Add to collection(s) Add to saved
  1. Business
  2. Management
  3. Project Management

Security as a Service

advertisement 
Solution brief
Security as a Service
The expertise you need. As you need it. When you need it.
How much do we need to invest in security? How many people do we need? What technologies do we need? IT leaders in
every business are coping with this business-critical balancing act every day. And for mid-sized enterprises the challenge is
even more difficult: large-scale security threats with mid-scale budgets. Universally, the answer is that we need more than we
can afford. What’s more, there is no magic security investment formula.
Data and network security are now top-of-mind from for companies of all sizes,
from the shop floor to the boardroom. What do we tell management? How do
we explain a technology challenge in business terms for the board of directors?
How do we justify investment and headcount for security when the threat
is invisible and the financial impact seems impossible to quantify?
Regardless of company size,
Regardless of
every business needs to meet
company size,
minimum security requirements.
every business needs to meet minimum requirements to be
both compliant and prudent. These requirements include
an annual assessment to ensure regulatory compliance, regular reviews of cybersecurity risks, and a program
of continuous improvement in awareness, technology, and process to meet minimum security standards.
In order to assist businesses large and small in meeting these requirements WGroup provides an as-a-service solution.
Summary: WGroup Security-as-a-Service
WGroup’s Security-as-a-Service
With a focus on using IT to promote
Instead, the WGroup approach is to
provides businesses the tools they need
business goals, WGroup’s approach relies
provide Security-as-a-Service for a
to face growing security threats with
on consulting, service and technology
fixed monthly fee. No product sales, no
proactive security measures and risk
provisioning, and IT operational
never-ending consulting engagements.
mitigation efforts. Our team of highly
leadership to address risk in a cost
Just a straight-forward approach to
experienced professionals provides the
effective way and provide a holistic
helping you secure your company.
objective insight your company needs
solution for your security needs.
As you need it. When you need it.
to ensure its efforts are effective.
WGroup doesn’t sell technology
and will not overwhelm you with
exorbitant consulting fees.
Drive Your Business
What is included?
1. Full scan security risk assessment.
The assessment includes:
Security architecture and regulatory review. Review the security practices in place to meet regulatory security
requirements and day to day best practices in managing information security. Major considerations are:
• Key security architecture design assumptions
• Business continuity and contingency preparedness
• Current network topology
• Third party reliance and service level agreements
• Inventory of existing security technologies
• Third party and partner integration and access
• Security policies, guidelines and procedures
• Gap analysis of missing, incomplete, or improperly
implemented security controls
• Network access controls and network segmentation
Vulnerability assessment. Technical testing of the systems for weaknesses that may be exploited by an attacker
Security policy and controls assessment. Review all documentation and determine gaps that do not meet industry best practices
Physical security review. Review a sample set
of locations for physical security weaknesses
Website/application testing. Assess the
external web portals for security weaknesses
Comprehensive remediation roadmap
Executive-level summary
2. Quarterly health check.
Provides an update for leadership on progress
5. Risk mitigation roadmap
implementation oversight.
Provided with annual assessment
3. All required annual compliance
assessments as applicable.
e.g. 21 CFR Part 11, C-TPAT, COPPA, EFTA, FACTA,
6. Intelligence on next-generation
threats and preventive actions.
FAST, FERPA, FISMA, FRCP, GLBA, HIPAA, HITECH,
HR 2868, NERC standards, PCI-DSS, PSQIA, SOX
4. Monthly hours to use for a variety
of cybersecurity consulting needs.
Staff meetings, vendor evaluation, audit or regulator
liaison, policy creation, incident response
7. Access to cost effective project
implementation resources at
fixed rates.
What are the benefits?
Access to world-class security experts at an affordable price
Easy to manage monthly service expense
Significantly lower cost for resourcing cybersecurity needs
Security spoken in a language IT leaders, CEOs, and the
board of directors can understand
Expertise as you need it, when you need it
How we do it.
WGroup Security-as-a-Service processes include:
1. PLAN
2. EVALUATE AND TEST
Identify areas of highest potential risk based on
Work with security administrators to coordinate action
interviews with key personnel, applicable regulations,
plans
best practices, etc.
Evaluate current processes regarding software currency
Work with personnel to identify systems, network
(application of patches), malicious code protection, identity
devices, and servers that will create a network map for
management and authorization
security assessment
Conduct penetration test on target IT systems
Produce task breakdown and scheduling plans
using network based exploits. We will attempt to gain
designed to evaluate and test areas of identified security
unauthorized access to systems within scope and systems
concern with minimal impact on operations
connected to networks within scope using non-invasive
“white hat” techniques
Gather all system information for each section of the
engagement:
Identify security vulnerabilities
• Request documentation for each security
practice in place
System testing:
• Identify any systems out of scope
• Work with staff to target specific systems
• Identify format of deliverables
• Work by each section to test the against the requirements
• Interview staff
• Report all significant findings to the staff in real-time
3. REPORT AND ACTION PLAN
Generate detailed reports describing the existing
Provide reports including test results, interviews
state of information security:
with staff, review of documentation and gaps
found in information security best practices:
• Network and server systems
• Information management policies,
procedures, and business processes
• Results of penetration testing
• Identification and prioritization of risks
• Develop a problem resolution matrix
• Work with staff to develop reports in the
format requested by the company
• Review remediation plan with staff to ensure
practical solutions can be implemented
• Work on retesting as necessary to
validate the remediation plan
How much does it cost?
WGroup’s Security-as-a-Service is available as
a fixed-fee retainer for $15,000 per month.
WGroup Security
Principal Profile
• Over 20 years security and IT executive experience
• Many of our consultants are former CISOs,
Infrastructure leaders, CIO’s, and/or CTO’s
• CISSP certified
About WGroup
Founded in 1995, WGroup is a management
consulting firm that provides Strategy,
Management and Execution Services to
optimize business performance, minimize cost
and create value. Our consultants have years
of experience both as industry executives and
• Deep experience in IT audit, IT governance,
and IT service management processes
trusted advisors to help clients think through
• Specialized expertise, including
21 CFR Part 11, C-TPAT, COPPA, EFTA,
FACTA, FAST, FERPA, FISMA, FRCP, GLBA,
HIPAA, HITECH, HR 2868, NERC
standards, PCI-DSS, PSQIA, SOX
drive their business forward.Visit us at www.
• Blend of consulting, service/
tech provider, and IT operational
leadership backgrounds
complicated and pressing challenges to
thinkwgroup.com or give us a call at (610)
854-2700 to learn how we can help you.
Drive Your Business
150 N Radnor Chester Road
Radnor, PA 19087
610-854-2700
ThinkWGroup.com
©2015–2016 WGroup
Related documents
Module_Presentation_09_14_12_1451 Booz Allen Ham
Module_Presentation_09_14_12_1451 Booz Allen Ham
Name: PREM CHANDRANI Designation: PROFESSOR e
Name: PREM CHANDRANI Designation: PROFESSOR e
Senior Manager, Growth Markets Org, Hewlett
Senior Manager, Growth Markets Org, Hewlett
Civil Engineering Handout
Civil Engineering Handout
Global Consulting - Northwood University
Global Consulting - Northwood University
Writing an Article for an Academic Journal: Yes, you can" by Dr
Writing an Article for an Academic Journal: Yes, you can" by Dr
Requirements for Successful Organizational Change
Requirements for Successful Organizational Change
our information session slide deck here
our information session slide deck here
The Business Case for a Diverse Community
The Business Case for a Diverse Community
RICHARD J
RICHARD J
Brief Note on SFC Licensing - CompliancePlus Consulting Limited
Brief Note on SFC Licensing - CompliancePlus Consulting Limited
Alicia Ortega Named Marketing and Business Development Intern at
Alicia Ortega Named Marketing and Business Development Intern at
Download
advertisement