Cyber Hygiene Health Check
Not sure where to start on your cybersecurity journey? Maybe you just want to make sure you have all the basics covered when it comes to your cybersecurity posture. MPG’s Cybersecurity Hygiene Health Check is the perfect way to get the lay of the land and a road map to a better security posture for your organization.
How Well Does Your Company Keep Up Its Cybersecurity Posture?
Good cybersecurity hygiene practices are paramount in preventing costly breaches, information leakage, and ransomware attacks. Cybersecurity hygiene refers to the set of practices, procedures, and tools your business has implemented in order to secure your systems, environments, and data.
While it might seem daunting, routinely validating and maintaining your cybersecurity posture is one of the best steps your organization can take to protect your sensitive data and business-critical information systems from attack.
Regulated industries such as the government, financial services, healthcare, etc., often have specific cybersecurity frameworks and requirements they must meet. However, even non-regulated companies have must-do cybersecurity tasks to safeguard their business.
Cybersecurity Hygiene Engagement Overview
Identify critical issues before they’re used in an attack.
1
Review critical areas
MPG consultants either use your identified framework, or best pracices developed over thousands of assessments to determine and grade your organization’s cybersecurity fitness.
2
Detail high-impact findings
High-impact findings are prioritized, and we provide suggestions and details you can use to close the gaps exploited by attackers, malware, and ransomware.
3
Take action
Every engagement includes an actionable report including Hygiene grades for each critical area, detailed findings, high-priority actions required, and a remediation roadmap.
Identify gaps so they can be fixed
Right-Sized and Customized for Your Organization
- Your analysis will be based on a framework of your choice, or we’ll use our in-house developed critical areas that have been developed over thousands of real-world customer assessments.
- Our cybersecurity subject-matter experts evaluate your cybersecurity preparedness across dozens of high-impact areas.
- Regardless of framework, our engagement ensures you know what critical steps must be taken to secure your environments.
Our Framework
These focus areas are proven to improve cybersecurity posture and readiness.
Asset inventories
A continuously maintained list of software, hardware, and other endpoints that exist and have access to your IT environments and data.
Network infrastructure management, monitoring, defense
Secure configuration and active management of Network infrastructure, and routine monitoring for attack signals.
Log management
System, application, and user logs are collected and routinely analyzed for signs of an attack.
Service provider management (Third Party Risk Management)
Routinely evaluate service providers that handle sensitive data or provide business-critical capabilities.
Security awareness training
Users are informed and educated about proper IT systems and applications usage and routinely tested for phishing awareness.
Application software security
In-house software development practices follow best practices, and vulnerability management processes include in-house developed software.
Email, web browser, business application protections
Plans and tools for hardening typical business applications and user actions; users’ training and monitoring.
Data recovery/disaster recovery
Process, tooling, and routine testing of backup, failover, and business continuity capabilities.
Account management and access control
User and system accounts are well-managed, and appropriate access controls are in place to govern account access.
Malware defenses
Tools and processes that detect and prevent the spread and execution of malware code.
Data protection
A set of processes and procedures for data processing, access, and retention.
Incident response
In the event a breach is detected, effective processes, procedures, roles/responsibilities, and communication plans exist to manage the response effort and shorten the time to recovery.
Vulnerability management
Processes and tooling are in place to detect and patch software vulnerabilities.
Secure configuration
Security Baselines such as STIG or CIS are routinely applied and maintained.
Penetration testing
Routine IT environments, systems, applications, and user defense testing and control effectiveness through simulated attacks.
Or Yours...
We have significant experience across many different frameworks.
FISMA
The Federal Information Security Modernization Act, or FISMA governs how the Department of Homeland Security (DHS) administers information security policies for US Government Executive Branch agencies.
HIPAA
Health Insurance Portability and Accountability Act (HIPAA) of 1996 was created to protect all forms of health information confidentiality and data privacy. Organizations who handle, process, transfer, receive or store any patient’s health information must adhere to HIPAA compliance requirements.
NIST 800-53
NIST 800-53 was created by the National Institute of Standards and Technology (NIST) and outlines guidelines for privacy and cybersecurity for federal IT. Although it was created for federal information systems, this Risk Management Framework provides core guidance to other compliance frameworks.
Service provider management (Third Party Risk Management)
Routinely evaluate service providers that handle sensitive data or provide business-critical capabilities.
Security awareness training
Users are informed and educated about proper IT systems and applications usage and routinely tested for phishing awareness.
Application software security
In-house software development practices follow best practices, and vulnerability management processes include in-house developed software.
Email, web browser, business application protections
Plans and tools for hardening typical business applications and user actions; users’ training and monitoring.
Data recovery/disaster recovery
Process, tooling, and routine testing of backup, failover, and business continuity capabilities.
Account management and access control
User and system accounts are well-managed, and appropriate access controls are in place to govern account access.
Malware defenses
Tools and processes that detect and prevent the spread and execution of malware code.
Data protection
A set of processes and procedures for data processing, access, and retention.
Incident response
In the event a breach is detected, effective processes, procedures, roles/responsibilities, and communication plans exist to manage the response effort and shorten the time to recovery.
Vulnerability management
Processes and tooling are in place to detect and patch software vulnerabilities.
Secure configuration
Security Baselines such as STIG or CIS are routinely applied and maintained.
Penetration testing
Routine IT environments, systems, applications, and user defense testing and control effectiveness through simulated attacks.
Resources from the Pen Test Team
Learn more about our penetration tests and vulnerabilities we have uncovered.
Free Discovery Session
Have a quick question?
Email us: cybersecurity@mindpointgroup.com
Give us a call: (703) 636-2033 Option 2