Information security is one thing every organization has to deal with. To protect critical business services and assets, your organization needs to be confident that its security architecture is providing a robust, comprehensive defense. As the security architecture evolves over time, you must also ensure that security technologies remain aligned with security policy and compliance requirements.
At TBG Security, we take a four phased, methodical approach to insuring that your organization meets their security needs today and positions themselves to meet the changing landscape of regulatory compliance and threats with a minimal impact to their business.
We start with an assessment of current administrative and operational processes and couple this with automated and manual testing that are all designed to identify risks to your organization. We will identify any gaps in your current security program that could prevent you from reaching your compliance goals.
At the end of the assessment phase, design work can begin to fill the gaps in your security program. Here we will work with key stakeholders to build policy and procedures and to plan technology implementations (commercial and open source). In this phase we will assure that a proper enterprise wide security policy is developed which covers your compliance needs.
During the implementation phase, we will work with you to assure that any designed solutions from the previous phase are rolled out in an orderly manner. We will work on implementing new technologies architected in the previous phase, and roll out programs such as user awareness training.
Finally, once all policy, procedures and technologies are in place, we will work to help you with reaching your full compliance goals. In the case of PCI, we will bring in the actual PCI auditor to perform your Level 1 audit. Our years of experience of working directly as and with the PCI auditors will assure a speedy and smooth completion. The state of Massachusetts has yet to adopt a formal audit and validation process for M.G.L. 93H 201 CMR 17.00, therefore TBG Security will provide a signed letter stating your compliance with the regulatory requirements.
- Ongoing Compliance Activities
Once your organization has achieved compliance, most, if not all, compliance regulations require an annual audit of your security systems and procedures. In most cases, the assessment may be conducted by internal staff (and must include a signoff from a C-level officer) or by a third party. TBG Security is prepared to help you maintain compliance thru services to monitor scan reports and changes in the Standards that may impact your compliance status.
Ongoing services include:
- An annual on-site audit of your organizations security systems and procedures
- Periodic (quarterly, annual, etc.) review of networks for security posture
- Performing, monitoring and assessing results of quarterly vulnerability scans
- Regular monitoring/analysis of network devices for security events and breaches
- On-demand assessment of specific network components for security posture
- Periodic review of access, management, and data encryption
- Log monitoring and forensics to investigate specific incidents
Download the PDF containing our approach to Compliance Management here.