The BEST way to take the first step is to meet over lunch
If you are a business owner that is interested in finding out what cybersecurity may mean to your company, we have a very easy way to get started. We now offer Cyber Security Consulting Lunches. These lunches were designed to give a high-level view of cybersecurity for business owners. In essence, these are 1-hour consulting sessions with an experienced and certified Chief Information Security Officer (CISO).
CONSIDERING TAKING THE FIRST STEP IN MAKING YOUR COMPANY MORE SECURE?
MAKE SURE YOU HAVE TWO THINGS BEFORE YOU GET STARTED:
- Do you have the support at the executive level? Putting in good security will likely change how your company does business and there will likely be pushback. Without strong executive support, your security will take a backseat to keeping things the way they are. We’ve seen many a security project get pushed into a corner without the executive support it needed.
- Are you committed to making security a top priority company-wide? Many companies start of thinking that cyber-security is simply about putting a few tools in place and adding a new firewall. While tools and hardware may be needed and help, that is only part of what needs to be done. Security is a company wide effort. It includes policies and procedures, training and auditing, it is an HR and Operations priority as much as it is an IT priority.
IF YOU ARE READY TO START, AND NEED HELP, YOU HAVE TWO CHOICES:
Option 1: Do it Yourself and Meet Requirements In-House
Are you ready to commit your staff time to the goal? Don’t think your staff can do this in their free time! The project will take time. When considering if you are staffed well enough, consider if you can DEDICATE staff hours to the project.
If you are ready to do things in house and have chosen a framework to use, start with these guides to help you implement them.
CIS20 – CISecurity Controls List
NIST 800-171 – “Self Assessment Handbook – NIST Handbook 162”
CMMC (DoD Certification) – Find more information HERE
ISO 270001 or HiTrust – Obtaining these certifications can be a daunting tasks and it can be a challenge. Requirements and criteria are If you are considering doing this in-house, it is advisable to engage consultants for advice specific to your organization.
Option 2: Work with a Security Consultant
For many companies, the most effective way to tackle cybersecurity requirements is to outsource the task to a consulting partner that has the appropriate expertise and can work with you to become compliant. Tracc Development, Inc. offers management level services to help your IT staff implement strong security frameworks.