GOVERNANCE & COMPLIANCE

Assessment of security controls using NIST Cybersecurity Framework (CSF)

As the variety and volume of cybercrimes grow each year, cybersecurity investigations have become both more common and critical. The investigative process consists of investigating, analyzing, and recovering critical data from the network(s) involved in the attack in order to identify the perpetrators. An investigation includes the following:

Analyzing Malware: ‘Malware Analysis’ refers to the process by which the purpose and functionality of the given malware samples are analyzed and determined. Information from a malware analysis provides insights into developing an effective detection technique for the malicious codes. Additionally, it is an essential aspect for developing efficient tools which can perform malware removal from an infected system.

GOVERNANCE and COMPLIANCE

Digital and Forensic Investigation: Digital forensics is a branch of forensic science focused on the recovery and investigation of artifacts found on digital devices. Any devices that store data (e.g., computers, laptops, smartphones, thumb drives, memory cards, external hard drives, etc.) are within the gambit of digital forensics.

Cyberstalking Investigations: Cyberstalking involves the use of electronic communication devices to threaten, harass, or otherwise stalk an individual. Prudential Associates has several tactical options and numerous resources which may be productive in these matters. Prudential Associates can assist with all stages of a cyber investigation, including:

—  Situational assessment and background check.

—  Conducting the initial investigation, beginning with information gathering. Question’s we aim to answer include:

  • Were these crimes limited to US jurisdiction?
  • What evidence is there to collect?
  • Where might the physical and digital evidence be located?
  • Does any of the evidence need to be photographed/preserved immediately?
  • How can the evidence be preserved and maintained for court proceedings?
  • Identifying possible evidence, which includes collecting digital evidence.
  • Securing devices and obtaining necessary court orders.
  • Analyzing results with a prosecutor and concluding the investigation.

Assessment of security controls using NIST Risk Management Framework (RMF)

Leveraging the NIST’s Cybersecurity Framework (CSF) that was developed in 2013, Prudential Associates can provide an assessment of an organization’s business processes, systems, and controls. The CSFis divided into three parts: the Framework core, implementation tiers, and profile. Implementing our multi-part assessment, our team of experts will review the people, processes, and technologies constituting your current IT security plan, conduct interviews with key stakeholders, and perform a detailed gap analysis against a client’s security levels and the CSF standards.

Upon completion of our assessment, Prudential will provide a detailed analysis of how a client’s data security program compares to the CSF framework. This analysis includes, but not limited to: executive summary report, detailed assessment report, a corrective action plan, and work instructions. By choosing Prudential Associates to perform this assessment, clients will have decades of experience to rely upon and a thorough understanding of next steps to keep their organization safe from cyber threats.

Development and Implementation of Disaster Recovery Plans

According to the National Archives and Records Administration, 93% of companies that reported a data center outage of 10 days or more, go out of business within a year. The need for a robust disaster recovery plan (DRP) for large enterprises to small firms is more urgent than ever. Coordinated cybersecurity breaches and attacks impact businesses of all sizes, and the less prepared a company is to respond to an event results in a heavier business impact. There are a multitude of benefits in implementing a plan, including: protecting data against the after-effects of natural disasters, reduces the impact of cyberattacks, and keeps confidential data safe.

Prudential Associates

Prudential Associates can help your company with the strategic experience to develop and implement an evergreen disaster recovery plan.This process includes the following steps:

  • Establishing clear recovery objectives
  • Identify all stakeholders
  • Help draft detailed network infrastructure outline
  • Choose a data recovery technique (e.g. hard drive, RAID, tape, optical)
  • Define explicit incident criteria checklist
  • Document entire recovery procedure
  • Regularly test DRP
  • Update plan periodically

Development of Security Policy and Procedures

The protection of an organization’s data and systems depends on creating, implementing, and adhering to a well-planned and documented set of security policies and procedures. A tenable security policy must be based on the results of a risk assessment; findings from an assessment provide policy-makers with an accurate view of the security needs specific to an organization. Regulatory and legal concerns, organizational characteristics, contractual stipulations, environmental issues, and associate input should all be incorporated into policy development.

Best practices deem it critical to involve a third party in the overall development of a policy and procedures. Prudential Associates has the capacity and experience to work with clients of all sizes to provide end-to-end support: from conducting a risk assessment to development of a cogent cybersecurity policy and procedures that are manageable to implement and effective at providing an effective front to combat various threats. Our team can also provide relevant end-user training for your associates that will educate them on the critical elements of the policies and enable compliance with all procedures.

Enterprise Security Gap Advisory

Conducting a gap analysis enables you to establish and meet cybersecurity goals and minimize risk to acceptable levels – but only if it’s performed in a way that properly balances business needs, regulatory requirements, and industry best practices.

Prudential Associates has the expertise to go with years of advising clients on a gamut of cybersecurity needs and challenges to improve their security posture. Utilizing standards like ISO 27001, we’ll develop a security architecture framework and then identify any gaps. From that point, our team of experts can create an implementation plan to address any gaps.

Incident Response Plan Development and Management

The global average of total costs of a data breach in 2020 approached $4 million. Cybercrimes were up almost 600% last year due to the mitigating factors caused by Covid-19. While it’s daunting to consider a cyber attack on your company, the realities of the hyper-connected society we operate in tell us that every company will experience an incident. Prudential Associates understands the disruptive nature of cyber attacks from our years of experience providing operational continuity to businesses locally and across the globe.

A Computer Security Incident Response Plan (CSIRP) is imperative for businesses to successfully prepare for and address the evolving cyber threat landscape. A sound plan, when carefully planned, implemented, and managed, requires buy-in and active participation from an entire organization in order to achieve stated goals put forth during the planning process. The plan documentation itself should outline the classification and prioritization of incident types and appropriate response strategies should be scoped. Failure to follow an implemented plan can result in expensive downtime and/or loss of data. Prudential Associates is expertly qualified to provide end-to-end consultation at every stage of developing your organization’s response plan.

Contact our team today to have an initial discussion about creating an incident response plan.

User Security Awareness Training

Do you know what the most common threat to your organization is? Your workforce! In the always-connected workforces prevalent today due to Covid-related work-from-home policies, attackers recognize that associates provide soft attack surfaces that make exploits successful. More companies than ever before have employees working from home, which means extra points of entry for attackers. This is why Prudential Associates is at-the-ready to work with your cybersecurity leadership team to develop and administer a robust security awareness training program for your workers.

[mdp_wpb_lottier properties_animation_speed=”1″ animation_url=”url:https%3A%2F%2Fprudentialassociates.com%2Fwp-content%2Fuploads%2F2021%2F03%2F49805-business-analysis.json”]

Our mission is to provide the guidance and knowledge that will ensure continuity and protection for your operations.

Important topics that we cover include, but not limited to: phishing, social engineering, safe internet habits, mobile computing, incident reporting, and data privacy best practices. To boost retention and confidence, our team of experts typically recommends a multi-day training program or better yet, a recurring cadence of training sessions designed to keep employees updated on the current state of threats and how to identify situations that lead to lapses in protocols. You can trust the years of experience in advising companies across multiple industries and verticals and setting up tailored security awareness training programs.