Cybersecurity Services

Cybersecurity Plans

• Cybersecurity strategic planning
• Information system cybersecurity planning
• Business resiliency planning

Cybersecurity Policies & Procedures

• Develop/update cybersecurity policies and procedures

Security Agreements

• Interconnection Security Agreement (ISA)
• Business Associates Agreement

Metrics & Measures

• Verify that your security controls are in compliance with a policy, process, or procedure
• Identify your security strengths and weaknesses
• Identify security trends, both within and outside the organization’s control

Complete Authorization to Operate (ATO) Process

• Review cybersecurity system documentation, i.e. Security Plan, Risk Assessment, and Disaster Recovery Plan
• Ensure that all appropriate security controls are in place and documentation is complete
• Letter of authorization

Cybersecurity Architecture & Design

Cerium can recommend and design information systems that include cybersecurity components. For systems that are not security-specific, our cybersecurity team will validate the design.

Get a clear, risk-based roadmap to improve your cybersecurity posture

Cerium’s risk assessment and audit services highlight the risk management process by evaluating the cybersecurity program and systems for an organization and identifying vulnerabilities or gaps in security that may be used for malicious intent. A security assessment from Cerium establishes a baseline of your information security controls and provides your organization with a clear, risk-based roadmap to improve your cybersecurity posture.

• Compliance Risk Assessments – HIPAA, GLBA, FISMA, NIST, FTI, CJIS, PCI, SOX
• External Vulnerability Assessment
• Internal Vulnerability Assessment
• Penetration Testing
• Social Engineering Testing
• Enterprise Risk Assessment
• Third Party Compliance Reviews
• Regulatory & Compliance Audits

Core Cybersecurity Products

• Firewalls – network, next-generation, virtualized and web application based
• Email security – anti-virus/malware, spam protection, data loss prevention, advanced threat protection, secured external email
• Web filtering – content filtering and malware protection
• Network Access Control (NAC) – device authentication, device verification, guest access, and profiling
• Virtual Private Network (VPN) and other secured remote access
• Intrusion Detection System/Intrusion Prevention System (IDS/IPS) – network monitoring and proactive threat defense

Mitigation of policy requirements and vulnerabilities discovered

• Implementation of policy requirements
• Risk mitigation of recommendations

• Intrusion Detection System/Intrusion Prevention System (IDS/IPS) – network monitoring and proactive threat defense
• Secured wireless environment – isolated from “guest” wireless environment
• Security Incident and Event Management (SIEM) – real-time analysis of security alerts
• Endpoint protection – anti-virus, next-generation
• Identity management – management of individual authentication, authorization, and privileges
• Backup solutions – ability to restore systems in the event of a disaster or system loss

System Security Configuration

Cerium can review an individual system and assist your organization with implementation of security items within the configuration that are best practices and provide additional security for an information system. This could include an annual review of firewalls, email systems, log systems, etc. to ensure that changes have not taken place that were implemented to secure the system.

Partners

Let Cerium’s Managed Cybersecurity Services take on the burden

Managed services relieve organizations from the burden of supporting, updating, patching, and responding to problems and incidents. Let Cerium’s Managed Cybersecurity Services take on this burden for you.

• Ongoing managed services
• Continuous support – support center
• Network security monitoring and incident response
• Facilitation of incident response, disaster recovery, and business resiliency (continuity) testing
• Governance, Risk, and Compliance (GRC) Monitoring (continuous monitoring).

Virtual Cybersecurity Staff

Staff augmentation and ongoing cybersecurity staff support for organizations that may be having difficulty finding someone or that may only need someone with cybersecurity skills on a part-time basis.

• Staff augmentation – virtual CISO or other cybersecurity support
• Ongoing cybersecurity staff support
• Incident response advisory services