Treadstone 71 provides information security leadership service that is designed to assess and benchmark your organization's information security and network security posture. The Interim CIRO Service is customized and scaled based on the size of your organization and industry type. Treadstone 71 provides a structured approach used to measure security and develop the strategic security direction for organizations using internationally recognized information security standards. The Treadstone 71 Interim CIRO service focuses on prevention by proactively examining your security infrastructure prior to remediation efforts. In addition, Treadstone 71 measures compliance with the ISO27001/2/5, the CISSP Common Body of Knowledge, Common Criteria, and NIST Security Standards non-inclusively. Treadstone 71 utilizes standards for gap analysis and risk assessment such as the National Security Agency’s Information Assurance Methodology non-inclusively, while incorporating best practices from BITS & FFIEC (for financial services) and OCTAVE® for asset intensive requirements.
Our risk-based, holistic approach ensures rapid review of your current posture while setting the building blocks for increase maturity and risk optimization.
|
± Security Policy, Program and Strategy Development - Organizational Maturity. ± Plan for an build out your risk assessment strategy - GRC RFP and implementation planning.
±
Penetration Testing
Services* used to perform ethical hacking at your approval in hardening
your external infrastructure to malicious attacks. ± Security Metrics Development. ± Security Operations Organization and Setup
±
Security Awareness
Training and specific training solutions tailored to your environment.
±
Continuous, focused
processes ensuring discovery of vulnerabilities and identification of
threats.
± Building Security into the SDLC
±
Physical Security
review.
±
Security
organization roles, responsibilities and job descriptions.
±
Access to IT
Governance Standards that ensure the building or enhancing or your
security focused organization.
±
Comparison to
multiple internationally recognized and accepted information security
standards.
±
Full reporting of
all findings including a ScoreCard and RoadMap for prioritized
recommendations.
±
Comparison of
security posture to similar sized organizations and industry-specific
metrics and best practices.
±
Complete
documentation, definition and recommendations of technical and
non-technical vulnerabilities.
±
Business Continuity
and Disaster Recovery Planning review and recommendations.
|
*Due to the labor intensive
nature of Penetration Testing, this is an optional service.
ISO17799, OCTAVE, CISSP, CISM, Sarbanes Oxley, SOX, CobiT, 27001, ISMS, ISO-27001, ISO 27001, ISO27001, 27005, 27002, GRC, prevention, 17799, proactive, FISMA, defense in depth, arabic, jihadi, cyber jihad, cyber terrorism, holistic security, 201 CMR 17, governance, risk, compliance, Jeff Bardin, Wireless Security, CMM, ITIL, ITSM, Sarbanes Oxley, security awareness, risk, threat, threat matrix, security metrics, ISO1779 training, 21 CFR 11, NSA IAM, BITS, risk management, security in the sdlc, secsdlc, security program, security strategy, business impact analysis, Treadstone 71, bourne, CISM, penetration testing, risk, GRC, detective controls, preventative controls, HIPAA, GLBA, Graham-Leach-Bliley, SAS 70, intrusion detection, interim CISO, interim CIRO, CIRO, CISO, chief security, FFIEC, financial services, trust, continuity, risk assessment, maturity, vulnerability scans, data classification, assessments, disaster recovery, homeland security, security metrics, rosi, roi, training, security posture, threat vulnerability pairs, vulnerability management, security services, information security, risk management, business risk, controls, holistic security, defense in depth, Governance, Risk and Compliance, information risk management