GRCAlert Capabilities Deck - 2018

GRCAlert Capabilities Deck - 2018

• 1.
  We protect your“Crown Jewel” and reduce cyber risks/costs by leveraging Automation GRC IAM DLP Cloud CEO, CIO CSO, CCO vCISO
• 2.
  Services, Tools, Skills,Certifications 2 Focus Areas Detailed Description Services Risk Management  ERM, OpsRisk, IT risk, 3rd party risk and Cyber security risk Compliance  SOX, PCI, GDPR, HITRUST, ISO 27000, SOC1/2, FedRAMP, HIPAA,NERC, MAR, NYDFS Governance, Risk and Compliance (GRC)  Program, Process and Technology Implementation vCISO services (CISO As A Service – Substantial $aving$)  Cyber security strategy, Cyber security program development/enhancement, Monthly/Quarterly senior management reporting , yearly board reporting, Cyber security program/technology roadmap and SME support IT/Security Audit co-sourcing - IT/ERP audit, Cyber Security and 3rd party Audit * Retainer – 20 hrs./week commitment. Use cases - Program oversight, Resource until FTE on-boarded , In-flight project, Tool selection/POC/Pilot, Remediation support, Workshops, Policies, Procedures , Standards , Run book development etc. Risk/ Compliance/GRC/Cyber Security Workshops  1/2/5 day(s) duration (workshops/boot camps) * Client can carry forward retainer hrs. to next month/quarter , valid for year .
• 3.
  Services, Tools, Skills,Certifications - Cont’d 3 Focus Areas Detailed Description Tools and Specialized Skills • Archer, RSAM, Allgress, Bwise, LockPath, ServiceNow, Oracle GRC • NIST-CSF, FFIEC-CSF, ISO 27001 based cyber program assessments • ServiceNow end-to-end ITSM and GRC services • Cloud Assessment, Roadmap and Migration/Implementation Services Certifications • CISSP, CISA, ITIL, PMP, PCI-QSA, CEH, OSCP Why GRCAlert? • We bring the right team mix (domain/industry expertise) and tools to each client engagement • We help clients meet their objectives & achieve their vision by delivering a total solution, sharing accountability for each of our client’s successes • Customer save on an average 35% compare to full time employee (No vacation, no 401k, no public holidays, no sick days, no medical, no bonuses, no mobile reimbursements, no annual raises, no social security contribution, no training cost, no LTD benefits etc.) • We always offer you the value optimized pricing model !
• 4.
   Limited SecurityBudget (Total cost of acquiring and retaining seasoned CISO for small and medium businesses is up to $250k-$350K/yr. plus). Additionally, Employee turnover and the market for experienced security talent is very competitive – CISO is no exception!  Scarcity of business and technology savvy experienced CISO professionals.  On-going cyber security demands from internal/external stakeholders  Growing “IT/Cyber Compliance” requirements e.g. GDPR, SOX, PCI, GLBA, ISO27000, SOC1/2, HITRUST, FedRAMP, FISMA, NERC, Privacy etc. Why vCISO? 4
• 5.
  vCISO Services vCISO Cyber Strategy Cyber Program GRCMonitoring Reporting 1 2 34 5 • Alignedwith Business and IT Strategic objectives e.g. Protect assets (confidential data/IP), brand protection, high availability, M&A, Expansion, new product or services, regulatory mandates, cloud etc. • Management report • Board report • Dashboard • Establish Cyber Security Program • Perform Cyber Program Maturity Assessment • Establish Cyber Program Components: 1. Policies, Standards, Procedures & Guidelines 2. Security architecture and design 3. Identity and Access management 4. Application and Data security 5. Network and Host security 6. Threat and vulnerability management 7. Incident Management 8. Security operations 9. Disaster recovery 10. Security awareness and training 11. Physical security 12. Cloud security 13. 3rd Party/Vendor security management 14. Governance (oversight, funding, PMO, Resources, Metrics, Reports etc.) 15. Risk Management (IT/Cyber Risk, Vendor Risk etc.) 16. Compliance Management (GDPR, PCI,SOX,HIPAA etc.) • Policies, Standards, Procedures, Assets , Vendor repository • Risk & Compliance framework e.g. ISO 27000, NIST, PCI,SOX, HIPAA, HITRUST, SOC1/2, GDPR etc. • Risks and Controls library • Remediation tracking and issues management • Workflow and Notifications • Integration with existing tools e.g. ServiceNow CMDB • Reports and Dashboards • Program delivery • Metrics (KRI/KPI) • Budget 5
• 6.
  vCISO Business Value Cost savings and service continuity  Effective cyber security governance and oversight  Focused, timely and accurate strategic and tactical information  Independent and industry expertise  Flexible and adaptive approach  Increased mutual confidence among internal/external stakeholders CurrentApproach CISO As-A-Service Cost Escalation CISO As-A-Service • Stabilizes Cost If continue with current approach Most CISO organizations are here 6