With 205 Controls and 423 enhancements, it's no wonder you're stressed!
“Our company has never had any problems with cyber security, so why should we be concerned?”
The growing number of attacks on our cyber networks has become, in President Obama's words, "one of the most serious economic and national security threats our nation faces."
- Department of Homeland Security
“Business disruption and productivity losses are the most expensive consequences of non-compliance. The least expensive consequences are fines, penalties and other settlement costs.”
- True Cost of Compliance Report, Ponomon Institute
In recent events, Sony pays more than $171 million to recover from the PlayStation Network security breach where more than 77 million accounts were exposed.
The overall cost of the Epsilon data breach in April 2011 could reach $4 Billion as it recovers after millions of email addresses were compromised.
How much will your non-compliance cost you? Remember - It’s not a matter of if, but when.
Can your company afford one major security breach?
“In the commercial world, the cost of a cyber security breach is measured by both “tangibles” and “intangibles.” The tangibles can be calculated based on estimates of:
- Lost business, due to unavailability of the breached information resources
- Lost business, that can be traced directly to accounts fleeing to a “safer” environment
- Lost productivity of the non-IT staff, who have to work in a degraded mode, or not work at all, while the IT staff tries to contain and repair the breach
- Labor and material costs associated with the IT staff’s detection, containment, repair and reconstitution of the breached resources
- Labor costs of the IT staff and legal costs associated with the collection of forensic evidence and the prosecution of an attacker
- Public relations consulting costs, to prepare statements for the press, and answer customer questions
- Increases in insurance premiums...”
“Why do I need an Independent Evaluation?”
Independent Evaluations are more objective. We get to the bottom of the issues and let you know where your environment really stands.
Independent Evaluations are required for environments with a “Moderate” or “High” Security Level as defined in NIST 800-53 CA-2 (1). “The organization employs an independent assessor or assessment team to conduct an assessment of the security controls in the information system.”
“Why should I have ISL help us?”
We have a team of Information Technology (IT) professionals that are experienced and knowledgeable in all of the IT life-cycle phases. For our professionals, security has always been part of the IT process - not added on later. With our IT experience and CISSP credentials, we have the “hands-on “ experience you should be looking for in your security evaluations.
By teaming with us, we blend your knowledge of your business and your risk assessments with our cyber security knowledge and IT experience. We can help guide you in evaluating your environment to your risk levels.
Our goal is being your Cyber Security Partner. Adding our years of experience in IT and Cyber Security to your knowledge of your business to effectively evaluate your IT environment.
With ISL’s streamlined approach, we can assist you in scheduling evaluations to be more effective to minimize impact to your time. So you can make whatever changes needed quickly.
“We are a private company and are not required to comply to NIST. Why should we consider a Cyber Security Evaluation?”
Cyber threats hit everyone. Our goal at ISL is to provide support to all that can benefit from our experience. Some companies may only need a little fine tuning to secure their environments. Others are wide open to attack. We can work with you in creating a customized “checklist” that makes sense for your company so that you can focus on the level of cyber security that you need.
Even if you choose to do this alone. Take an objective look at your environment and understand your security risks.
“Our security level is neither Moderate or High, do we still need an assessment?”
Many government agencies still require systems with a security level of “Low” be evaluated against NIST. The depth of a assessment for your environment will just be limited to the controls and sub-controls associated with your security level rating.
“How long does an Independent Cyber Security Evaluation take?”
This is dependent upon the size of your organization and your IT environment. A typical evaluation usually lasts 2 weeks for the data gathering phase followed by a 2-day visit for presentation of findings. The presentations are usually scheduled a couple of weeks after the data gathering phase.
“How much do the Independent Cyber Security Evaluations cost?”
The cost is dependent upon the the time it takes to complete the evaluation and the type of evaluation being performed. Performing a full NIST compliance evaluation is one of the more expensive evaluations. However, even with a NIST evaluation, ISL strives to be more efficient than other evaluation companies through the use of our ICSE scheduling module that allow us to more effectively schedule your key people's time.