Protecting Your Interests 24×7
CRI’s Cyber Advisor gives you access to the executive leadership skills of a security and compliance expert who has previous practical experience as a CISO (Chief Information Security Officer), vCISO (Virtual CISO), Fractional CISO, Fractional IT Security Management, VP of IT Security, and Directors of IT Security. CRI provides top-tier security experts to organizations that require business solutions and guidance to sustain and grow your business with measurable improvements to your security posture.
CRI's Cyber Advisor Engagements Include:
- Information security leadership and guidance
- Steering committee leadership or participation
- Security compliance management
- Security policy, process, and procedure development
- Incident response planning
- Security training and awareness
- Board and executive leadership presentations
- Security assessment
- Internal/external audits
- Managing penetration testing
- Social engineering
- Vulnerability assessments
- Risk assessment
Which Cybersecurity Assessment is Right for My Business?
Audit Readiness Assessment
Audit readiness should never be an end goal in itself, but rather the natural byproduct of a robust program of internal controls and repeatable processes. Audit findings and the impact of findings can have positive and negative effects, so it can be valuable to know where your organization stands. Some audits such as annual financial statements audits require a more specialized review of controls which can lead to more accuracy than a typical cybersecurity review. Readiness assessments can be performed at any point in the cycle, such as pre-audit preparedness or baseline/pre-remediation.
Targeted Controls Assessments
Sometimes an enterprise-wide assessment isn’t needed. If there is a particular risk that needs to be examined, we can assess whether controls are present and operating effectively for targeted programs, processes, or technologies. Examples include:
- Ransomware Resilience
- Business Email Compromise
- Technology Operations (e.g., Configuration Management, Change Management, etc.)
- Procurement Fraud
Maintaining a continuous understanding of the many requirements involved with obtaining and keeping compliance with different regulations can be difficult and costly. We have extensive backgrounds in maintaining compliance programs in highly regulated environments and can help you achieve a compliance approach that works. We can also perform comprehensive compliance assessments to determine your level of compliance risk. Frameworks we currently assess for include:
- Sarbanes Oxley Act (SOX)
- Health Insurance Portability and Accountability Act (HIPAA)
- Payment Card Industry Data Security Standard (PCI DSS)
- General Data Protection Regulation (GDPR)
- North American Electric Reliability Corporation (NERC)
- Critical Infrastructure Protection (CIP)
Cyber Program Assessment
Organizations that are just starting a formal cybersecurity program or those wanting to understand the return on investment and maturity of existing programs can benefit greatly from this kind of review. In addition to ensuring the program implements key best practice processes for an all-inclusive program, we examine some of the more challenging things such as how staffing, recruiting, and retention is handled, as well as managing the budget and utilization of cyber technologies in the organization from a return on investment perspective.
Many cybersecurity service companies perform a vulnerability scan and call the engagement complete when they hand over the scanning report from their tools. Our assessment services do typically involve scans, but also more in-depth examination of configurations and probing to obtain information that automated tools just can’t get. Our reports contain plain English descriptions of issues, risks, and remediation recommendations. We do not recommend something we are not able to fully explain, or that doesn’t apply to your environment.
Why CRI Advantage?
CRI Advantage has been a leader in cybersecurity, risk management, and security professional staffing for businesses, federal agencies, as well as state and local government departments for more than 25 years.
Our Cyber Advisors have Certified Information Systems Security Professional (CISSP) and related certifications and are proficient in forensic, discovery, network analysis, IA certification, and exploit tools. When you work with CRI, you are bringing cutting-edge technology with the knowledge and experience to implement the most efficient processes to your team. Whether you are a small, medium, or large business – we can help.