Governance, Risk & Compliance (GRC)
Complying with Federal, State, industry or customer mandated regulations or standards can be a confusing, complicated process. Our compliance engagements help you to define where you stand currently and provide a roadmap to address any gaps in your compliance. Our engagements can help you implement the required pieces to comply as well, such as preparing proper plans and documentation as well as building out a process and procedures to remain compliant.
- Easy to digest gap analysis reporting.
- Compliance Scorecard.
- Budget friendly and customizable.
The NIST CSF risk and compliance analysis(atComply|CSF) is designed to provide a snapshot of your organization’s current implementation of security controls and policies as it relates to the NIST Cyber Security Framework. Each control will be enumerated, documented and scored against eight characteristics generating thousands of data points detailing your current level of compliance and implementation.
This engagement (atComply|ISO) provides a risk assessment according to ISO 27005, a roadmap assessment according to ISO 27003 and a controls compliance analysis according to ISO 27002. Deliverable includes a strong overview of your current state of Information Security Management System (ISMS) completeness.
The CIS CSC risk and compliance assessment (atComply|CIS) is designed to provide a snapshot of your organization’s current implementation of security controls and policies as it relates to the Center for Internet Security’s (CIS) Critical Security Controls (CSC) for Effective Cyber Defense version 7.1. Each control will be enumerated, documented and scored against eight characteristics generating thousands of data points detailing your current level of compliance and implementation.
A Risk and Compliance review (atComply|HIPAA) that meets the HIPAA requirements for an annual risk assessment. It provides a current state assessment of compliance with the HIPAA security rule expectations with a comprehensive internal and external vulnerability assessment and compliance roadmap to address identified gaps. Deliverable includes a HIPAA compliance scorecards and recommendation roadmap.
The CMMC risk and compliance analysis (atComply|CMMC) is designed to provide a snapshot of your organization’s current implementation of security controls and policies as it relates to the current version of CMMC. Each control will be enumerated, documented and scored against eight characteristics generating thousands of data points detailing your current level of compliance and implementation. The CMMC is new and still in draft format, but this engagement can prepare your organization with a roadmap to your gaps allowing you to be ready in 2020 with the requirements become mandidated.
atPlan offers an option to develop or update several key governance documents which many organization should have supporting their cybersecurity program. The documents may include: Information Security Policy, Business continuity Plan, Disaster Recovery Plan, Incident Response Plan and/or Crisis Communications Plan, among others. Whether compliance driven or best practice motivated we can help mature or create these most important documents.
atComply delivers a compliance gap analysis and assessment. Several standards can be selected from as a base for comparison against your environment, such as NIST Cybersecurity Framework, Center for Internet Security 20 Critical Security Controls, ISO 27001, NIST 800-171, CMMC, HIPAA and many others.
Incident Response & Mitigation
There are two approaches to incident response, pro-active and reactive. In the event of an incident, do you have a documented company course of action? An Incident Response Plan accounts for organizational structure, IT infrastructure, compliance requirements and organizational needs to develop a clear plan detailing roles, responsibilities, communication and actions in the event of an incident. If you find you have been compromised we offer organized forensic, investigative and recovery services to limit damage, reduce down time and lessen costs following an attack or breach.
- Provides effective plan for crisis communication and actions during incidents.
- Identifies indicators of compromise and causes of incident.
- Provides recommendations to prevent future incidents.
- Discovery of malicious or unauthorized software or actions.
- Remediation of intrusions.
atResponse is a pre-negotiated agreement that can be utilized in a qualifying emergency situation in which a cyber breach or incident has been suspected or has occurred and an emergency response team is required.
atInvestigate is Incident Response services for any security event that negatively affects the confidentiality, integrity and/or availability of your data or systems. atResponse can include identification of the root cause and extent of the incident, containment of the consequences, remediation of any malicious software or configuration elements, recovery of the system to a stable operating state and documentiation of the response process, its origin and lessons learned.
atForensics is an Internal Forensic Investigation engagement that examines insider misconduct, computer & network misuse and insider hacking incidents.
atRemediation…we need text.
Anchor provides a full spectrum of cybersecurity services assisting our clients with all aspects of cybersecurity risk planning, identification, management, and monitoring.
Providing ethical hacking to test an environment’s susceptibility to a breach using real-world hacking techniques against infrastucture, application or wireless.
Providing security incident response to determine the current state, investigation and shut down. It can also provide remediation to help clean up after an attack.
Cyber Program Maturity Assessment
Cybersecurity program and best practice analysis includes a score card indicating implementation level of the standard offered in the Center for Internet Security’s 20 Critical Security Controls.
Start Your Path to Protection Today
True cybersecurity is a journey. Threats and vulnerabilities are ever evolving. Define your strategy, identify your risk, and manage that risk today — before its too late.