Through the Procyon Security Group, Orvin can help your mid- or large-sized organization in two ways:
- Deliver a particular service on a project basis.
- Provide a variety of these services along with general security advice as a part-time service advisor.
Security threat risk assessments
Assess the threats facing your organization, and determine where and how your data is at greatest risk, and where you can get quick wins in protecting your data. A security threat risk assessment is an important first step to protecting your data in an efficient and methodical way. For organizations that need to perform many assessments, a custom methodology tailored to your needs and level of risk tolerance can be developed.
Security program and process implementation
Protecting the confidentiality and integrity of information means having solid security processes. Mobile device management, change control, patch management, procurement and vendor management, and incident handling are a few of the many security challenges that organizations have. Orvin can work with your organization to develop these processes to protect and manage your data appropriately and cost-effectively.
Your organization may have legal or contractual requirements such as:
- privacy laws for any personally-identifiable information
- the Payment Card Industry Data Security Standard for credit card information
- anti-spam legislation
- industry specific rules
Orvin is an excellent translator between IT staff, lawyers, accountants and business people. Contact Orvin to work with either your IT or legal team and help you understand your obligations and implement them cost-effectively.
A weak link that hackers often target is an organization’s people. They trick users through phishing attacks, or exploit their mistakes which open up security vulnerabilities. Security awareness sessions can help your people protect both themselves as well as your organization. Ask Orvin to present to your staff or prepare a security awareness program.
Governance and Management
Good governance is important, especially when using the cloud or when you rely heavily with external parties. Contact Orvin for help with developing strategies, governance structures, policies and metrics so that security contributes to achieving your business goals. Orvin can also review or negotiate the security aspects of your contracts with external parties, or assist you with dealing with them.
Audit preparation and “fatigue” reduction
Security audits consume time and effort, and can be challenging to deal with. There are also many different types which make things complex and can be confusing, such as PCI, SOC1 & SOC2, SSAE 18 and CSAE 3416 to name a few. Contact Orvin if you want help with dealing with one or more audits, responding to auditor’s questions, and figuring out how to spend less time meeting auditor’s demands.
If you have a specific security issue that needs assistance, contact Orvin to see if he or his partner organizations can help.