Security Advisory Services
Good Data Security is a Have-To-Have…
A Data breach is bad news for any organization and has an immediate impact on reputation and profitability of a company. Below are examples of threats to assets and the impact of a potential data breach.
What is Data-Centric Security?
This data is your assets or competitive advantage. You need to know what needs to be protected and make sure the protection is commensurate with the value of the data you’re trying to protect.
SPHERE can help by identifying your vulnerabilities in people, process or technology. Working with a client’s target cybersecurity framework, SPHERE can assess their current state and build a roadmap to their future state. Our assessment approach is based on examination of records and interviews of key personnel.
Below are some, but not limited to, available frameworks:
Policy and Process Development
To have an effective cybersecurity program, you need to implement administrative controls. Policies are senior management’s statements on what are acceptable behaviors. Lack of policy allows employees to do things their own way resulting in increased risk of a data breach.
SPHERE can assist in developing the necessary suite of information security policies to strengthen your risk posture.
Our CISO offering can provide support and guidance to your Information Technology Department to build your Cybersecurity Program that focuses on ensuring the Confidentiality, Integrity and Availability to your Information Systems.
What is the New York Cybersecurity Regulation?
The Department of Financial Services (DFS), ensures providers of financial products and services to NY consumers remain solvent, protect consumers, and act reasonably to protect against financial fraud, criminal abuse, and unethical conduct.
Covered entities include but are not limited to, Banks, Lenders, Insurance Companies. To see if your classification of business is affected, click here.
Companies that are supervised by New York’s Department of Financial Services, and not specifically excluded from the in effect regulation, must appoint a qualified Chief Information Security Office (CISO), who will be accountable for the overall implementation, effectiveness, and enforcement of the Cybersecurity Program.