The Proactive RISK team is well known for contributing to many open standards and best practices. Our red team is comprised of experienced information security operators that put your systems to the ultimate test of what is possible when a motivated adversary targets your organization. Our blue team focuses on securing, protecting and defending the mission of our clients with a blend of highly trained staff, process and purpose-built technologies.
AREAS OF FOCUSAPPLICATION
Penetration testing and source code review to identify security vulnerabilities in web, mobile, terminal, mainframe, and middleware systems NETWORK Penetration testing of internal, external, wireless an operational devices HARDWARE Verify the security between the digital realms of systems that directly interact with devices such as sensors, valves, pumps, motors, and more through human-machine interface (HMI) software programmable logic controllers (PLCs) or remote terminal units (RTUs) HUMAN Performing simulations of phishing campaigns, social engineering, ransomware, and physical security violations to determine risk |
|
WE believe
Information security policies, standards, processes, and guidelines are important components of any organizations information security program. We firmly believe that (5) information security objectives: Confidentiality, Integrity, Availability, Privacy, and Safety comprise its foundation.
These information security objectives can only be achieved if organizations embed them in into their people, processes, and technology.
- Confidentiality – Sensitive information is not disclosed to unauthorized individuals, entities, or processes.
- Integrity - Sensitive information has not been modified or deleted in an unauthorized and undetected manner.
- Availability - Information or an information system being accessible and usable upon demand by an authorized entity.
- Privacy - Freedom from unauthorized intrusion or disclosure of information about an individual.
- Safety - The condition of being protected from harm or other non-desirable outcomes.
These information security objectives can only be achieved if organizations embed them in into their people, processes, and technology.
- People – Everyone has a role to play in information security. Security is implemented and practiced by people. People design and implement processes and technology, as well as follow processes and use technology to enable business.
- Process - includes formal and informal mechanisms (large and small, simple and complex) to get things. Processes identify, measure, manage, and control risks to confidentiality, integrity, availability, privacy, and safety, and they also ensure accountability.
- Technology - is composed of all of the tools, applications and infrastructure that make processes more efficient. Technology implemented by people following processes allows for the State to meet its information security objectives.
OUR MANIFESTO
- We recognize that open-source and commercial software has become a foundation of our modern world. We know the awesome responsibility providing services to our clients
- We recognize that our work will be used in ways we cannot anticipate, in ways they were not designed, and for longer than ever intended.
- We recognize that our work will be attacked by talented and persistent adversaries who threaten our clients physical, economic and national security
- We recognize these things, and we choose to be in this business helping our customers every day.
- We will be secure because our people refuse to be a source of vulnerability or weakness. We will be secure, not because it is easy, but because it is necessary and we are up for the challenge.
BENEFITS
Add our vCISO/DBO supplemental expertise to your team starting at only (20) hrs per month with a (12) month contract.
Add our vCISO/DBO supplemental expertise to your team starting at only (20) hrs per month with a (12) month contract.
- Independent view of your risk, compliance and security frameworks.
- Ability to deliver senior-level presentations of your security posture to key stakeholders, e.g., to your leadership team or regulators.
- Assessment and development of the information security skills of your wider team.
- Reduces the threat of cyber attacks on your company – thereby potentially saving hundreds of thousands of dollars and the company’s reputation.
- Access to your own virtual cybersecurity team, draw on all the individual skills of the of the team members for research and Q&A sessions.
- Coordination of incident investigations and remedial measures put in place to prevent future occurrences.
NIST Cybersecurity Framework
The 2017 NIST framework provides core controls and processes in several areas essential to cybersecurity. It defines the five concurrent functions Identify, Protect, Detect, Respond, Recover.
Measure your current business and obtain a baseline score from Proactive Risk
The 2017 NIST framework provides core controls and processes in several areas essential to cybersecurity. It defines the five concurrent functions Identify, Protect, Detect, Respond, Recover.
Measure your current business and obtain a baseline score from Proactive Risk
OPTIONS
Advisory – Security advisor for the C-Suite of the organization.
Security-related insight directly to executives, providing expert advice and guidance to educate and inform on strategic business decisions from a technical risk perspective.
Supplemental – Our “On-Demand” option.
Expert assistance to support an existing CISO, adding to the CISO’s operational reach and capabilities without adding staff.
Transitional – The “interim” approach.
A temporary continuation of an existing security program while a new CISO is integrated.
Partner – The “all-in” approach.
Complete CISO for the duration of the subscription.
Advisory – Security advisor for the C-Suite of the organization.
Security-related insight directly to executives, providing expert advice and guidance to educate and inform on strategic business decisions from a technical risk perspective.
Supplemental – Our “On-Demand” option.
Expert assistance to support an existing CISO, adding to the CISO’s operational reach and capabilities without adding staff.
Transitional – The “interim” approach.
A temporary continuation of an existing security program while a new CISO is integrated.
Partner – The “all-in” approach.
Complete CISO for the duration of the subscription.