Next Generation Risk Management (NGRM)

INFORMATION SECURITY MANAGEMENT: THE CHALLENGE

Today, risks and threats to your proprietary information and IT infrastructure come from everywhere, both inside and outside your organization. The best response to these threats is a comprehensive information security strategy.

A good strategy is much more than just technology solutions. It includes such things as:

• Comprehensive management program
• Effective information security policies and procedures
• IT Risk assessment and management
• Regulatory compliance
• Incident response
• Education and awareness

With the threat landscape changing frequently and security breaches making the news almost weekly, many organizations struggle to implement a successful information security strategy. Annual vulnerability assessments alone are not sufficient. Preventive, detective, and reactive security controls are not implemented, tested, and/or retested, and risk management efforts are not effectively tracked.

Welcome to the Presidio Cyber Security practice – your source for expert guidance in the world of information security.

THE VALUE OF PRESIDIO'S CYBER SECURITY

In information security, it’s all about risk. It is absolutely critical that all aspects of security align with your business objectives to manage risk and enable your business to achieve its full potential. The business benefits are extensive and broad, impacting your customers, your brand and your bottom line. And these benefits are delivered to you by the Presidio team.

Presidio has been providing security consulting services to clients for over a decade. Our experience spans all major verticals, including retail, education, healthcare, government, banking, and more. Presidio’s consultants are highly experienced and certified professionals with strong backgrounds in security, compliance, and fundamental technology areas and industry-recognized certifications from ISC(2), SANS GIAC, and ISACA.

Presidio’s Next Generation Risk Management (NGRM) offering provides you with a ready-made extension to your information security department, leveraging an iterative risk management program and a continuous assessment methodology. Presidio cyber security experts will partner with you to provide highly effective risk assessments, detailed reporting, ongoing reviews, process and program development, and training services. With the basis of assess-mitigate-assess, NGRM ensures that identified vulnerabilities are mitigated and business risk has been properly addressed.

Presidio NGRM includes all of the following components, but can be customized to meet your business and security needs:

ANNUAL IT RISK MANAGEMENT

• External and internal vulnerability and risk assessments
• Technical and social penetration tests
• Risk management and governance reviews to ensure the necessary programs, policies, and processes are in place for effective security
• Regulatory compliance assessments against an identified standard
• Cyber security threat reviews to keep you up to date on the threat landscape.
• Firewall, IDS/IPS, and security monitoring technology assessments.

QUARTERLY IT RISK MANAGEMENT

• Quarterly remediation status assessments to confirm that risk mitigation is progressing as expected.
• Quarterly vulnerability assessments of a sampling of assets for additional confirmation.

MONTHLY IT RISK MANAGEMENT

• Vulnerability assessments of identified critical assets

In addition, the following optional services are available and can be added to your NGRM service:

• Security Program Architecture Development – Development of a comprehensive framework by which information security programs (governance and technical, procedural, and process controls) are implemented.
• Security Awareness Program Development
• Incident Response Program Development
• Malware Assessment – Analysis of Internet traffic to determine if any internal hosts have been compromised.
• Network Assessment – Analysis of network infrastructure from an architecture, management, performance, and availability perspective.

The Presidio Cyber Security practice has the tools, experience and expertise to implement a security strategy that manages today’s risks and prepares you for new risks and threats as they emerge. Begin to implement your information security strategy with Presidio today.