The cybersecurity services that B.I.T.S. looks to provide encompass a broad number of disciplines that are all vital to a well-rounded cybersecurity program. These services include audit of controls and best practice implementation, vulnerability scanning and risk assessment, penetration testing, cybersecurity program development, and managed cybersecurity/virtual security operations.
The Cybersecurity Audit will provide clients:
- A clear picture of the existing controls and best practices in use in the organization.
- A comparison of these findings to a governance framework like COBIT.
- A list of recommendations based on the findings.
Vulnerability Scanning & Risk Assessment:
Vulnerability scanning uses automated tools like the ones cyberattackers use to scan systems for vulnerabilities. B.I.T.S., too, uses these tools to help clients:
- Identify potential weaknesses in existing systems that might be exploited.
- Assess and prioritize the level of risk.
- Develop a plan for remediation and implementation (including actions such as patching systems, developing controls, or placing insurance to cover the risk).
B.I.T.S. will become, in essence, “a cyberattacker,” in order to discover and prove the viability of vulnerabilities that may allow an actual cyberattacker access to sensitive systems or data. These tests are “tested” with the test team having limited or no knowledge of the client’s systems with the following goals:
- Gaining physical access via social engineering or other means, leaving behind an Advanced Persistent Threat (APT).
- Gathering sensitive data such as passwords or Personally Identifiable Information (PII).
- Gaining privileged access to sensitive systems.
Cybersecurity Program Development & Management:
A cybersecurity program is extremely important in today’s ever-increasingly aware security-consciousness, heavily-regulated world. These are some services B.I.T.S. would provide to help clients with this shift:
- Virtual CIO to lead the program
- Security Compliance Management
- Security Framework Implementation
- Policy, Process, & Procedure Development
- Cybersecurity Vulnerability & Risk Management
- Business Continuity & Disaster Recovery Planning, Implementation, & Management
Managed cybersecurity centers on monitoring and maintaining the investment a company has dedicated to secure its systems. Daily security operations are the focus of this service with activities like managed antivirus, patch management, secure device configuration, and SIEM (Security Information and Event Management) system monitoring at the forefront. Other services that may be part of the suite of optional managed services include:
- Backup Monitoring, Management, and Testing
- Imbedded Breach Insurance
- Employee Cyber Awareness Training – Annual
- Monthly/Quarterly Vulnerability Scanning
- 5 Hours of Incident Response