Do you need assistance with the niche areas of computer security? Proactive Risk can provide you with a time slice of our experts to work with you as a extension of your team. We bring to the table years of experience to help your company be better.
Add our vCISO/DBO supplemental expertise to your team starting at only (20) hrs per month with a (12) month contract.
Advisory – Security advisor for the C-Suite of the organization. ProactiveRISK delivers security-related insight directly to executives, providing expert advice and guidance to educate and inform on strategic business decisions from a technical risk perspective.
Supplemental – Our “On-Demand” option. ProactiveRISK provides expert assistance to support an existing CISO, adding to the CISO’s operational reach and capabilities without adding staff.
Transitional – The “interim” approach. ProactiveRISK assumes a temporary continuation of an existing security program while a new CISO is integrated.
Partner – The “all-in” approach. ProactiveRISK acts as a complete CISO for the duration of the subscription.
NEED HELP WITH BEST PRACTICES AND REGULATORY ISSUES?
NIST Cybersecurity Framework
The 2017 NIST framework provides core controls and processes in several areas essential to cybersecurity. It defines the five concurrent functions Identify, Protect, Detect, Respond, Recover.
Measure your current business and obtain a baseline score from Proactive Risk
Effected by GDPR? Have you assigned a Data Protection Officer?
GDPR Article 39
Proactive Risk can handle many of the tasks associated with the data protection officer as a supplemental service.
1. The data protection officer shall have at least the following tasks:
(a)to inform and advise the controller or the processor and the employees who carry out processing of their obligations pursuant to this Regulation and to other Union or Member State data protection provisions;
(b) to monitor compliance with this Regulation, with other Union or Member State data protection provisions and with the policies of the controller or processor in relation to the protection of personal data, including the assignment of responsibilities, awareness-raising and training of staff involved in processing operations, and the related audits;
(c) to provide advice where requested as regards the data protection impact assessment and monitor its performance pursuant to Article 35;
(d) to cooperate with the supervisory authority;
(e) to act as the contact point for the supervisory authority on issues relating to processing, including the prior consultation referred to in Article 36, and to consult, where appropriate, with regard to any other matter.
2. The data protection officer shall in the performance of his or her tasks have due regard to the risk associated with processing operations, taking into account the nature, scope, context and purposes of processing.
For more information on how we can help just contact us to learn more
Financial Services 23 NYC RR 500
500.02 – Creation of an information security program;
500.03 – Documentation of cybersecurity policies;
500.04 – Designate a CISO to report to board and lead cybersecurity program
500.05 – Ongoing Vulnerability and Penetration Testing along with continuous monitoring;
500.06 – Implement an audit trail of transaction and security-related events;
500.07 – Create a process/procedure to limit access and review privileges to nonpublic information;
500.08 – Creation of procedures, guidelines, standards for developing sure applications and assessing security externally developed applications;
500.09 – Periodic entity risk assessments;
500.10 – Provide cyber security training for cybersecurity personnel;
500.11 – Implement a third-party service provider security policy;
500.12 – The use of multi-factor authentication technology;
500.13 – A data retention and disposal policy;
500.14 – User access monitoring capabilities and awareness training;
500.15 – Encryption for nonpublic information at both transit and rest; and
500.16 – A written incident response plan; and
500.17 – Notification of cybersecurity event and annual reporting to the superintendent.