Cyber Security Consulting
Our Cyber Security consulting and training programs give you the necessary knowledge to ensure that safeguards are consistently applied to protect your sensitive data.
CVG Strategy can review your organization’s security infrastructure and process controls against the framework specified in ISO 27001 and NIST 800-171. These reviews assess three critical categories of existing information technology controls. This results in the identification of areas most vulnerable to cyber threats.
Cyber Security Critical Categories
- Security Architecture – People, Policy, Process
- Detective Controls – Management, Monitoring, and Review
- Preventative Controls – Technology, Tools, and Techniques
Cyber security and its related terms are often used in the business world. Often however, there is confusion surrounding their exact meaning. To provide clarity definitions of some major terms are listed below.
Cyber security is the practice of employing protection of computer networks, devices, and data from unauthorized access. As such it provides data confidentiality, integrity, and availability. Cyber security also includes the utilization of policies, guidelines, security safeguards, risk management, and technical tools.
Information Security Management System
An Information Security System (ISMS) coordinates the necessary controls to implement effective cyber security. It involves risk management to identify threats and vulnerabilities and assess the impacts of a successful data breach.
It then systemizes mitigations to minimize the potential and impacts of those threats and vulnerabilities. As such, it is an activity that includes all sectors and stakeholders of an organization.
A viable ISMS must be tailored to the specific requirements and vulnerabilities of an organization. It must also be monitored and maintained to adapt to the growth of the business and the changing threat profiles that emerge.
CVG Strategy Information Security experts have decades of cybersecurity specific experience and understand how to balance your business’ needs with compliance requirements, risk, and emerging threats.
We recognize that security is a journey, not a destination. We will support your organization in developing a cybersecurity roadmap that ensures compliance readiness, proactive security controls, consistent testing, and continuous improvement.
ISO/IEC 27001 is an international standard for the implementation of an ISMS. It was originally published in 2005.
It establishes specific requirements for systematic risk assessment, implementation of comprehensive controls to address identified risks, and requirements for processes to ensure that the management system continues to perform and adapt on an ongoing basis.
Once established a program is audited for certification by an accredited auditor. These audits are also performed on an ongoing basis to confirm that an organization remains compliant.
NIST 800-171 is a set of standards established for the protection of Controlled Unclassified Information. It was developed by the National Institution for Standards and Technology to meet the requirements of the Federal Information Security Management Act of 2013.
NIST 800-171 is a requirement for a number of government agencies including the National Aeronautics and Space Administration (NASA) and the Department of Defense (DoD). This also includes supply chain contractors and subcontractors to the DoD.
It is also a requirement for businesses that supply defense articles or defense services to the DoD under the Defense Federal Acquisition Regulation Supplement DFARS 252.204-7012.
Cybersecurity Maturity Model Certification
The Cybersecurity Maturity Model Certification (CMMC) is a further step by DFARS to protect Controlled Unclassified Information within the DoD supply chain. It is currently set to be a requirement for all DoD contracts in 2026.
This system will require suppliers to be certified by third party inspectors to ensure that they meet a required level of cybersecurity practices and processes. These required levels will be tiered for prime contractors and various tiers of subcontractors.
The cyber environment includes the software that runs on computing devices, the data stored, transmitted, or generated on these devices. Installations and buildings that house the devices are also part of the cyber environment. Cybersecurity needs to take such elements into consideration.
Cyber security is no longer limited to realm of computers and cell phones. Emergent technologies are moving more and more towards interconnectivity. While these devices offer many advantages, they also provide access points for cyber attacks.
Cloud Based Data
Enterprises are increasingly leading to cloud based systems because of their ease of use and scalability. While cloud based technologies can be employed in a secure manner their implementation and configuration must be carefully executed. Because data stored on the cloud can contain customer data, adequate cloud security is a critical responsibility.
Voice Over Internet Protocol
Voice Over Internet Protocol (VoIP) provides voice phone calls over internet connections. It can thereby provide enterprises with an economical alternative to connectivity.
VoIP is not without security concerns. Like any other digital system, VoIP is susceptible to viruses, malware, denial of service, and other cyber threats. These threats extend to the administrative facilities of the systems they are connected to.
Internet of Things
Internet of Things (IoT) devices are becoming increasingly prevalent. They have been developed to allow sensors and software to interconnect over the internet. They can be found in home products and health monitoring devices. They are also gaining acceptance in military, agricultural, manufacturing and infrastructure applications.
These devices are inexpensive and easy to implement. Often, they can provide organizations with real-time analytics and enhanced automation through machine learning. They are an integral part of Industry 4.0. They also however, provide serious risks because each device has access to a facility network and thus provides an entry point for cyber attack.
The Role of Cyber Security
Cybersecurity aims at securing the cyber environment. It is a system that may involve stakeholders that belong to many public and private organizations, using diverse components and different approaches to security. As such, it is beneficial to think of cybersecurity in the following sense:
- The collection of policies and actions that are used to protect connected networks (including, computers, devices, hardware, stored information and information in transit) from unauthorized access, modification, theft, disruption, interruption or other threats.
- An ongoing evaluation and monitoring of the above policies and actions in order to ensure the continued quality of security in face of the changing nature of threats.
The Enterprise Cybersecurity Environment
Organizations need to devise a comprehensive plan for addressing their security needs. Security is not one size fits all. Security cannot be achieved by a collection of modules that are interconnected together without a process to plan, manage, review, improve and adjust.
Organizations are encouraged to view security as a process. A new way of thinking on how to protect systems, networks, applications, and network services and to continuously evaluate and mitigate risk where possible and appropriately balance against cost.
Security has to be comprehensive across all network layers. Adopting a layered approach to security that, when combined with strong policy management and enforcement, provides security professionals a choice of security solutions that could be modular, flexible, and scalable. Security is difficult to test, predict and implement. Security is not a one size fits all solution.
The security needs and the recommended security strategy of each organization is unique and different. For example, an enterprise, a telecommunication provider, a network operator, or service providers each can have a unique set of business needs. Because of this, they may have very different networking environments to meet these needs.
Closed enterprise uses logical (e.g., frame relay) or physical private lines between sites. Remote access is provided selectively for employees needing access into the Internet.
Web presence is achieved through an Internet data center provided by a service provider (who is responsible for establishing a secure environment). The organization also provides conventional dial access for remote employees (e.g., working from a hotel). The company uses private e-mail among employees with no external access. Wireless LANs can also be used.
This would include telecom providers, network operators or service providers through various business models and can provide support for remote employee and remote office access over IP VPNs over the Internet, or deliver higher speed, lower cost connectivity including general-purpose access into the Internet, such as inter-working between internal e-mail systems and the rest of the world.
This business model can leverage the Internet by allowing partner, supplier and customer to have access to a enterprise-managed Internet data center, even allowing selective access to internal databases and applications (e.g., as part of a supply chain management system). Internal and external users access the enterprise network from home, remote offices or other networks using wired or mobile devices. As such, the security requirement for such an enterprise is different from other enterprises.
CVG Strategy Cyber Security Consulting and Training
Cyber Security Consulting
CVG consultants have over a decade of experience with ISMS, Quality Management Systems (QMS) and Export Compliance. We understand that each business has a unique set of requirements that demand tailored solutions. Developing these solutions assessing an organization’s culture and involving all stakeholders. Using this information, we can develop programs that are effective and can adapt as a business grows.
Cyber Security Training
How Can We Help?
Take a look around our site and contact us for more information on how we can help you meet your challenges.