Sage Data Security Services Directory

Transcription

1 Sage Data Security Services Directory PROTECTING INFORMATION ASSETS ENSURING REGULATORY COMPLIANCE FIGHTING CYBERCRIME

2 Discover the Sage Difference Protecting your business from cyber attacks is a full-time endeavor that grows more demanding, specialized, and sophisticated every day. Sage has the expertise and resources to help you stay cyber strong. Here s how we re different. We can support your entire cybersecurity lifecycle. Every organization s cybersecurity needs are unique, and there is no such thing as a one-size-fits-all solution. From risk assessment to log analysis and everywhere in between, Sage partners with you to help you make informed choices about the services that are right for your organization, regardless of where you are in your cybersecurity lifecycle. We are 100% focused on cybersecurity. A comprehensive approach to cybersecurity requires thoughtfulness and adaptability. That means real people working in real time to react to ever-changing threats, with expertise and judgment gained over decades of experience. This is who we are and what we do at Sage. We are an extension of your team. Our #1 goal is to help ensure that your organization is fully trained, compliant, and prepared for evolving cybersercurity threats. Contact us today to learn how we can help you enrich your existing information security program, champion cybersecurity, and transform your organization. Sage is a valuable partner in our information security program. They deliver a final product that is far above what I ve seen out in the marketplace; their values and integrity are paramount. I m proud we do business with Sage, and look forward to many more productive years. James Gordon, IT Senior Vice President, Needham Bank P: (SAGE) F:

3 The expertise that Sage brings to our organization could not be replicated with an in-house hire. We have access to trained security professionals to assist us with the ever more complex area of information security allowing us to maintain a secure environment in a cost effective manner. Tammy Plummer, Executive Vice President / CIO, First National Bank sage@sagedatasecurity.com

4 Program Development INFORMATION SECURITY POLICY ASSESSMENT & DEVELOPMENT In our collaborative approach, we work with your team to incorporate existing documents and practices, as well as develop new policies, standards, and agreements where necessary. CYBERSECURITY PARTNERSHIP PROGRAM This annual subscription program provides you with access to a Sage advisor when you need one, plus keeps you up-to-date on the latest regulatory and legislative changes. Education & Training INSTRUCTOR-LED INFORMATION SECURITY AWARENESS & TRAINING Offering a variety of topics, we will deliver a targeted training session focused on the particular subject matter you need to either clients or employees. CYBER INCIDENT FORENSIC READINESS This hands-on training program prepares incident responders and IT personnel to quickly and cost-effectively capture and maintain evidence in a forensically sound manner. EXECUTIVE CYBERSECURITY READINESS Designed for executive management, our annual subscription helps enhance your institution s ability to prepare for and respond to cyber-attacks. P: (SAGE) F:

5 Cyber Assessment INTERNAL CONFIGURATION & VULNERABILITY ASSESSMENT (CAVA) This assessment will evaluate the strengths and weaknesses of information systems design, configuration, technical, and operational controls, as well as identify system- / device-specific vulnerabilities. The review is conducted using automated and manual open source, commercial, and proprietary tools, along with interview and observation techniques. PENETRATION TESTING During these engagements, a security evaluation is performed by safely trying to exploit system vulnerabilities. We offer a variety of penetration tests, including: External Perimeter Internal Network Web Application Wireless Network SOCIAL ENGINEERING Our social engineering vulnerability assessments seek to identify vulnerabilities that could allow an attacker to extract valuable information from an unsuspecting or uninformed employee. We offer a variety of social engineering engagements, including: Phone Pretexting / Phishing Physical / On-site USB Drive Baiting FIREWALL CONFIGURATION & RULE-SET REVIEW One of the most common vulnerabilities in a network environment is a misconfigured firewall. Our firewall review focuses on three key areas: The technical aspect of the configuration and rule set review including syntax; the business aspect of the rule set (allowed / disallowed activity); and the management of the device including authorization process. sage@sagedatasecurity.com

6 Advisory Services RISK ASSESSMENT, ANALYSIS, AND MANAGEMENT Using NIST , our risk assessments look at your organization s operational, legal, regulatory, financial and reputation-based risks, providing the foundation for a comprehensive risk management and information assurance program. Our suite of risk assessment services includes: Risk Management Framework - Design & documentation of a comprehensive risk management framework of your organization s most critical business system. Application / Functional - Identifies and documents threats, controls, and residual risk level of the associated critical information systems and supporting infrastructure. IT Infrastructure - Focuses on the design, configuration, and operational processes of your information technology infrastructure. Regulatory Compliance - Identifies any areas an organization is out of compliance with specific information security regulations, including GLBA, HIPAA, HITECH, and PCI. PROGRAM & POLICY DEVELOPMENT, ASSESSMENT, AND UPDATES Disaster Recovery Continuity of Operations Prepares your organization to react to and recover from any disruption of normal business functions, and in turn, minimizes impact on essential services. Service Provider Cybersecurity Assessment Supports the management of all your thirdparty service providers and ensures you are in compliance, utilizing the most recent guidance. Incident Response (IR) Program Development & Annual Exercise Designs and implements an IR program that is consistent with industry guidance, regulatory requirements, and accepted best practices. Regular testing of the defined plan in order to identify any gaps / weaknesses and account for unknowns. P: (SAGE) F:

7 Log Analysis & Forensics ndiscovery LOG ANALYSIS SERVICE Available only through Sage, the ndiscovery service provides you with independent log analysis from highly trained security experts. It is the only service that combines a sophisticated log review methodology with human intelligence, so unauthorized access, malware, and suspicious activities are quickly detected and can be easily acted on. Our specialists translate cryptic log data from generic code into threat intelligence and insight, so you can focus on what s important. There is no more effective, sensible way to counteract cybersecurity threats on your network than with ndiscovery. nforensics If you experience an incident or breach, Sage can support your existing incident response team with nforensics, our scalable and cost-effective digital forensic service. Our approach ensures that the entire process has precision, accuracy, integrity, and is defensible. These services include on-site or remote collection of electronically stored information, expert analysis of collected data including deleted data, and documented chain of custody for each step of forensic examination. Our Services are People-Driven. We re not here to sell you hardware or software, and we don t represent any vendor. We are human experts you can talk to on the phone, over , or in person about your questions and concerns. We aren t satisfied until we ve made sure that you are completely comfortable and confident in the cybersecurity plan of action we ve developed together for your organization. sage@sagedatasecurity.com

8 It s All About Partnerships. At Sage Data Security, we believe that cybersecurity is more than a business. It s a commitment to honor those who have entrusted you with their information assets. It is a shared responsibility and a civic duty. Since 2002, we have been helping our clients create an environment that realistically and cost-effectively protects their network while maintaining a balance of productivity and operational effectiveness. Our goal is to be an extension of your team. We do not represent any vendor, nor sell hardware or software. All Sage security consultants and analysts are professionally certified. Partner with us to ensure your organization is fully trained, compliant, and prepared for evolving cybersecurity threats. P: F: sage@sagedatasecurity.com