Menu
As a Certified virtual Chief Information Security Officer (CvCISO) and CEO of ITCSTPETE, I strive to assist clients with enough information about the problems most all companies face, the solutions and the mocst favorable outcome. I work with clients directly to deternmine their risk appetite and to help minimize risk by the utilization of additonal cyber security tools as well as the documentation needed to meet regualtory or compliance standards of security the industry or clients demand via Risk Assessments or Certification Prep for frameworks such as CMMC, SOC II, ISO27001 and upcoming ISO42001. We have capabilities for nearly 15 frameworks.
Cybersecurity and Information Security
Allow ITC to provide a complimentary consultation where we can freely discuss business concerns relating to Cybersecurity and Information Security.
At the conclusion of the consultation, we will be able to determine on a high level some necessities, some urgencies and a wish list of services that may be of interest.
For Cybersecurity deployments, a signed proposal will generate initial steps from ITC to prepare for onboarding and deployments.
For Information Security assessments, once a framework is chosen and it is determined whether this is for compliance or certification, the proposal will be presented with a schedule to complete the assessment withing a specific amount of time.
A client was required to have an ISO27001 Risk Assessment in order to maintain the relationship with their largest client.
They needed to provide several documents in order to meet the requirement and provide an Executive Report from ITC to provide to their client proving what was completed.
The challenge for the assessment was, although they have a high level of Cybersecurity and a high level of policies and procedures in place to defend liability in the event of a disaster, it was determined that less than 15% was formally documented. Therefore, the Risk score was lower than national averages.
With only 4 people in IT, the bandwidth required to properly write (template editing also) policy with specifics including roles and responsibilities and version tracking, as well as future reviews of said policy, was not available to the organization.
We were able to work on the immediate requirements to satisfy their client’s request while we roadmapped a 2-year plan to remediate the lack of documentation.
The remediation consists of policy writing, document creation/editing for processes and procedures, and continuous updates to their current assessment. The total remediation was an excess of 350 documents needed to satisfy the remediation of the risks they are currently enforcing without proper documentation.
This has now led to a secondary assessment for certification prep for NIST-CSF 2.0, which conveniently requires many of the same documentation, therefore saving time and costs on duplication of work.
We are your process improvement partners who help you grow through a cyclical approach to save you money you didn’t know you were losing so that you can then reinvest this capital into your business without the need for additional budget.
