Cyber Security Consulting
and Training

Cyber Security

Our Cyber Security consulting and training programs give you the necessary knowledge to ensure that safeguards are consistently applied to protect your sensitive data.

System Review

CVG Strategy can review your organization’s security infrastructure and process controls against the framework specified in ISO 27001 and NIST 800-171.  These reviews assess three critical categories  of existing information technology controls.  This results in the identification of  areas most vulnerable to cyber threats.

Cyber Security Critical Categories

  1. Security Architecture – People, Policy, Process
  2. Detective Controls – Management, Monitoring, and Review
  3. Preventative Controls – Technology, Tools, and Techniques

Definitions

Cyber security and its related terms are often used in the business world.  Often however, there is confusion surrounding their exact meaning.  To provide clarity definitions of some major terms are listed below.

Cyber security

Cyber security is the practice of employing protection of computer networks, devices, and data from unauthorized access.  As such it provides data confidentiality, integrity, and availability.  Cyber security also includes the utilization of policies, guidelines, security safeguards, risk management, and technical tools. 

Information Security Management System

An Information Security System (ISMS) coordinates the necessary controls to implement effective cyber security.  It involves risk management to identify threats and vulnerabilities and assess the impacts of a successful data breach.  

It then systemizes mitigations to minimize the potential and impacts of those threats and vulnerabilities. As such, it is an activity that includes all sectors and stakeholders of an organization.

A viable ISMS must be tailored to the specific requirements and vulnerabilities of an organization.  It must also be monitored and maintained to adapt to the growth of the business and the changing threat profiles that emerge.  

CVG Strategy Information Security experts have decades of cybersecurity specific experience and understand how to balance your business’ needs with compliance requirements, risk, and emerging threats. 

We recognize that security is a journey, not a destination. We will support your organization in developing a cybersecurity roadmap that ensures compliance readiness, proactive security controls, consistent testing, and continuous improvement.

ISO/IEC 27001

ISO/IEC 27001 is an international standard for the implementation of an ISMS.  It was originally published in 2005. 

It establishes specific requirements for systematic risk assessment, implementation of comprehensive controls to address identified risks, and requirements for processes to ensure that the management system continues to perform and adapt on an ongoing basis.

Once established a program is audited for certification by an accredited auditor.  These audits are also performed on an ongoing basis to confirm that an organization remains compliant.

NIST 800-171

NIST 800-171 is a set of standards established for the protection of Controlled Unclassified Information.  It was developed by the National Institution for Standards and Technology to meet the requirements of the Federal Information Security Management Act of 2013. 

NIST 800-171 is a requirement for a number of government agencies including the National Aeronautics and Space Administration (NASA) and the Department of Defense (DoD). 

It is also a requirement for businesses that supply defense articles or defense services to the DoD under the Defense Federal Acquisition Regulation Supplement DFARS 252.204-7012.

Cybersecurity Maturity Model Certification

The Cybersecurity Maturity Model Certification (CMMC) is a further step by DFARS to protect Controlled Unclassified Information within the DoD supply chain.  It is currently set to be a requirement for all DoD contracts in 2026. 

This system will require suppliers to be certified by third party inspectors to ensure that they meet a required level of cybersecurity practices and processes. These required levels will be tiered for prime contractors and various tiers of subcontractors.

Cyber Environments

The cyber environment includes the software that runs on computing devices, the data stored, transmitted, or generated on these devices. Installations and buildings that house the devices are also part of the cyber environment.  Cybersecurity needs to take such elements into consideration. 

Cyber security is no longer limited to realm of computers and cell phones.  Emergent technologies are moving more and more towards interconnectivity.  While these devices offer many advantages, they also provide access points for cyber attacks.

Cloud Based Data

Enterprises are increasingly leading to cloud based systems because of their ease of use and scalability.  While cloud based technologies can be employed in a secure manner their implementation and configuration must be carefully executed.  Because data stored on the cloud can contain customer data, adequate cloud security is a critical responsibility.

Voice Over Internet Protocol

Voice Over Internet Protocol (VoIP) provides voice phone calls over internet connections.  It can thereby provide enterprises with an economical alternative to connectivity. 

VoIP is not without security concerns.  Like any other digital system, VoIP is susceptible to viruses, malware, denial of service, and other cyber threats.  These threats extend to the administrative facilities of the systems they are connected to.

Internet of Things

Internet of Things (IoT) devices are becoming increasingly prevalent.  They have been developed to allow sensors and software to interconnect over the internet.  They can be found in home products and health monitoring devices.  They are also gaining acceptance in military, agricultural, manufacturing and infrastructure applications. 

These devices are inexpensive and easy to implement.  Often, they can provide organizations with real-time analytics and enhanced automation through machine learning.  They are an integral part of Industry 4.0.  They also however, provide serious risks because each device has access to a facility network and thus provides an entry point for cyber attack.

The Role of Cyber Security

cyber securityCybersecurity aims at securing the cyber environment.  It is a system that may involve stakeholders that belong to many public and private organizations, using diverse components and different approaches to security. As such, it is beneficial to think of cybersecurity in the following sense:

  • The collection of policies and actions that are used to protect connected networks (including, computers, devices, hardware, stored information and information in transit) from unauthorized access, modification, theft, disruption, interruption or other threats.
  • An ongoing evaluation and monitoring of the above policies and actions in order to ensure the continued quality of security in face of the changing nature of threats.

 

The Enterprise Cybersecurity Environment

Plan

Organizations need to devise a comprehensive plan for addressing their security needs. Security is not one size fits all. Security cannot be achieved by a collection of modules that are interconnected together without a process to plan, manage, review, improve and adjust.

Organizations are encouraged to view security as a process. A new way of thinking on how to protect systems, networks, applications, and network services and to continuously evaluate and mitigate risk where possible and appropriately balance against cost.

Security

Security has to be comprehensive across all network layers. Adopting a layered approach to security that, when combined with strong policy management and enforcement, provides security professionals a choice of security solutions that could be modular, flexible, and scalable. Security is difficult to test, predict and implement. Security is not a one size fits all solution.

The security needs and the recommended security strategy of each organization is unique and different.  For example, an enterprise, a telecommunication provider, a network operator, or service providers each can have a unique set of business needs.  Because of this, they may have very different networking environments to meet these needs.

Closed enterprise

Closed enterprise uses logical (e.g., frame relay) or physical private lines between sites.   Remote access is provided selectively for employees needing access into the Internet.

Web presence is achieved through an Internet data center provided by a service provider (who is responsible for establishing a secure environment). The organization also provides conventional dial access for remote employees (e.g., working from a hotel).  The company uses private e-mail among employees with no external access.  Wireless LANs can also be used.

Extended enterprise

This would include telecom providers, network operators or service providers through various business models and can provide support for remote employee and remote office access over IP VPNs over the Internet, or deliver higher speed, lower cost connectivity including general-purpose access into the Internet, such as inter-working between internal e-mail systems and the rest of the world.

Open enterprise

This business model can leverage the Internet by allowing partner, supplier and customer to have access to a enterprise-managed Internet data center, even allowing selective access to internal databases and applications (e.g., as part of a supply chain management system). Internal and external users access the enterprise network from home, remote offices or other networks using wired or mobile devices. As such, the security requirement for such an enterprise is different from other enterprises.

CVG Strategy Cyber Security Consulting and Training

Cyber Security Consulting

CVG consultants have over a decade of experience with ISMS, Quality Management Systems (QMS) and Export Compliance.  We understand that each business has a unique set of requirements that demand tailored solutions.  Developing these solutions assessing an organization’s culture and involving all stakeholders.  Using this information, we can develop programs that are effective and can adapt as a business grows.

Cyber Security Training

Training is an essential component for any viable ISMS.  Despite major advances in organizational cyber security, human error continues to be a major cause of data breach.
 
While more sophisticated variants of malicious software are being developed, phishing remains a prominent way for hackers to gain access to sensitive information.  Thus, a very well designed cybersecurity framework can be defeated by an employee clicking on an email attachment.  This is a cause of increased concern as the remote workforce continues to expand.
 
Proper cyber protocols must be consistently reinforced through training that is informative and engaging.  Effective training should include review of basic procedures such as using appropriate network security and not allowing unauthorized access to work areas.  It should also include a review of all ISMS policy and procedure changes.
 
CVG Strategy has been involved in business training for over a decade.  Our experts take pride in effective and engaging training sessions that ensure that participants retain important information.

How Can We Help?

Take a look around our site and contact us for more information on how we can help you meet your challenges.

Latest News