Today businesses are faced with complex choices when it comes to security and information assurance—choices that must carefully balance protection, cost, and risk. Preventing unwanted business interruptions, media exposure, investigations, regulatory and contractual non-compliance, and lawsuits are becoming a frequent board room discussion topic. As reports emerge about significant financial losses, information protection is now a shareholder concern.
While the marketplace offers many options to protect information systems, the operationally mature techniques needed to implement and manage security controls and effectively protect an enterprise can be elusive. It is vital to select a security partner with the right mix of experience and specialized expertise to achieve reliable, consistent protection at a reasonable cost.
“One size fits all” technical security solutions are not the right answer. Security is more than just technology—our solutions include the programmatic elements and management processes needed to ensure our clients get the maximum benefit from their security technology investments.
Why CIBER?
CIBER’s Global Security Practice has more than 15 years of experience securing the information assets of businesses and government entities. We design and deploy comprehensive security solutions that protect high-profile systems in high-risk environments, such as:
- Conducting Third Party Risk Management services for one of the largest US financial institutions and one of the largest providers of prescriptions and health-related services in the nation.
- Protecting $2 trillion in annual, high-volume, electronic funds transactions for the Department of Treasury
- Protecting the privacy and integrity of vital records, lottery transactions, and private healthcare information for state governments
A Balanced Approach between Business and Security
CIBER delivers operationally mature, strategic protection for your critical information assets in three stages: (1) Defining your security goals, (2) Achieving your optimum security posture, and (3) Maintaining your secure position.
Defining Your Security Goals
Building an effective security program requires assessing your current situation. CIBER offers a suite of assessment programs to evaluate security practices, vulnerabilities, risks, regulatory compliance, and enterprise security strategy.
CIBER provides you with a comprehensive, objective review of the presence and effectiveness of security controls in your organization. CIBER assessment programs include:
Business Impact Analysis
- Criticality criteria development
- Critical business process definition/prioritization
- Critical resource definition
- Recovery time objective development
Risk and Vulnerability Assessment
- Programmatic review
- Application security testing
- Perimeter & internal network vulnerability testing including penetration testing
- Network device & system configuration review
- Wireless security testing
Regulatory Compliance Analysis
- Universal security frameworks
- Requirements traceability and forecasting
- Readiness planning for HIPAA, GLB, PCI-DSS, Sarbanes-Oxley, and third-party contract requirements
Enterprise Security Strategy
- Security program planning
- Security architecture development
- Achievable security roadmaps
- Business continuity strategy selection
Identity Theft Assessment
- Business application and database surveys to determine location of personal information storage
- Evaluation of control effectiveness
Achieving Your Optimum Security Posture
CIBER delivers comprehensive solutions that blend technology, processes, and people to strategically reduce security risk. Companies bombarded by technology-driven point solutions appreciate CIBER’s enterprise risk management perspective and vendor neutrality. We tailor security solutions to your needs, fix/solve security issues at the root cause, and deliver cost-effective security with minimal disruption to your business.
Turn to CIBER for:
- Application security review
- Third party risk management
- PCI DSS services including audit preparation, audit, and compliance maintenance
- Security technology and process integration
- Independent verification and validation
- Security policy and procedure development
- Remediation of security deficiencies
- Security training and knowledge transfer
- Business continuity program development
- Emergency management planning
- Disaster recovery planning
- Security incident response
Maintaining Your Secure Position
CIBER’s managed security services include a full range of monitoring and management services for reliable, consistent protection:
- Real-time 24x7 event monitoring
- Security device management
- Vulnerability management
- Patch Management
- Incident investigation, response and recovery
- Event correlation
- Compliance reporting
CIBER clients benefit from a professional security staff at a fraction of the cost of creating their own. Trained security professionals in our fully staffed, 24 X 7 Security Operations Center monitor security events in your infrastructure and applications using a best-of-breed data collection and event correlation platform.
We combine our expertise, business acumen, and state-of-the-art tools to ensure reported events are actual threats before releasing alerts. Our response includes recommending a course of action or carrying out defensive measures according to your customized response criteria. We provide the metrics and reporting necessary to comply with regulations and database breach laws and to demonstrate to CEOs/Boards, auditors and customers that sensitive information is continually protected.
Business Continuity and Disaster Recovery P... (936KB)
Manage Operational Risk Like a Bank!
IT Assessment Cost vs. Value – A Market Response Analysis
