Skip to content

Cyber Risk Practice

We provide consultants to work with you in determining your cyber risks. We can assist in the following: mitigation and management of your exposure, provide audit & compliance, Identity & Access Management (IAM), vendor information security, and incident response services to meet insurance requirements.

Fractional CISO (f-CISO)

Information security is increasing in importance, but not all organizations can afford to hire a Chief Information Security Officer (CISO). Whether referred to as a Virtual CISO (vCISO), CISO-as-a-Service, or fractional CISO (f-CISO); we have a team of experienced security experts that can provide your company with the expertise to fill this gap. Our f-CISO service will help your company plan, define and execute an appropriate security strategy. 

  • Guide you through annual security planning
  • Defining security strategy and goals
  • Determining the level of acceptable risk 
  • Defining and implementing security and compliance governance 
  • Coordinating compliance activities and communicating with regulatory groups 
  • Help define security budgets and most appropriate security solutions
  • Help define Security policies & processes
  • Review current internal security controls
  • Be a readily available expert security resource saving you time and money
  • Attend monthly or quarterly executive meetings and board meetings 
  • Provide other advisory input as required 

IT Audit & Compliance

Your reputation depends on your ability to protect both company and consumer data. Privacy rules, along with compliance regulations, can be tedious, confusing and frustrating. We provide IT Audit and Compliance-as-a-Service for our clients. We identify gaps to implement the necessary controls to mitigate risks and remain in a constant state of compliance. 

  • Interview IT management and appropriate staff as well as third-party vendors
  • Conduct network search for sensitive or critical data and systems
  • Conduct network vulnerability scans and reviews
  • Assess your potential liability through data breach liability reporting
  • Review findings with security staff and management
  • Issue report identifying threats, risks, gaps, recommendations, strategies, policies, or procedures
  • Identity & Access Management (IAM)
  • Compliance-as-a-Service

Incident Planning & Response

Planning before an incident is critical to minimizing the impact on so that in the aftermath of a cyberattack, you have an organized approach to addressing and managing the response. We instill confidence in our clients as we assist you before and during a data breach. Our goal is to strategically handle the situation in a manner that limits damage and reduces recovery time and costs.

  • Develop or review the incident plan
  • Confirm insurance requirements and coverages
  • Pre-approve response team vendors or assist during an emergency to select the appropriate on-site Incident Response team
  • Conduct periodic attack simulations (table-top exercises)
  • Act as a liaison between you and the Incident Response Team

Vendor Cyber Risk Management (VCRM) 

Due to the lack of resources in smaller businesses, data security often takes a back seat to “higher priority” items.  As such, hackers will often target smaller vendors to gain access to their larger partners.  Leveraging our IT Audit & Compliance service, we can assess the cyber risks of each of your partners/vendors to identify gaps in their security posture. 

  • VCRM Program Evaluation (outside assessment)
    • Strategic Vision
    • Tactical Execution
    • Controls Framework Analysis
    • Continuous Monitoring Life Cycle
    • Remediation Strategy
    • 4th Party exposure
    • VCRM Contract Review (specific to security language/addendum)
    • Metrics and Reporting
    • Inherent Risk Modeling
  • Onsite Assessment Representative
    • Onsite assessments generally yield greater transparency
    • Increased likely hood that the supplier will share tangible evidence beyond attestation
    • Generally, concludes in an expedited fashion as our consultants have executed hundreds of very complex 3rd party assessments
  • Staff Augmentation
    • Incorporate our risk-based approach to streamline and assess your low to medium risk vendors
    • Perform VCRM periodic program health checks (monthly or quarterly)
    • Outsource remediation/issue management to RiskVersity
    • Engage RiskVersity to liaise between your business and your outside auditor

Open Data Risk Management

We provide consultants to work with you to organize and operationalize an Open Data program. Data is a commodity. When municipalities implement open data programs, it increases transparency, stimulates economic growth, improves government services, and responsiveness.

  • Readiness Assessment
    • Improves availability and accessibility of data
    • Reduces the number of requests for data by utilizing published datasets
    • Improves service inefficiencies through internal data analysis
    • Improves public relations and attitudes with municipal operations
    • Establishes data processing standards
  • Data Risk Management
    • Prevents data inaccuracies
    • Establishes protocols for metadata to prevent the misinterpretation of data
    • Identifies data that requires privacy protection
    • Establishes protocols for decoupling data from data systems before publication

For more information, contact Mitch Harris at mharris@riskversity.com

Corporate Office
151 W. Fourth Street #27
Cincinnati, Ohio 45202
513-644-1085

© 2024 RiskVersity. All rights reserved.

linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram