Building a bridge from the security oversight committee to the C-suite
The ability to protect a company’s most valuable assets goes beyond the tools and technology to the professionals that bridge the gap between information security and business — and do so without technical jargon.
At Lodestone, cyber-security is our only business. We understand that our clients know their businesses yet are looking for a strategic guide to educate them on cyber-defense, help them protect their assets, and assist in the event of a breach.
Our experts address the business and technical needs of senior management, board members and day-to-day business managers by providing security strategy development, advisory services, and education.
Working side-by-side with internal partners, we’ll assess their current security postures and develop the strategy and roadmap to address their most crucial issues, every step of the way.
Engaging senior leaders in a shared understanding
It is important that an organization’s senior executives and members of the board understand and support the efforts needed to secure its information assets. Working with our clients, we evaluate the organization’s cyber-security capabilities and develop a program to address the most pressing concerns. Our experienced professionals guide senior management to address specific strategic or tactical security issues while enhancing their understanding of the overall security landscape and regulatory requirements specific to their business and major technology needs.
Security strategy and roadmap tailored to clients’ unique needs
Unlike large corporations and government agencies that typically have formal information security teams working to prevent and manage cyber incidents, small and medium-sized businesses rarely have the resources to systematically address their security needs. Recognizing this, Lodestone focuses on the SMB market, bringing together its knowledge of the distinct threat landscape and its understanding of our clients’ general business
and regulatory needs.
OUR STRATEGIC APPROACH:
Current security position
- Identify sensitive information assets, likely threats and regulatory requirements
- Examine existing security organization structure and capabilities
- Assess quality of policies, standards and procedures
- Evaluate existing technical infrastructure/architecture
- Review recent vulnerability assessment and assess technical capabilities and consistency of policy/standards/procedure execution
- Analyze incident response activity of issues identified, detection capabilities and reporting quality
- Survey any cyber-security program metrics
Enhanced posture and create strategy and roadmap
Identify ideal security posture in three key areas and develop strategic recommendations
People: articulate the ideal organizational structure and the required skills and abilities of responsible parties
Process: detail regulatory requirements, define standards, policies, procedures and controls including GRC
Technology: define appropriate architecture, tools, and applications including CIA
Identify priorities and engage key resources in line with strategy and roadmap
We spend time addressing the business and technical needs of senior management, board members and day-to-day business managers by providing Risk Assessments and Compliance Readiness Assessments, Security Program Development, virtual CISO services and executive education.
Cybersecurity was once a relatively minor concern for individuals, governments and commercial businesses of all sizes. While theft, fraud, or harassment occasionally impacted someone else or a company in the news, it rarely hit close to home. Over the years, cyber-security issues have become so common that few individuals or entities remain untouched by them in some way.
As attackers have expanded their targets to include smaller businesses and individuals, new ransomware attacks, fraudulent wire transfers, and PII theft have exposed individuals and SMB organizations to very real and significant risks.
Lodestone conducts Risk Assessments using any number of applicable frameworks (NIST Cybersecurity Framework, CIS/SANS Critical Security Controls, FFIEC/FINRA/SEC OCIE, GDPR, HIPAA, ISO 27001/27002, PCI/DSS) to help organizations determine what key assets and sensitive data are exposed and develop an approach to mitigate key vulnerabilities and threats. This strategic partnership enables clients to ensure they have the right Risk Management and Governance programs to Identify, Detect, Protect, Respond, and Recover from cybersecurity related threats.
Compliance Readiness Assessments
If malicious attackers were not enough to worry about, new state and federal privacy and cybersecurity regulations have made regulatory compliance more complicated and critical than ever before. Whether it’s DFARS or FFIEC/FINRA/SEC OCIE, GDPR, HIPAA/HITECH, ISO 27001/27002, NIST 800-30 or PCI/DSS, Lodestone Security helps our clients conduct compliance readiness assessments to ensure they are not only secure, but able to show regulators and/or third-party partners that they’ve done their due diligence in not only meeting, but exceeding industry best practices.
Security Program Development
We conduct an assessment focusing on the strengths and weaknesses of an existing program bounded by your organization’s overall security objectives regardless of the maturity that program has reached. We do this by evaluating existing governance, organization skills, processes, and security technology in place. We also recommend improvements in any areas where weaknesses are identified or where the program falls short of the organization’s objectives. These recommendations will help determine the right priorities and investments needed to reach the desired maturity levels and highlight initiatives for senior management to review, understand, and take action on.
Lodestone provides strategic security counsel when clients need it most. Often when an organization experiences a security breach or has limited internal capabilities, clients need advice and answers. An experienced guide can help them navigate through the information security maze.
Our seasoned professionals have the expertise of larger firms with the nimbleness of a boutique. For our clients it’s like having an outsourced chief information security officer. The support can range from a simple discussion of an issue to onsite management of infrastructure installation and configuration and can take the form of regular standing meetings or ad hoc support delivered on a best-efforts basis at the time of the call. In all cases, Lodestone typically provides expertise that would be difficult for clients to maintain in-house.
Security Awareness Training and Education
Lodestone believes education is an essential element of strong security. Even the best technology and processes cannot provide value if they are not designed, implemented and supported appropriately. People continue to be the key link to establishing secure environments. However, people only acquire the knowledge to recognize and react appropriately to potentially malicious situations if they receive the necessary education and experience. Consequently, Lodestone views education to be a key service offering – on a par with its risk assessments, technical vulnerability assessments and advisory services.
Sessions generally run one to four hours and can be delivered on on-site or remotely via webinars. Customized sessions and content can also be delivered.