
engagements
typically
begin
with
a
full
assessment
of
the
organization’s
information
security
program
and/or
IT
infrastructure
management.
This
includes
a
review
of
your
policies,
processes,
procedures,
required
standards,
people
and
technologies.
We
assess
your
information
security,
IT
infrastructure
and
compliance
risk.
Following
each
assessment
engagement,
we
provide
you
with
a
detailed
gap
analysis
that
documents
areas
of
weaknesses
and
recommendations
for
remediation.
APIM
11. Mission Critical Global Technology Group
E: Info@mcglobaltech.com T: 202-355-9448
www.mcglobaltech.com
10
Phase
2:
Planning
The
planning
phase
is
especially
crucial
to
the
success
of
initiatives
involving
integrating
new
procedures,
technologies
or
operational
processes
into
your
environment.
Many
IT
and
security
initiatives
fail
due
to
a
lack
of
proper
planning
that
takes
into
consideration
organization
culture,
capabilities
and
operational
realities.
We
work
with
all
stakeholders
across
your
organization
to
create
an
efficient,
operationally
feasible
and
priorities-‐driven
remediation
and
improvement
plan
of
action
based
of
the
results
of
the
assessment
and
leadership
prioritization.
Phase
3:
Implementation
During
this
phase,
we
manage
the
successful
implementation
of
your
approved
plan
of
action
to
improve
and
mature
your
organization’s
compliance
readiness,
enterprise
security
program,
and
IT
infrastructure
management.
We
help
develop
appropriate
policies,
effective
procedures
and
practices,
staff
and
management
training
and
expertise
and
capability
augmentation.
Leveraging
our
strategic
partnership
network,
we
help
drive
and
manage
new
technology
integration
and
infrastructure
migration.
We
help
you
implement
business
focused,
cost-‐effective
mitigation
strategies
for
risks
identified
during
the
assessment
engagement.
Phase
4:
Monitor
Our
Continuous
Monitoring
phase
includes
an
on-‐going
combination
of
performance
monitoring,
security
assessments,
awareness
training,
metrics
reporting,
and
executive
advisory
services.
We
partner
with
your
organization’s
leadership
to
ensure
continuous
improvement
of
IT
infrastructure
and
security
management.
We
help
you
ensure
that
mission
critical
decisions
regarding
your
IT
and
security
are
aligned
with
your
organizational
strategic
goals.
Improving
Your
Security
Program
Reduces
Risks
to
Your
Organization
A
mature
security
program
will
help
your
organization
maintain
focus
and
mitigate
organization-‐wide
risk
associated
with
information
security.
It
will
also
help
your
organization
identify
and
comply
with
government
regulations,
industry
standards,
and
best
practices
associated
with
your
business,
its
creditability,
and
any
data
or
electronic
assets
it
has
guardianship
over.
Your
security
program
will
enable
you
to
meet
the
security
requirements
of
your
clients
and
your
customers,
contractual
obligations,
while
mitigating
the
risk
of
adverse
legal
action
being
levied
against
you
or
your
organization.
This
is
paramount
for
protecting
your
organization’s
most
important
IT
infrastructure,
data,
brand,
and
reputation.
Contact
MCGlobalTech
today
at
info@mcglobaltech.com
for
a
free
EISM
Quick
Assessment
to
give
you
a
high
level
view
of
how
well
your
organization
manages
security
risks
and
implements
the
critical
components
of
a
security
program.