Policy & Risk Management Design & Implementation
INARMA can help you design and manage
the implementation of risk management and cybersecurity controls in your environment
working with your service providers to develop realistic action plans that address higher risk or impact items first.
A security policy is the first step in making sure that controls are implemented in accordance with your company policy, industry regulations, and best practices. Based on your security strategy and current security posture, we can help make sure that you have industry accepted practices and controls in place to reduce the likelihood that an adverse event will impact your organization.
While no set of controls can provide 100% protection, we help make sure the controls that are implemented reduce your risk to an acceptable level, and we help make sure you know what to do in the event of an incident.
Selected Control Design & Management Services
We understand regulatory requirements for policies and procedures, such as a WISP (written information security program). As noted by this acronym, you need more than a cybersecurity “policy”.
INARMA has developed an IT / Cybersecurity Policy Framework along with basic documents that meet SEC, FFIEC, other regulatory requirements. They will be tailored to your business after our professionals meet with your team to outline our recommended approach and obtain your input based on your risk tolerance. We provide support as you roll the policies out to your employees and vendors.
If requested, we will provide annual updates based on changes in your environment or regulatory requirements.
We can help you assess the security posture at your vendors, both before signing a contract, and after the ink is dry to ensure vendors continue compliance with contracts and regulations. Because our experts have worked for various types of service providers and auditing firms, in addition to in-house positions, we know the right questions to ask to address the risks that you are concerned about. While we focus on security and regulatory requirements, we help you ensure your business needs are being met by the vendor.
In addition, we make sure that appropriate internal business process and technology controls are in place to secure all data during transit and storage, no matter the location.
We can help your organization develop and implement technical control practices, whether you maintain systems in-house or have them outsourced. We recommend using the Center for Internet Security (CIS) Benchmarks for configuration of new IT assets, and the Open Web Application Security Project (OWASP) Secure Coding Practices for the development and testing of applications.
We can design and develop standards and procedures for securely building and implementing systems in your environment. We will help your teams
- understand the need for secure frameworks such as OWASP,
- document compliance during the SDLC and change management, and
- monitor for compliance.
We can provide support for both the development and implementation of Disaster Recovery / Business Continuity Plans (DRP/BCP) and Incident Response Plans. We build the plans based on an understanding of the "reasonably foreseeable" risks facing your organization from both your internal systems and third party service providers. We examine contractual commitments with providers and develop appropriate action plans to continue operations in the event of an adverse event.
We can help test your disaster recovery / incident management plans.
We have an expert team of computer forensic investigators available to respond to possible data or system breach. This team can help determine what happened, how to prevent similar future events, and support you during the insurance claim or legal process.