fbpx
Skip to content
Home » About us » Service Philosophy

Service Philosophy

services NIS2 or DORA

Ideology

Cybersecurity is the practice of enabling businesses to produce and sell their particular products and services in the most secure way possible. Therefore, their role is to find the most secure way to do what the business needs to do and educate the business. Deciding what is and isn’t risky is not their role; therefore, they should never tell the business no. However, it is the role of the business senior management to set the risk appetite and tolerance and decide what risks they are willing to accept. Therefore, it is with this philosophy that we provide our services.

An analogy

Customer: I need to jump off a bridge that has a 300-meter fall
Security: Are we talking about bungee jumping?
Customer: No, I need to reach the ground.
Security: BASE jumping is probably your best bet; I recommend getting training first.

Values and believes

Our values are trustworthiness, professionalism, and security. We believe in focusing on your policies and procedures to maximize your effort and return on investment. Then, only invest in tools that can assist with those policies and procedures. In other words, each tool you have should have an obvious tie to a specific policy or procedure. This is what all our services are about. Here are some more details on our services. These aren’t distinct packages; they are more the type of things we do; we will mix and match these to suit your needs. Please contact us with questions or to book some time with us.

Designing a Vulnerability Management Program

A vulnerability management program is one of the cornerstones of a great cybersecurity program. Therefore, one of our services is to help you design a program custom-made for your business, mold tool requirements that help you with that program, and get those tools set up and maximize their usage. Similar to our philosophy above, a good vulnerability Management Program consists mostly of policies and procedures, with tools playing a support role only. Once your policies and procedures have been nailed down, we will work with you to compile tool selection requirements. Once the requirements are clear, we will help you work with vendors to select the right tool for your environment.

Establishing proper policies and procedures

Some think that all they have to do to be secure is to buy the right tool because a sales guy told them that it would make them safe, then buy another tool because that sales guy said it was better. Then they stand there with many tools and no idea how to use any of them. We believe buying a tool and looking for a problem to solve with it is very unproductive. Our advice is to start by creating sound policies and procedures and, from that, create requirements for tools to help you with your new policies and procedures. This way, you start by identifying a problem or a need and then find a tool to fulfill the need. With this approach, you won’t have all sorts of tools you don’t use. Therefore, this is the approach we always use. This service offering is similar to the one above, just a little more comprehensive.

Internal audits Services

If you are working towards a certification or simply maintaining one, you need to have an independent party review your setup and confirm that you are ready for the final review. Without that, you have very little chance of passing your certification audit. This is one of the core services we provide

End User Awareness Training

One thing you absolutely need to pay attention to is training your staff to be security conscious. This is one of the cornerstones of any decent security program, which is why many security frameworks and compliance requirements require this. There are two approaches to this:

  • You can purchase a subscription to a video training service, which will check all the required boxes.
  • Or you can bring an expert in for true in-person training.

There are pros and cons to each. The video training service makes getting everyone to complete and show compliance easier. It is often bite-sized and easier to fit into busy schedules. The problem is that there is a much greater chance that folks won’t get the material or, worse, will sleep through it.

On the other hand, in-person training, like the one we offer, is more engaging and more comprehensive and ensures everyone is learning the material. The problem is that scheduling can be challenging.

While we typically recommend in-person training for that personal touch, we realize it isn’t practical for everyone. Therefore, we can also put you in touch with some great video training solutions.

NIS2 or DORA Implementation or planning services

We can work with you to ensure you meet NIS2 or DORA government regulations. With the expansion in scope in NIS2, there is a long list of companies that are required to be compliant that weren’t before. Does your company fall under the expanded scope? You may not have the expertise in-house to understand, plan, and implement programs to become NIS2 or DORA compliant, so let us help you. We can provide as much or as little help here as you desire.

Virtual CISO

This service is a long-term engagement that we customize to your needs. This most often involves some mixture of the following:

  • Being available for consultation regarding issues that pop up in the course of your day
  • Make sure your policies and procedures are living documents that evolve with your business
  • Help prioritize security issues where importance and priority aren’t clear.