Cyber-Security at Logan Consulting
As the world evolves, cyber-security is a growing threat. Technology thought leaders describe cyber-security events as an inevitable disruption to most businesses. To succeed in this new cyber world, your organization needs to be properly prepared to prevent events with a well-tested response plan.
At Logan Consulting, our approach to cyber-security is unbiased. We work to provide the best solution for your business, and our team has deep expertise in cyber-security services.
Governance, Risk, and Compliance
Ensure your executives and security organization follows a defined and effective governance structure
Business risks are understood, prioritized, evaluated, planned and frequently reported back through the GRC. Optimized Risk management processes for effectivity.
Facilitate policies, procedures, work instructions and performance measurements for feedback to GRC Audit. An effective framework also assures excellent Finance Controls for publicly traded companies!
Provides prioritization for security initiatives, supports compliance efforts for most protected data types, minimizes breach recovery expenses related to regulatory reporting, and with the right tools, supports eDiscovery
General Security Assessment
Full NIST/ISO Assessment
Annual Security Attestation
ISO27001 Framework Implementation
GDPR Compliance Evaluation
HIPPA Compliance Evaluation
Identify – sensitive data assets and key business processes that put data at risk including vendor services.
Inventory – existing security capabilities, security team, and investment results.
Examine – existing policies, standards, procedures, and testing methods.
Evaluate – currents threats facing the business and technology infrastructure.
Analyze – current detection solutions, testing and response plans, and gaps.
Conduct – a commercial vulnerability assessment of network, applications, and IoT/eCommerce solutions.
Review – cyber security governance framework and metrics.
Report – cyber security findings along with vertical industry standards and requirements.
Define phase-based improvement plan associated with an improved Strategic Program.
People – articulate the required organization design and talent requirements or outsourcing alternatives.
Processes – create detailed security requirements including prevention and response policies and procedures. Establish recovery points and timelines (RPO & RTO).
Technology – document required architecture, tools, and associated investments to minimize risks and defeat threats.
Governance – establish an oversight committee, controls, and measurements.
Program Management – ensure business continuity/cyber-security through a defined governance structure.
People – establish a security awareness and training program for continuous improvement and to protect against the latest threats.
Process – mature processes for asset management, access controls, identity management, incident response, third-party access, data protections, and software development lifecycles (SDLC).
Risk Management – optimize business processes so risks are minimized, understood, reported, reviewed, and properly resolved.
Data – implement vendor management program, secure file sharing, protected data inventory procedures, leakage detection, role based BI security, and proper data encryption.
Technology – assure network security capabilities, storage & database security, encryption capabilities, and malware prevention tools meet or exceed current industry best practices.
Why is Cyber-Security Important?
50% of a surveyed 582 cybersecurity professionals do not believe their organization is prepared to repel a ransomware attack (Source: Pwnie Express).
Ransomware costs businesses more than $75 billion in 2019 (Source: Datto).
The average cost of a ransomware attack on businesses was $133,000 (Source: Sophos 2019).
75% of companies infected with ransomware were running up-to-date endpoint protection (Source: Sophos 2019).