“. . . Through the process of risk management, leaders must consider risk to U.S. interests from adversaries using cyberspace to their advantage and from our own efforts to employ the global nature of cyberspace to achieve objectives in military, intelligence, and business operations . . . .”
“. . . For operational plans development, the combination of threats, vulnerabilities, and impacts must be evaluated in order to identify important trends and decide where effort should be applied to eliminate or reduce threat capabilities; eliminate or reduce vulnerabilities; and assess, coordinate, and deconflict all cyberspace operations . . . .”
“. . . Leaders at all levels are accountable for ensuring readiness and security to the same degree as in any other domain . . . .”
—THE NATIONAL STRATEGY FOR CYBERSPACE OPERATIONS OFFICE OF THE CHAIRMAN, JOINT CHIEFS OF STAFF, U.S. DEPARTMENT OF DEFENSE
Information Systems Risk Assessment is a foundational component of Information Security.
This consists of these 3 components:
Most cybersecurity regulations require that Risk Assessments be performed on a regular basis or when significant changes are made to your infrastructure. Understanding your organizations risk exposure is the first step to developing an effective information security program.
Link High offers comprehensive Risk Assessment services conducted by Certified Information Systems Security Professionals using best-in-breed tools to analyze all facets of your organization’s technology environment.
From there, Link High provides clients with a wide range of reports to help determine logical next steps for managing risk moving forward.
Information Systems Threat Mitigation comes in many shapes and sizes. Link High focuses on cyber-threat mitigation but it’s easy to draw comparisons to how threats have been mitigated for thousands of years—defense in depth.
In the middle-ages, the most fortified castles had both natural and man-made barriers protecting them from intruders. These barriers acted as a security control but were also designed to deter most people from even trying to infiltrate the castle.
If an intruder was extremely motivated and made it past these deterrents, he or she would most definitely be met with archers, a fortified gate, and high castle walls.
If an amazingly skilled intruder made it past the perimeter defenses, they would then need to contend with the King’s guards and many locked doors / gates within the castle.
This is “defense in depth” and is still the best way to prevent intruders from entering your virtual castle, aka your network.
Link High can help your organization implement a defense in depth information security strategy as a turn-key solution or a la carte products and services including:
With more and more regulations coming from sources at the federal, state, and industry levels, SMBs can find it difficult to keep track of them all, much less keep in compliance.
While financial institutions and publicly traded companies have grown accustomed to ever-changing regulatory requirements, many small and mid-sized companies are suddenly finding themselves in the same boat but without the experience and resources to effectively achieve compliance.
Thankfully, Link High has the resources and expertise to help your organization navigate regulatory requirements such as HIPAA, GLBA, 23 NYCRR 500, and DFARS (NIST 800-171) allowing your team to focus on managing your business.
Links to regulations: