Transform Your Enterprise Risk Strategy From Reactive to Proactive​

Cybersecurity frameworks consist of regulations, standards, guidelines, and best practices to manage cybersecurity-related risk.  Some cybersecurity frameworks are voluntary and others in certain industries are mandatory and audited, and carry financial and other penalties for non-compliance.  

FREE CONSULTATION

​MeasureRISK® services and produce an unbiased report with observations and prioritized people, process and technology recommendations.  Project typically take between 2 weeks and 3 months depending on size and scope. We also offer compliance as a service that is a annual service.

• Cybersecurity Maturity Model Certification (CMMC) – A Department of Defense verification mechanism to ensure appropriate levels of cybersecurity practices and processes are in place to ensure basic cyber hygiene as well as protect controlled unclassified information (CUI) that resides on the Department’s industry partners’ networks.
• NIST CSF is often used by organizations that operate critical infrastructure as well as other private-sector businesses, but the best practices are applicable to a range of organizations of varying sizes across all industries.
  • NIST 800-171 -  Guidelines for protecting government controlled unclassified information
  • NIST 800-53​ - Security and Privacy Controls for Federal Information Systems and Organizations.
• California Consumer Privacy Act (CCPA) – Privacy rights and consumer protection for residents of California.
• The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU)

• Business Continuity – Assessment of an organization’s level of preparedness for product and service delivery following an unforeseen disruption.
• Payment Card Industry Data Security Standards (PCI DSS) – Information security standard for organizations that handle branded credit cards from the major card schemes. 
• New York State Department of Financial Services’ Cybersecurity Requirements for Financial Services Companies 23 NYCRR 500.
  
• Health Insurance Portability and Accountability Act (HIPAA) (including Omnibus Rule) – ensures equal access to certain health and human services and protects the privacy and security of health information
• International Organization for Standards (ISO 27001) – Information technology, Security techniques, Information security management systems, Requirements. 
  
• Top 20 Cyber Controls – Compilation of the most critical cyber security controls from the Center for Internet Security V8