National Institute of Standards & Technology
NIST Cybersecurity Framework
NIST 800-171
Protect, Detect, Respond, Identify, Recover
We audit against NIST control sets
Provide GAP analysis with Program of Actions and Milestones (POA&M)
Policies created to meet detailed requirements
We can provide the annual Vulnerability and/or Penetration Testing as required
We audit the Privacy and Security Rule requirements against your organization
Provided GAP Analysis
Provide remediation actions document
Policies and documentation provided to meet HIPAA standards
Digital Beachhead utilizes a 6 Step Process;
1) characterizes your systems,
2) identifies threats
3) determines risk impact
4) analyze controls,
5) assigns likelihood rating and finally
6) determines your risk rating (Impact if exploited * Likelihood = Risk Rating)
Many States have enacted Cyber Security and Privacy laws and Colorado is no different. In Sept 2018 the Colorado Protections for Consumer Data Privacy Act was passed. Organizations are now legally obligated to implement reasonable security measures to protect documents (paper and electronic) that contain PII. Colorado has implemented one of the toughest data breach notification requirements in the country. There are also criminal and civil penalties for failure to comply.
Requires:
"The private sector must adapt to the continuously changing threat environment, ensure its products are built and operate securely, and partner with the Federal Government to foster a more secure cyberspace. In the end, the trust we place in our digital infrastructure should be proportional to how trustworthy and transparent that infrastructure is, and to the consequences we will incur if that trust is misplaced."
Cyber insurance is one option that can help protect your business against losses resulting from a cyber attack. If you’re thinking about cyber insurance, discuss with your insurance agent what policy would best fit your company’s needs and what actions are required on your company's behalf to demonstrate "due diligence" in the protection of your systems.
Digital Beachhead is proud to provide assessments to demonstrate an organizations "due diligence" in cyber risk management.