Cyber Security Consulting
and Training

Cyber Security

Our Cyber Security consulting and training programs give you the necessary knowledge to ensure that safeguards are consistently applied to protect your sensitive data.

System Review

CVG Strategy can review your organization’s security infrastructure and process controls against the framework specified in ISO 27001 and NIST 800-171.  These reviews assess three critical categories  of existing information technology controls.  This results in the identification of  areas most vulnerable to cyber threats.

Cyber Security Critical Categories

  1. Security Architecture – People, Policy, Process
  2. Detective Controls – Management, Monitoring, and Review
  3. Preventative Controls – Technology, Tools, and Techniques

Definitions

Cyber security and its related terms are often used in the business world.  Often however, there is confusion surrounding their exact meaning.  To provide clarity definitions of some major terms are listed below.

Cyber security

Cyber security is the practice of employing protection of computer networks, devices, and data from unauthorized access.  As such it provides data confidentiality, integrity, and availability.  Cyber security also includes the utilization of policies, guidelines, security safeguards, risk management, and technical tools. 

Information Security Management System

An Information Security System (ISMS) coordinates the necessary controls to implement effective cyber security.  It involves risk management to identify threats and vulnerabilities and assess the impacts of a successful data breach.  

It then systemizes mitigations to minimize the potential and impacts of those threats and vulnerabilities. As such, it is an activity that includes all sectors and stakeholders of an organization.

A viable ISMS must be tailored to the specific requirements and vulnerabilities of an organization.  It must also be monitored and maintained to adapt to the growth of the business and the changing threat profiles that emerge.  

CVG Strategy Information Security experts have decades of cybersecurity specific experience and understand how to balance your business’ needs with compliance requirements, risk, and emerging threats. 

We recognize that security is a journey, not a destination. We will support your organization in developing a cybersecurity roadmap that ensures compliance readiness, proactive security controls, consistent testing, and continuous improvement.

ISO/IEC 27001

ISO/IEC 27001 is an international standard for the implementation of an ISMS.  It was originally published in 2005. 

It establishes specific requirements for systematic risk assessment, implementation of comprehensive controls to address identified risks, and requirements for processes to ensure that the management system continues to perform and adapt on an ongoing basis.

Once established a program is audited for certification by an accredited auditor.  These audits are also performed on an ongoing basis to confirm that an organization remains compliant.

NIST 800-171

NIST 800-171 is a set of standards established for the protection of Controlled Unclassified Information.  It was developed by the National Institution for Standards and Technology to meet the requirements of the Federal Information Security Management Act of 2013. 

NIST 800-171 is a requirement for a number of government agencies including the National Aeronautics and Space Administration (NASA) and the Department of Defense (DoD).  This also includes supply chain contractors and subcontractors to the DoD.

It is also a requirement for businesses that supply defense articles or defense services to the DoD under the Defense Federal Acquisition Regulation Supplement DFARS 252.204-7012.

Cybersecurity Maturity Model Certification

The Cybersecurity Maturity Model Certification (CMMC) is a further step by DFARS to protect Controlled Unclassified Information within the DoD supply chain.  It is currently set to be a requirement for all DoD contracts in 2026. 

This system will require suppliers to be certified by third party inspectors to ensure that they meet a required level of cybersecurity practices and processes. These required levels will be tiered for prime contractors and various tiers of subcontractors.

Our consultants can help DoD contractors and subcontractors  meet CMCC requirements and interim requirements per  DFARS 252.204-7012 Interim Rule

The Enterprise Cybersecurity Environment

Organizations need to devise a comprehensive plan for addressing their security needs. Security is not one size fits all. Security cannot be achieved by a collection of modules that are interconnected together without a process to plan, manage, review, improve and adjust.

Organizations are encouraged to view security as a process. A new way of thinking on how to protect systems, networks, applications, and network services and to continuously evaluate and mitigate risk where possible and appropriately balance against cost.

The security needs and the recommended security strategy of each organization is unique and different.  For example, an enterprise, a telecommunication provider, a network operator, or service providers each can have a unique set of business needs.  Because of this, they may have very different networking environments to meet these needs.

CVG Strategy Cyber Security Consulting and Training

Cyber Security Consulting

CVG consultants have over a decade of experience with ISMS, Quality Management Systems (QMS) and Export Compliance.  We understand that each business has a unique set of requirements that demand tailored solutions. 

Cyber Security Training

Training is an essential component for any viable ISMS.  Despite major advances in organizational cyber security, human error continues to be a major cause of data breach.
 
While more sophisticated variants of malicious software are being developed, phishing remains a prominent way for hackers to gain access to sensitive information.  Thus, a very well designed cybersecurity framework can be defeated by an employee clicking on an email attachment.  This is a cause of increased concern as the remote workforce continues to expand.
 
Proper cyber protocols must be consistently reinforced through training that is informative and engaging.  Effective training should include review of basic procedures such as using appropriate network security and not allowing unauthorized access to work areas.  It should also include a review of all ISMS policy and procedure changes.
 
CVG Strategy has been involved in business training for over a decade.  Our experts take pride in effective and engaging training sessions that ensure that participants retain important information.

How Can We Help?

Take a look around our site and contact us for more information on how we can help you meet your challenges.

Latest News