Cyber Security Advisory Program
Bringing Cybersecurity to the Discussion

Cyber Security Advisory Program

Interhack's Cybersecurity Advisory Program helps your Information Technology team to identify and manage cybersecurity concerns without taking on the expense of dedicated staff.

Good security is like good health.  Good health is not achieved from rest, diet, or exercise alone, but rather from a regimen that incorporates all of these elements into daily life.

Security cannot be achieved through a policy, a project, or the adoption of a particular technology.  While each has a role to play, they must all be undertaken in support of your organization’s strategic objectives while simultaneously balancing risk, utility, and expense.  When security is well implemented, both the likelihood and impact of bad events will be reduced.  A robust security program will also provide for an effective defense against the scrutiny that's likely to follow from regulators, plaintiffs’ attorneys, and the general public.

Larger organizations typically appoint a Chief Information Security Officer (CISO) who directs a group of dedicated security practitioners.  Smaller organizations often distribute responsibility for security among general IT personnel who often do not have the training and experience needed to design an effective system of defenses.

Interhack’s Cybersecurity Advisory Program was created to assist organizations that do have their own IT staff (whether in-house or contracted) but which lack dedicated security expertise.  The program calls for the client to designate an internal CISO who will prioritize and make recommendations to management for security.  Interhack will work with the designee over time to advise on the establishment of a defensible security program.  The work will be carried out by the organization itself.  This model allows for maximum cost efficiency to be obtained.

Synopsis Advise on the establishment of a formal cybersecurity program based on the NIST SP 800-53 Rev. 5) standard.

  1. Begins with a survey of security capabilities currently present within your organization including policy, practice, and technology.
  2. Captures organizational priorities and develops proper focus for ongoing security activity.
  3. Moves methodically through twenty families of controls to verify accuracy of the survey and to build security capabilities to support organizational priorities.
  4. Improves defensibility of security practices by
    1. Reducing likelihood and impact of bad events,
    2. Reducing exposure in legal actions brought against your organization following a bad event, and
    3. Improving alignment between strategic goals and daily practices.
  5. Creates and maintains a documented definition of your security capability, posture, and priorities.

Term The standard program duration is twenty-four months, covering survey, priority assessment, and sixteen months of control family improvement.

Schedule The first four months are the same for a program of any term and also form the minimum program term.  The term length can be adjusted to suit the needs of the organization.

Please feel free to contact us to discuss the appropriateness of this program for your organization.  Based upon a few provided details, we’ll be able to reply with  a firm quotation of monthly cost as well as scheduling options.