Background FAST FACTS

Transcription

1 Background Terra Verde was founded in 2008 by cyber security, risk and compliance executives. The founders believed that the market needed a company that was focused on using security, risk and compliance solutions to create business value versus promoting confusing terms and acronyms and exploiting fear. Using this philosophy, the company grew into one of the largest security solution providers headquartered in the Southwest. Growth continues to be fueled by a pragmatic approach to solving client security issues. Using word of mouth and referrals to profitably grow each year, the company helps hundreds of customers in multiple industries across the U.S. to reduce security and compliance risk. Terra Verde helps customers to reduce risk and achieve regulatory compliance. Our services help customers to realize business value from security and compliance investments through a portfolio of solutions and services that include: FAST FACTS Founded in 2008 by Cyber Security, Risk, Compliance Experts & Executives Headquartered in Phoenix Arizona Cybersecurity & Risk Consulting Company One of the Largest PCI QSAs in Arizona Hundreds of Engagements Delivered Globally Each Year Millions of Dollars, Invested in Managed Security Service TruSOC TruSOC supporting customers across the U.S. Security, Risk & Compliance Services Managed Security Services Technology Training & Integration Services Ongoing Investment in Employees, Partners, Solutions & Services Portfolio

2 In today s world, the need for a sustainable security program that monitors, reports and helps address cyberattacks and breaches is universal. Making Security Sustainable Organizations of all sizes across the globe are being targeted and attacked by nation states, individual hackers, hacktivist organizations, cyber criminals, and cyberterrorists. Multiple studies report that small and mid-sized organizations are easy targets for cyberattacks as they are less likely to have the programs, policies, technologies and resources available to defend against these attacks. Many companies lack the resources or financial strength to recover from financial theft or a data breach that could result in millions of dollars in fines. With a growing shortage of security experts, an increasing number of attacks and threats, and constant changes in technology, how can organizations build a sustainable program to address risk and respond to the growing threat? Terra Verde provides a comprehensive portfolio of security, risk and compliance solutions, consulting services and experienced resources. We deliver the core elements that are required when establishing a sustainable security, risk and compliance program. - Edward Vasko, CEO, Terra Verde Our business partnership with Terra Verde has advanced the security and risk management operation of State Collection Service. Having a business partner who provides all the security operations we need is essential to the continued success and growth of SCS. It was easily the best decision I made that year." - Jim Warner, CIO State Collection Service

3 Supporting Organizations of All Sizes Terra Verde s mission is to help organizations of all size to realize business value from security, risk and compliance investments. We accomplish this mission by providing security and compliance consulting services, managed security services and best-in-class security technologies to customers across the globe. Our objective is to accelerate each customer s ability to evolve or enhance their internal cybersecurity and compliance programs and capabilities. Services & Solutions We have developed services and solutions to support small, medium sized and global enterprises.

4 Security, Risk & Compliance Services Many organizations are being required to have IT and business operations, IT systems, and products or services they are providing, to be assessed or audited by a 3rd party for security and regulatory compliance purposes. Terra Verde s portfolio of services can help customers address security and compliance requirements or deploy a comprehensive security strategy. We use a collaborative, personalized approach when discussing security, risk and compliance initiatives with customers. Once we understand a customer s unique business, financial, security goals and regulatory requirements, we can modify the service and engagement to help the customer achieve their goals. Services Portfolio Below is a list of Security, Risk and Compliance consulting services: ASSESSMENT & TESTING AUDIT & COMPLIANCE Penetration Testing (Internal & External) PCI DSS Readiness Web Application Penetration Testing PCI DSS ROC Wireless Penetration Testing PCI Toolkit Code Review HIPAA Security Rules Assessment Physical Penetration Testing ISO 27001/2 Security Assessment Advanced Persistent Threat IT Audits Internal & External Server Side Attacks FTC Audit Client Side Attacks NIST Audit & Assessment Vulnerability Scanning Compliance Gap Analysis Security Assessments Risk Assessment Compliance Program Development & Tracking Social Engineering Phishing BUSINESS & RISK Risk Program, Tech, Project Assessment SECURITY STRATEGY Strategic Planning, Metrics, Budgets Policy & Procedure Development Business Continuity Planning Analysis Disaster Recover Planning Analysis Incident Response & Digital Forensics Litigation Support Vendor Review & Assessment Subject Matter Expert Advisory Security Education & Awareness Training

5 Assessment & Testing Terra Verde takes the complexity out of selecting the optimal assessment and testing approach and service. Our consulting engagements are personalized for each customer and modified based on the type of assessment or test that is required. Our assessment and testing services can focus on a single facility, system, application, cloud environment and network, or can include nationally or globally distributed systems, applications, facilities and enterprises. We work with customers on various business, financial, security and compliance initiatives such as: New Product or Service Development, Testing Facility Development, Expansion, Consolidation ASSESSMENT & TESTING Pen Testing Web Application Pen Testing Wireless Pen Testing Code Review Physical Pen Testing Advanced Persistent Threat Regulatory or Industry Compliance (PCI, HIPAA, SOX, NIST, NERC-CIP) Pre Merger & Acquisition Due Diligence Internal and External Server Side Attacks Post Merger & Acquisition Expansion or Integration Client Side Attacks Pre VC/PE Funding Due Diligence Post VC/PE Funding Expansion or Integration Vulnerability Scanning Cybersecurity, Compliance, Risk Reviews Vendor Risk Assessment & Management Security Assessments If desired. Terra Verde can establish an effective, efficient assessment and testing program that includes assessments, testing and the remediation of vulnerabilities and risks that are found during the assessment and testing process. These programs can be fully managed or partially managed by Terra Verde and can reduce the risk and cost of operating these programs internally. Risk Assessment Social Engineering Phishing

6 AUDIT & COMPLIANCE PCI DSS Readiness PCI DSS ROC PCI Toolkit HIPAA Security Rules Assessment ISO /2 Security Assessment IT Audit FTC Audit NIST Audit & Assessment Compliance Gap Analysis Compliance Program Development & Tracking Audit & Compliance Terra Verde uses a proven compliance and information risk management methodology to assist companies with regulatory compliance ranging from PCI, HIPAA, and SOX to FTC, NIST and other federal and industry related compliance. Our approach and services are customized for each customer and compliance engagement. We begin compliance engagements with a Risk or Readiness Assessment and Gap Analysis. This step examines the customer s environment, operations, process and procedures against specific regulatory compliance frameworks that are important to the customer or their clients and partners. This helps us to establish a current state compliance baseline for the company. We have the proud designation of being a PCI Qualified Security Assessor (QSA), that can perform annual PCI DSS assessments and provide a Report on Compliance (ROC) and Attestation of Compliance (AOC). We work with customers to create and deploy personalized plans and roadmaps to achieve PCI compliance across all 12 requirements, that support each customer s short-term/long-term goals and objectives. If desired, we can work with customers to develop and deploy sustainable and efficient audit and compliance programs. These programs are typically managed under an annual agreement and include audits, gap analysis and the remediation support needed to address gaps and risks discovered during the audit and gap analysis process. Note: To prevent any conflict of interest we may work with other third party firms to provide the upfront audit or desired remediation services.

7 Security Strategy Terra Verde works with customers and executives to design and deploy a sound, pragmatic approach to cyber and physical security. After years of being hired by customers to break into systems, networks applications, websites and physical buildings, we have developed a well rounded understanding of how best to prevent such breaches and attacks. Like other Terra Verde services and solutions, Security Strategy Services are personalized to address your unique business, client, financial and compliance requirements. We take into consideration the current lifecycle stage of the company, growth and expansion goals and objectives for the next 3-5 years when developing a security program. Our consultants can also help deploy the right level of security policies, processes, technologies and controls while delivering security education, training and awareness to existing staff. We work with customers on various security strategy initiatives such as: New Product or Service Development, Testing Facility Development, Expansion, Consolidation SECURITY STRATEGY Strategic Planning Strategic Plan, Metrics, Budgets Security Policies, Procedures Education Training & Awareness Business Continuity Planning, Analysis Regulatory or Industry Compliance Programs Post Merger & Acquisition Expansion or Integration Post VC/PE Funding Expansion or Integration Disaster Recovery Planning, Analysis Business Continuity or Disaster Recovery Planning Developing a sustainable security strategy is critical to reducing brand reputation damage and data theft risk, and preventing future fines and costs associated with breach remediation and recovery services or damages and fines from victims impacted by a breach.

8 BUSINESS & RISK Risk Program, Technology & Project Assessment Vendor Review & Assessment Program Solution Architecture & Design Incident Response & Digital Forensics Litigation Support Security Training & Awareness Business & Risk Terra Verde works with early stage, hyper growth and large enterprises to identify and address cybersecurity, IT and compliance risks. Our experience working with large enterprises and operating security and IT teams allows our consultants to understand a customer s goals, objectives and requirements and assess existing IT and security applications, systems, policies, resources, vendors and projects to identify and remediate risks to the business. Terra Verde provides operations, program and project management support, supported by recommendations documents that include the optimal mix of applications, policies, procedures, prioritized projects and metrics that support a customer s goals and objectives. We also provide awareness and education training, incident response, digital forensics, and litigation support subject matter experts in critical situations. Our objective is to help customers reduce IT and security risks, while deploying a risk program that scales with the customer s business. Risk services can help customers achieve their desired IT security program future state and preserve initial IT investments. We work with customers on various business and risk initiatives such as: Hyper Growth or New Business Unit Launch Corporate Expansion, Consolidation, Acquisition Post Merger & Acquisition Expansion or Integration IT or Security Program Turn Around, Transformation Cyber Attack, Data Breach

9 TRAINING & TECHNOLOGY INTEGRATION Technology partners: Technology Integration & Training Terra Verde represents best of breed cybersecurity technology vendors and provides customized and integrated solutions and managed services. As part of our collaborative approach we work with customers to understand their business, security, risk and compliance goals and requirements. That enables us to recommend the optimal technology architecture, solution, configuration and deployment model that will help you achieve your goals. We provide technology integration services and support the deployment of these solutions through our education and training services, delivered through our learning management system. Integration & Training Services Our team of experienced, certified security, compliance and technology consultants provide the following services: Requirements gathering & analysis Architecture & design Technology evaluation, proof of concept Vendor evaluation, selection Technology resale Integration, configuration & implementation Managed services Alien Vault training Technology training, education Learning management system

10 Managed Security Services Over the last 4 years Terra Verde built upon its experience and reputation as a security, risk and compliance consulting company to create a portfolio of Managed Security Services that are now being used by companies of all sizes throughout the U.S. Terra Verde has invested millions of dollars and thousands of hours to design, develop, test and optimize its Managed Security Services solutions. In order to stay ahead of the risks and attacks occurring in the market the company has continued to innovate, adding new technologies, services and capabilities to its solution portfolio. Solutions Portfolio Below is a list of our the solutions within our Managed Security Services Portfolio: TRUSOC MANAGED PHISHING Vulnerability Assessment Phishing Program Design Asset Discovery Phishing Pilot / Assessment Threat Detection (Host & Network) Phishing Simulation Templates Behavioral Monitoring (Log, Packet, Avail) Phishing Campaign Management Security Intelligence (SEIM Cor, Feeds) Reporting & Monitoring Security Operations (Logs Reviews) Education & Awareness Training Security Operations (SLA) Compliance Tracking Security Operations (Monitoring) Security Operations (Continuous Improv) Security Operations (Directive Updates) Security Operations (Reporting, Com) Security Operations (Platform Maint) VENDOR RISK ASSESSMENT Customized Assessments & Screening Customized Workflow & Analysis Assessment Portal & Platform TRAINING & INTEGRATION Custom Training, Education, LMS Alien Vault Training, Installation Sophos, Fortinet, Imperva, Incapsula, Tenable Installation Vendor Assessment Online Vendor Assessment Onsite (if needed) Inspection, Research, Validation Dashboard, Customized Reporting

11 MANAGED SECURITY OPERATIONS The TruSOC service includes: Network Monitoring Host Monitoring TruSOC Real time security monitoring, alerts dashboard Vulnerability Assessments Threat Detection Behavioral Monitoring Security Intelligence & Reporting FAST FACT Over the last 4 months TruSOC has tracked over 15 Billion security events and responded to 200,000 security vulnerabilities for customers. Featured Service: TruSOC TruSOC is a comprehensive managed security solution designed to address tactical and operational security needs. The service can be customized to fit each customer s unique business and compliance requirements. TruSOC is integrated with each customer s existing infrastructure and is billed as a monthly subscription for convenience. TruSOC helps customers to proactively monitor and respond to cybersecurity attacks and threats. The service includes comprehensive threat and device monitoring, tracking and reporting, providing insight into the state of security within business operations and IT environments. Customers utilize TruSOC to: Increase internal corporate security capabilities Assist executive and IT operations teams in making risk management and security decisions Reduce the cost of deploying, managing and maintaining security, risk and compliance programs and resources.

12 MANAGED PHISHING Managed Phishing services includes: Program Design Phishing Templates Phishing Campaign Management Campaign Reporting Awareness Training Additional add on services available: Custom Training LMS & System Integration Remediation Services Managed Security Operations Center Services Example of a Managed Phishing Simulation Platform Dashboard Managed Phishing With 95% of all cyber incidents including some type of human error, and over 91% of breaches starting with an , organizations are beginning to address cyber threats by proactively reducing risks that are within their span of control, such as Phishing. Terra Verde provides a Managed Phishing service and utilizes Phishing platforms and processes that address all of the top Phishing exploits and techniques being used in the market today. Our managed security services team are experts at designing Phishing programs, templates, s, and managing Phishing campaigns and reporting. The service reporting helps identify risks within employee populations and can be customized to help track and report on the phishing platform and service s impact and value to the organization. Terra Verde can provide customers access to a best in class phishing platform, or we can provide managed phishing services on a customer s existing phishing platform.

13 SECURITY EDUCATION TRAINING & AWARENESS MANAGED SERVICE The SETA managed service functionality: Security Education Training Terra Verde s Security Education Training and Awareness (SETA) and a Learning Management System (LMS) is offered as a managed security solution. The service was developed by instructional designers and PhD.s and can be modified to support a customer s unique business, security, compliance and workforce requirements. The platform can also be rebranded for each organization or department delivering a more personalized learning experience. SETA Managed Program Highlights Improve workforce security awareness Reduce security and breach risks Customized content, corporate branding LMS functionality and integration Progress tracking, reporting Phishing or Social Engineering integration Minimal set up cost; per user annual costs Customers utilize Security Education Training and Awareness programs to promote security and compliance best practices and policies and to reduce business risk. Online Self Paced Learning Workforce Assessments Secured Communications Encrypted Data Bases & Files Automatic Password Recovery Easy User Import & Export LDAP Support Certificate of Completion Progress Reporting Additional add on services include: Custom Content Development

14 Vendor Risk Assessment Service Terra Verde offers a Vendor, Risk Assessment and Managed Service (VRAMS ) to organizations of all sizes that require vendors, suppliers and business partners to be assessed for security risk, vulnerabilities or regulatory compliance. Companies partner with Terra Verde to deploy a customized web based service and program that screens, assesses, benchmarks and ranks vendors in terms of security or compliance risk. VENDOR RISK ASSESSMENT & MANAGED SERVICE The VRAMS service includes: ASSESSMENT VRAMS Program Overview The VRAMS service includes: Customized assessment approach and screening questions based on your company s security policies and practices (we can also create these) Secure, dedicated, password protected web based survey and assessment platform CUSTOM APPROACH & SCREENING PROCESS WEB PORTAL & PLATFORM Inspection, research and validation of vendor anomalies, risks, vulnerabilities INSPECTION, VALIDATION OF RISKS Customizable reports, dashboards for tracking and reviewing vendor assessment, survey scores Terra Verde s consulting and support team is trained in the latest best practices for digital forensics, and vulnerability management. Our consulting team can perform deeper vulnerability and compliance assessments and penetration tests on facilities, networks, websites, applications and mobile applications, when deeper levels of analysis or testing is required (Letter of Assessment, PCI, HIPAA or other compliance). DASHBOARD & CUSTOM REPORTING DEEPER ASSESSMENT & TESTING (IF NEEDED)

15 Sustainable Value Terra Verde solutions and services leverage certified, experienced security personnel, best practice processes, and modern technologies to provide comprehensive and sustainable security, risk and compliance programs for your organization. CONTACT US Please contact us for more information about our products and services. Why Customers Chose Terra Verde Our services and solutions are often utilized by organizations and executives looking to: Terra Verde N. 19th Ave. #150 Phoenix, AZ Reduce overall security and compliance risk Reduce or eliminate capital expenditures on security technology and personnel Deploy a new, or optimize an existing Security Operations Center and Incident Response Program PH: info@tvrms.com Gain deeper visibility and understanding of cyber security vulnerabilities and risks Deploy a repeatable, scalable set of standards, practices and a program for security alert monitoring, management and remediation The Terra Verde Difference When combined, our experienced resources, solution and services portfolio forms the core elements of a sustainable and comprehensive, security, risk and compliance program. We are here for you when you need us the most. "Terra Verde has the technical acumen and business skill sets that can provide value to any organization...i highly recommend this firm to any organization as their professionals provide superior consulting that exceeds expectations every time. - Director, IT Security Architecture, Financial Services Corporation