Cyber Security Consulting
Our Cyber Security consulting and training programs give you the necessary knowledge to ensure that safeguards are consistently applied to protect your sensitive data.
CVG Strategy can review your organization’s security infrastructure and process controls against the framework specified in ISO 27001 and NIST 800-171. These reviews assess three critical categories of existing information technology controls. This results in the identification of areas most vulnerable to cyber threats.
Cyber Security Critical Categories
- Security Architecture – People, Policy, Process
- Detective Controls – Management, Monitoring, and Review
- Preventative Controls – Technology, Tools, and Techniques
Cyber security and its related terms are often used in the business world. Often however, there is confusion surrounding their exact meaning. To provide clarity definitions of some major terms are listed below.
Cyber security is the practice of employing protection of computer networks, devices, and data from unauthorized access. As such it provides data confidentiality, integrity, and availability. Cyber security also includes the utilization of policies, guidelines, security safeguards, risk management, and technical tools.
Information Security Management System
An Information Security System (ISMS) coordinates the necessary controls to implement effective cyber security. It involves risk management to identify threats and vulnerabilities and assess the impacts of a successful data breach.
It then systemizes mitigations to minimize the potential and impacts of those threats and vulnerabilities. As such, it is an activity that includes all sectors and stakeholders of an organization.
A viable ISMS must be tailored to the specific requirements and vulnerabilities of an organization. It must also be monitored and maintained to adapt to the growth of the business and the changing threat profiles that emerge.
CVG Strategy Information Security experts have decades of cybersecurity specific experience and understand how to balance your business’ needs with compliance requirements, risk, and emerging threats.
We recognize that security is a journey, not a destination. We will support your organization in developing a cybersecurity roadmap that ensures compliance readiness, proactive security controls, consistent testing, and continuous improvement.
ISO/IEC 27001 is an international standard for the implementation of an ISMS. It was originally published in 2005.
It establishes specific requirements for systematic risk assessment, implementation of comprehensive controls to address identified risks, and requirements for processes to ensure that the management system continues to perform and adapt on an ongoing basis.
Once established a program is audited for certification by an accredited auditor. These audits are also performed on an ongoing basis to confirm that an organization remains compliant.
NIST 800-171 is a set of standards established for the protection of Controlled Unclassified Information. It was developed by the National Institution for Standards and Technology to meet the requirements of the Federal Information Security Management Act of 2013.
NIST 800-171 is a requirement for a number of government agencies including the National Aeronautics and Space Administration (NASA) and the Department of Defense (DoD). This also includes supply chain contractors and subcontractors to the DoD.
It is also a requirement for businesses that supply defense articles or defense services to the DoD under the Defense Federal Acquisition Regulation Supplement DFARS 252.204-7012.
Cybersecurity Maturity Model Certification
The Cybersecurity Maturity Model Certification (CMMC) is a further step by DFARS to protect Controlled Unclassified Information within the DoD supply chain. It is currently set to be a requirement for all DoD contracts in 2026.
This system will require suppliers to be certified by third party inspectors to ensure that they meet a required level of cybersecurity practices and processes. These required levels will be tiered for prime contractors and various tiers of subcontractors.
Our consultants can help DoD contractors and subcontractors meet CMCC requirements and interim requirements per DFARS 252.204-7012 Interim Rule
The Enterprise Cybersecurity Environment
Organizations need to devise a comprehensive plan for addressing their security needs. Security is not one size fits all. Security cannot be achieved by a collection of modules that are interconnected together without a process to plan, manage, review, improve and adjust.
Organizations are encouraged to view security as a process. A new way of thinking on how to protect systems, networks, applications, and network services and to continuously evaluate and mitigate risk where possible and appropriately balance against cost.
The security needs and the recommended security strategy of each organization is unique and different. For example, an enterprise, a telecommunication provider, a network operator, or service providers each can have a unique set of business needs. Because of this, they may have very different networking environments to meet these needs.
CVG Strategy Cyber Security Consulting and Training
Cyber Security Consulting
CVG consultants have over a decade of experience with ISMS, Quality Management Systems (QMS) and Export Compliance. We understand that each business has a unique set of requirements that demand tailored solutions.
Cyber Security Training
How Can We Help?
Take a look around our site and contact us for more information on how we can help you meet your challenges.
Voluntary Self Disclosure (VSD) Guidelines
A Voluntary Self-Disclosure (VSD) is conducted when an organization recognizes that violations or suspected violations of export regulations of the United States have occurred. The