Leading organizations recognize the importance of protecting their clients’ data.  At Vertex, our expert talent is available to guide your firm through the process, whether you’re initiating your first gap analysis or fine tuning an established cybersecurity program.  We believe that a firm’s cybersecurity initiative does not occur in isolation.  Rather, it touches many areas of a firm’s operations, digital and otherwise, and provides opportunities for improvements across functional departments.  For example, a cybersecurity education program might also provide an operational vehicle for other compliance training required by HR department.

Vertex is uniquely qualified to help our clients design a cybersecurity program that works in concert with other operational initiatives.  Our team brings a big picture perspective to cybersecurity, characterizing it as a crucial component of a larger business operations improvement opportunity.  Often a cybersecurity initiative offers an occasion to improve workflow efficiencies and resiliency throughout the organization. Our expertise spans industries and accords with a standard based approach so our clients can assure their own clients that a high quality of digital protections are in place.

INFORMATION SECURITY POLICY DEVELOPMENT AND REVIEW

Draft new, or revise existing, information security policies and procedures to meet regulatory guidelines and client needs. All policies and procedures will be mapped to the Critical Security Controls, which are now managed by the Center for Internet Security and/or the most recent version of the NIST SP 800-53, SP 800-171 as applicable.

INCIDENT RESPONSE PLANNING

Draft new, or revise existing, incident response plan to address data security incidents. The resulting plan will be mapped to the most recent version of the NIST SP 800-61, and will identify the phases of response to a data security incident, identify the internal and external responders, and provide guidance on the response to different types of incidents involving different types of data.

TABLE TOP EXERCISE

Conduct a three- to five-hour onsite exercise for key representatives from the client’s business units during which current digital threats are depicted in scenarios requiring organizational problem solving. During the exercise, we make practical use of the client’s incident response plan to identify internal and external roles and responsibilities for responding to data security incidents.

CYBER RISK ASSESSMENTS

Conduct an enterprise security posture assessment mapped to the most recent version of the NIST SP 800-53, SP 800-171 or ISO 27002 as applicable. The concluding report will identify the purpose of each applicable control, identify the applicable controls that are currently not enabled by the client, and provide operational guidance for implementing the applicable controls.

CCPA AND GDPR COMPLIANCE

Develop and implement required policies and procedures to comply with new privacy laws and regulations. The CCPA is effective as of January 1, 2020 and includes a 12-month "look back" requirement which means applicable companies should already have a current data inventory and data flow map in place.