Our Services

Security and Compliance
Services
Learn about the services we offer

We offer security and compliance services for business, non-profit, and local and county governments. Specifically, we help companies and organizations with limited staff or no experience setting up a security and compliance programs, auditing security and compliance, and managing the implementation of security and compliance projects.

  • People at lunch from above
    Cyber Security Assessments

    We assess your architecture, data flows, and the security controls and identify gaps against best practices. Assessments are developed in context of business needs, business resources, and data/information security requirements. We provide customized controls reviews such as Defense Federal Acquisition Regulations (DFARS) 252-204-7012, National Institute of Standards (NIST) Special Publication (SP) 800-171 or NIST (SP) 800-53r4, or the Center for Internet Security (CIS) 20 controls.

  • Risk Analysis and Mitigation
    Risk Analysis and Mitigation

    We identify assets, threats and vulnerabilities and determine impact and likelihood of security risks. The risk assessment can be scoped to a particular system or can be broader such as a regulatory framework. A risk register is created, prioritized, and mitigated.

  • Incident Response
    Incident Response

    We support incident response plan development and incident response. In the planning phase we work with you to create a customized incident response process for your company based on our experience. When responding to incident we conduct detection and analysis. We perform threat hunting activities by utilizing security tools that monitor network traffic. We also review logs to pinpoint where the incident started and what it is doing. We then move to contain, eradicate, and recover. This includes working with you to take action such as wiping everything and start fresh or continue to monitor for a period to make sure it has been eradicated. This also includes supporting your legal and communications teams in notifying impacted customers or regulatory agencies. After recovery we support post-incident activities. Here we continue to review the process with you, discuss what happened and what should be done to prevent an incident like this happening again.

  • The architecture and interior design of Shanghai Baoye Center are both designed by LYCS Architecture. The interior design shares its architectural clue, which penetrates both its content and context, interweaves with its spatial logic. The inherent beauty of architecture is deliberately planted in its interior space as one of the most significant interior elements.
    Penetration Testing

    Our services include testing your web site for exploitable breaches that would allow a hacker to steal client credentials, confirming network servers and computers are patched and protected or making sure your staff is trained in the latest phishing and social engineering ploys. Having a penetration test will give you peace of mind knowing you went the extra mile for your security. We are constantly updating our knowledge of the new techniques hackers are using in the real world along with using penetration testing frameworks such as OWASP and NIST 800-115 to make sure we leave no stone unturned. Our tests include intelligence gathering of your company, vulnerability analysis, exploitation and post exploitation. We won’t supply you with an automated scan of vulnerabilities and say this is what you need to fix, we uncover and act on the vulnerabilities and exploit them along with other manual means that could be missed with an automatic scan. Not sure how to fix the vulnerabilities or exploits we find? No worries, we will give full recommendations on how to mitigate these issues and offer another test to make sure our recommendations have been implemented and are working.

  • If you use this photo, I would be very appreciative if you would please credit in the caption or meta to "www.useproof.com".
    Compliance Support (e.g. DFARS 252.204-7012)

    We work with companies to aid compliance with any one of a number of frameworks. For example, over the last several years the Aerospace & Defense (A&D) industry has a requirement to comply with Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012 and NIST SP 800-171 requirement, and more recently the Cyber Maturity Model Certification (CMMC).  Other companies have to comply with The Health Insurance Portability and Accountability Act (HIPAA) regulations or the General Data Protection Regulations (GDPR), the Federal Financial Institutions Examination Council (FFIEC) guidelines, or State data breach laws.

  • If you use this photo, I would be very appreciative if you would please credit in the caption or meta to "www.useproof.com".
    Security Policy Development

    We have designed policies for medium and small business. We assess your current policies to determine what you already have and the gaps against our policies. Our policies are customized to meet the requirements of DFARS 252.204-7012 & NIST 800-171, HIPAA, and GDPR. Each policy also has built in best practice controls from the CIS 20 control families. Policies include easy to understand procedures. Each policy also includes individual action plans. The policies deliver to you and refined through our change process also include a 1 Year Calendar and cross-policy Gantt chart with activity timing and roles & responsibilities. Our policies are refreshed on an ongoing basis. We also offer customized policies for staff/end-users.

  • If you feel the desire to write a book, what would it be about?
    Rapid Response Services

    Our customers have customers. Our customer's customers have security and compliance requirements that are delivered with short turnarounds typically ranging from several days to several weeks.  These audits demand attention. We support you by understanding the requirements, including what may have changed in the last year. We review the changes with you and then develop a strategic response. If any of the audit questions indicate that a modification to security strategy or controls is required we will start working with you to identify what needs to change in your security environment. 

  • The Centre Pompidou calendar
    Vendor Security Flow Down Requirements

    We identify your security requirements and the requirements you have for flowing these requirements down to your vendors. Do your vendors pay the same attention as you do to security? The flow down requirements are integrated into your Master Services Agreement requiring your vendors to understand your security expectations. Typical inclusions are having security policies, a System Security Plan (SSP), conducting penetration tests of their environment, having a designated individual to coordinate on security matters, and being able to respond to security audits or incidents. 

  • Scrum Board
    Special Projects

    We also provide other critical security services. We develop Business Continuity and Disaster Recovery Plans, Access Control Strategies, Data Classifications, Data Flow Models, and Insurance Audits.

Included
What you get with each It's Just Results Project*

*The deliverables are unique in the industry and customized for It's Just Results clients

  • Spiral Bound Booklet.svg
    Change Process Model Applied
  • Group Task.svg
    Stakeholder Engagement
  • Read.svg
    Executive Playbook
  • Closed Topic .svg
    Detailed Security or Compliance Report
  • Checked User Male.svg
    Post Project Follow up

Our Approach
How We Work

Our work is highly collaborative and we take great pride in fitting in with our client environment and culture. Each project and environment is different, but because we have worked in so many environments we understand what works and what does not work. As a result, we have developed standards for how we approach projects. This systematization keeps your costs down and results in a higher quality deliverable.

We have also productized our security and compliance focused policies for a number of industries. We then vary the amount of support our clients needs for supporting policy development and deployment.  Our policies are structured to work in a number of environments, such as Defense and Aerospace (DFARS), Federal Civilian (NIST 800-171), and Health (HIPAA). In addition, we have integrated Center for Internet Security (CIS 20) Control requirements into the policies we tailor for you.

We take on a variety of roles. It depends on your needs. What does not change is our commitment to providing you with results, creating a friendly and collaborative experience, and aspiring to continue as your trusted advisers.

Let's talk

We would love to hear from you!