Our services enable clients to identify and mitigate their cyber risk through the use of robust and leading edge tools combined with deep experience and insight. Cyber risk has accelerated rapidly in conjunction with the proliferation of internet-enabled technology. Unfortunately, this trend has increased risk exposure for businesses. The risk is reputational, not just cyber. Proper protections require comprehensive, results-based solutions to cyber threats.
While other firms specialize in one phase or aspect of cyber risk and resolution, APS’s service provides our clients with in-depth services and references for every phase in the cyber risk continuum.
An essential first step in protecting data, is identifying it. APS offers a proprietary solution that searches your entire network for personally identifiable information, PII, and other regulated information such as HIPAA. Once identified, this information can be moved to a secure location on your network or to our encrypted location. Without knowing where this data is, or its exposure, it cannot be properly protected.
Cyber Program Strategy
All businesses are potential targets for cybercrime. Protection means considering all avenues of attack. And to do that properly requires a cyber security strategy. Making security an afterthought or add-on at any step, means leaving at least one door open to attackers.
All aspects of your business need to be cyber security aware; people, processes and technology. While technology gets the most press, people and processes are essential components to effective cyber security and people are often the weakest link in the chain.
APS's Cyber Program Strategy considers all three components and tailors the strategy to fit your business operations model and your culture.In creating a cyber security strategy APS will:
- Assess current state and create a baseline
- Understand customer business operational model and culture
- Assess maturity level
- Determine risk rating
- Partner with your organization to create target state
- Identify the delta between current and target state
- Create plan to close the delta
In addition to a technical strategy, we examine your business processes to find security holes. For people, we deliver an education & awareness program for all employees and identify the steps necessary to protect your critical business information.
Threat & Vulnerability Management
Threat and Vulnerability Management is a targeted service focused on finding and closing the holes in your environment; in people, processes and technology.
The starting point for this service is the identification and mapping of your complete IT environment creating a baseline model. Processes are mapped and employees are interviewed to assess their understanding of security and the role they play in protecting company assets.
Many services offer to map your environment; APS goes further employing a proprietary tool that scans your entire network locating and identifying all personally identifiable information and other regulated data. This is the critical data that is a target of breaches. Without knowing where this data resides it is impossible to protect it. Once it is identified, then suitable steps can be taken.
Based upon your industry, APS evaluates your regulatory compliance position. Failure to be in conformance to all applicable regulations endangers your information and your company, as the government may hold you responsible for all damages from the leaked information. Cyber insurance issuers will consider your compliance when processing a claim, and non-compliance can be grounds for non-coverage.
The results of the baseline assessment will show your cyber security maturity level and cyber risk score. These then identify areas for improvement and a course of action is prescribed.
The action plan may include steps for securing technology, redesigned processes and an Awareness & Education program for employees.
The result of the assessment will be recommendations to improve your maturity level and cyber security score. It will be used in creating the course of action tailored to your situation and your specific company.
An incident response plan is created during this time that clearly lays out the steps to take in the event of a cyber incident. Addressed in the plan are what to do, and not do, to protect data and the environment, how to communicate with customers, partners, employees, law enforcement and regulatory authorities.
In the event of a security breach, APS offers full forensic services performed by experienced and qualified team members. The probable cause of the breach is identified and the extent of the breach determined. Steps are taken to contain and repair the damage.
The Incident Response plan is activated with communications to all affected constituencies. Experience is very clear, after a breach occurs is no time to create an incident response plan.
Architecture & Implementation
APS's Architecture & Implementation Service may be conducted before or after the Threat & Vulnerability Management Service. If before, then the baseline evaluation as described in that service is conducted here. If after, then the architectural changes to meet the identified shortcomings are designed.
APS will partner with you to identify shortcomings of the current architecture as it pertains to your technology environment, business operating model and culture.
Taking these factors into account, APS will design an architecture to improve the security posture and achieve the strategic objectives of the business.
In designing the architecture, cloud services will be evaluated as appropriate. A migration plan to implement the new architecture will be delivered. If you wish, APS offers implementation assistance.
Managed Services & Analytics
Managed Services and Analytics is an on-going service offering from APS. This service monitors your environment for threats and takes steps to protect you. Depending upon your current maturity level, it may be prudent to improve that rating and security posture. If so, APS will work with you to achieve this.
Periodically, the baseline will be updated and re-assessed identifying opportunities to improve the security.
APS’s proprietary analytics will be used to examine various aspects of the IT environment and data traffic to identify anomalies for further investigation. People, processes and technology will all be considered in the evaluation. People’s understanding and awareness of security and the role they play in protecting company assets will be re-evaluated and appropriate actions recommended.
Cyber security is complex and has a significant set of regulations that need to be followed. APS’s Regulatory Compliance service examines your environment for compliance to all cyber regulations applicable to your company. However, as with many regulations, the world changes more quickly than the regulations, so minimal compliance satisfies the regulators but may not be all you can do for cyber protection.
In performing this evaluation, our team will look at your regulatory compliance, and at an overview of your cyber protection. The result is recommendations of areas for further examination and high level steps to take to improve protections.
Monitoring Tools & Services
Monitoring tools and services abound; all claiming to offer better information or protection. Knowing which ones really deliver takes experience. Knowing which ones to use in a particular situation or for industry specific conditions takes more experience.
APS teams bring that experience to bear in determining the optimum choice of tools and services to meet your needs in cyber protection. The choice will be based upon your industry, business operations model, culture and risk profile.
Forensics is a critical aspect of cyber protection. If a breach is suspected forensics is the approved means of determining if a breach occurred and if so, the extent of the breach, the damage done, and most likely way it occurred. If a breach is suspected, cyber insurance policies and firms typically require a qualified firm perform a forensics analysis to determine if a breach occurred and its extent before processing a claim.
APS’s forensics analysis is performed by skilled and experienced team members certified to perform forensic analysis. The analysis is typically performed as part of the Threat and Vulnerability Management service. However, it can be performed as a standalone service. APS is the firm of choice to perform this service for one of the largest cyber insurance firms.
Research & Resources
APS offers two research services; Product Reviews and New Threat Surfaces.
APS Product Reviews offer our assessment of new security products including the types of companies and environments most likely to benefit from the use of the product. This can help you sort through the myriad companies and claims all offering the latest and greatest cyber protection.
APS’s New Threat Surfaces service keeps you apprised of the latest methods of attack and the steps necessary to protect against them.