Just what exactly is a good security posture?

Compliance is vastly over-rated when compared to actually attaining a security posture that meets risks with controls.




SolarWinds Breach a lesson in security posture compromise




Vision:  Acting as a trusted adviser over dozens of engagements we have confirmed that, if you measure objectively --  the effort needed to actually produce a solid cyber security posture amounts to only 10 percent additional effort compared to simply producing the appearance of 'compliance'.

Mission: Focus on IT governance and Information Technology deployment. Bring clarity of purpose to information security management. Introduce repeatable procedures through a defined framework to establish successful implementation & stable operations.

Specialization and Focus: 
  • Regulatory Exam Preparation and Support
  • Assessment of cyber security posture
  • Blockchain risk assessment
  • Cyber security maturity assessment
  • Governance assessment
  • Process visualization
  • Policy framework alignment audit
  • Implementation practices (procedures) 
  • Review policy vs. deployment gaps assessment 
  • Implementation road-map 
  • Staff skills assessment & training plan 
  • Framework for monitoring detailed self-audit programs
  • Gaps assessment and remediation
  • Litigation Support
  • Expert Witness Testimony
 Typical Deliverables:
  • Security Posture Development
  • Business Continuity Management
    • Technology Recovery Planning
    • Business Recovery Planning
    • Disaster Recovery Planning
    • Crisis Management Planning
    • Process Flow Diagrams
  • Vulnerability Assessment Analysis
  • Penetration Test Analysis 
  • Technology Gaps Tracking
  • Cyber Security Program
  • IT General Controls Program
  • Compliance Reporting
  • Risk Assessment by Business Unit
  • Self-Audit Reporting
  • Policy Development
Consulting Practice:

Deliver affordably priced information security services advising senior management and corporate boards.  Exceed expectations, produce lasting improvement in cyber security implementation .

Regulatory / Frameworks

 

OCC, FFIEC, GLBA, HIPAA, PCI, DOD

CIS, NIST


Typical engagements:
  • On Call
  • Defined Scope of Work
  • Staff Augmentation
  • Technology Transfer Instruction

Background:  40 years IS experience
Contacts:  
E-Mail Us  LinkedIn  Facebook http://www.salina.net http://www.salina.net/ Phone

Certifications:
https://www.youracclaim.com/badges/4f777def-9206-4ca4-a233-90e92ffb9892 GSNA,  http://www.salina.net CISSPhttp://www.salina.net S+,  http://www.salina.net, Study Towards CASP , MCSA, GISP                          our 'hat's off' to the professionals at SANS - you are our heroes. 
 The most trusted source for computer security training, certification, and research

Acknowledgments:

The deployment and validation road map provided by the Center for Internet Security specifically their CIS 20 Controls Download is the central guide to our consulting practice. They have earned, and receive from us full credit for the work. The road-map makes projects to improve cyber security implementation much more effective.  

Quote for today:   Doing nothing has the down side of being difficult to determine when you are finished.  (Nelson DeMille - Night Fall)


Rant's and Raves Below the line :

I have noticed something doesn't seem right in Washington DC.
We can all help by reducing what we send them in taxes.
Something about 1775 and ' ..taxation without representation.."

Cure for What Ales

To quote Warren Buffett:
"I could end the deficit in 5 minutes. You just pass a law that says that anytime there is a deficit of more than 3% of GDP, all sitting members of Congress are ineligible for re-election."

This Author's Additional Thoughts

If we can't simply send our federal representatives packing back to their respective homes ........
No federal payments to education institutions offering law degrees. 
Tax existing lawyers who enter politics at 150 percent of income.
Remove the sweetheart lifetime deals for congress:
  - no federal payments after tenure
  - no federal insurance during and after tenure
Establish line item veto for the executive.


Image may contain: 1 person, suit, text that says 'If a political party does not have its foundation in the determination to advance a cause that is right and that is moral, then it is not a political party; it S merely a conspiracy to seize power. DWIGHT D. EISENHOWER, speech, March 6, 1956'