IT - CYBERSECURITY INFASTRUCTURE & RISK REVIEWS & ASSESSMENTS
VGRMs IT and cybersecurity professionals are carefully selected, often having worked for government organisations such as the US Department of Justice, Federal Bureau of investigations, and who have past experience working with the likes of Microsoft.
Our IT and cybersecurity professionals hold certifications such as;
Certified Information Security Manager
Certified Data Protection Manager
Certified Data Privacy Solutions Engineer
Certified Threat and Malware Analyst
Secure Cloud Computing Practitioner
Tigether, we support governments and organisations in meeting their operational goals, within measurable criteria. Collaborate with clients to develop, recommend, and implement solutions that include the creation of policies - procedures meeting both US and EU criteria within corporate governance, data, and identity protection to fulfill the firm’s compliance exposure.
Perform Security-Technology/Physical assessments that include vulnerability assessments and penetration tests both internal to external and external to internal while applying the appropriate exploits to gain and expand access as appropriate. Activities include physical penetration tests of facilities. Application testing includes a review of application source code using W3C as the criteria. The tests and reporting performed meet current government guidance FISMA, SOX, GLBA, HIPAA, and COPPA along with industry regulations such as PCI DSS.
Our senior IT & cybersecurity professionals possess a firm understanding of DDOS attack vectors, and accordingly recommend various strategic solutions in order to defend against such attacks. Provide Security-Technology risk reviews, including a review of previous assessments then mapping the previous work (FISMA and IRM) to NIST 800.53 criteria to insure compliance with current policies, regulations. Conduct a review of the firm’s current security posture and by performing an analysis of their current environment using a gap based approach. Recommending what actions to take in the current cyber threat environment.
The review and testing of systems using internal corporate policies and government criteria including NIST 800.xx, COBIT 4 - 5, policies-procedures, interpretation of network diagrams – maps to fulfill requirements for the firm’s governance, risk and compliance under Sarbanes Oxley (SOX), reviews of SOC 1, reviews of various threats and risk.
Assist or support our clients in the following areas:
Design and develop GRC strategies, monitoring and audit plans, risk frameworks and remedial action plans across multiple models.
Lead or help coordinate the implementation of compliance and audit activities, sampling, and preparation of audit materials and Risk / Threat analysis.
Understand and apply technical and operational standard industry practices involving privacy regulations/standards to build programs and/or manage internal controls, risk assessments.
Business processes, or operational auditing – CCPA, CPRA, PCI, BIPA, GDPR, HIPAA / HITECH, EU GDPR and Privacy Shield, COPPA, State Breach Disclosure Laws, GLBA, ITAR, etc.
Research and review EU & US (all fifty states), and other nation states worldwide dealing with privacy issues and or governance.