The public sector is an interesting, important and really tough market to work with. You can verify this by asking your vendors how they feel about working in "SLED": State, Local and Educational. They'll talk about thin and biennial budgets, government procurement rules and political and labor overlays.
And yet, we picked this market preferentially. Why? Because we have kids. Because clean water, emergency management, and communication systems for public safety are far more important than credit cards. Yes, the public sector holds personally identifiable information, health records and cardholder data and those are important as security drivers (no one wants to be "above the fold"), but the real exposures are the ones that can result in loss of life if disrupted.
So our challenge is to come up with security services that are focused on the right things, provide demonstrable value, and help with moving the conversation forward about securing the critical assets that are managed by the public sector—while addressing the difficulties in projecting the need for security to elected officials and executives.
So here are three packages that do just that. These are meant to assist with establishing a security baseline and budget priorities, identifying low-hanging fruit for quick wins, and addressing compliance requirements that apply to HIPAA, CJIS, and PCI. And while pricing depends on scope, these are normally below the threshold for competitive procurement.
Focused Security Assessment
This is against standards of practice and regulatory requirements that apply to your organization. The security assessment is crafted to address exactly the issues on which you need to elevate attention. If you're having a problem with payment systems that store cardholder data, we put PCI issues in scope. If you're concerned about the storage of health data, we integrate HIPAA issues into the assessment. The deliverable is a driver for budget requests and prioritization, and establishes a baseline against which you can show progress over time.
Packet Capture and Analysis
Using our custom packet-capture platform, Critical Insight, we'll pull traffic from your network onto an encrypted drive for a period of 3-5 days. This comes back to the Critical Informatics lab, and is run through our OSMOSIS threat identification platform, and interesting findings investigated by a Critical Informatics analyst. The analysis will identify compromised assets in your network, attacks in progress, data exfiltration events, and network device configuration issues. This information can be used to identify control deficiencies, the need for user education, and the value of monitoring.
Security Awareness Training
Security awareness training (SAT) is a component of nearly every security regulatory regime, because users are your biggest exposure. While there's no firewall for stupidity, users can—and should—be periodically exposed to messaging that helps to bring their "radar up" to avoid disclosing credentials, biting on malware, or failing to report odd occurrences. Our training is directed at 3 populations: users, administrators, and executives and includes attestation management so you can prove to auditors that you're meeting the requirement.
Type your search and press enter
- Threat Intelligence
- Happy Hour
- InfoSec 101
- Security Awareness
- Public Sector
- Financial Services
- Press Release
@critinformatics | Aug 21, 2018While enterprises are distracted by the latest AI/ML/SOAR tool, small businesses are getting back-to-basics and moving the #security needle. Read insights from @seattlemkh on how to simplify the #cybersecurity program effectively on a small biz budget. https://t.co/lv2f12C9FL https://t.co/a7FaBge9UL
@critinformatics | Aug 21, 2018RT @beyondnegative: Yay for stable internets! Go download my presentation and workshop outline/notes on Github: https://t.co/APcsUxxzS7
@critinformatics | Aug 21, 2018#ICYMI: Learn the 5 key questions that the #CISO should consider when conducting #riskassessment, and how those answers can support budget requests for the #cybersecurity program. https://t.co/lLibAzTUWF https://t.co/cVudQc4f23
@critinformatics | Aug 20, 2018#ICYMI: [VIDEO] It's #NewsJacker time with CI Security's #CISO @seattlemkh! Get caught up all the recent #InfoSec news you need to know, including stories on stolen data, privacy, #InfoSec litigation, Russia’s election meddling, and more. https://t.co/qsixvM7rI0 https://t.co/0Z4waKbRKy
@critinformatics | Aug 20, 2018While enterprises are distracted by the latest AI/ML/SOAR tool, small businesses are getting back-to-basics and moving the #security needle. Read @seattlemkh's insights on how to simplify the #cybersecurity program effectively on a small biz budget. https://t.co/nW5RBUG4k8 https://t.co/83WQ7FqkJ3