Every organization needs to achieve a certain level of information security, but that level varies from business to business. We developed a security certification program that starts with small steps and gradually moves you through three levels as your organization matures.
Level 1: Information Security Training and Awareness—Class
A single click by an unaware employee can make any system vulnerable to a cyber attack. Our one-hour program can have more impact than $1 million worth of security equipment. Participants will receive a certificate of completion.
The class covers the basics of information security:
- General terminology
- Industry-specific information
- Mobile devices
- Web browsing
- Email threats
- Incident and response procedures
Level 2: Information Security Training and Awareness—Program
This training and awareness program includes all the topics covered in Level 1, plus "train, test, and train" activities to measure knowledge. Participants are subjected to a social engineering (phishing) activity, followed by a review of how they responded and how they could have recognized the activity. The goal is for the team to understand the potential impact a breach could have on the business. Deliverables include a results report and certificates of completion for employees and the employer.
Level 3: Information Security Program (CISO Agreement)
This customized program can incorporate any of the services in the Identify, Defend, and Respond categories shown below. Based on a business risk approach, the goal of this program is to establish, implement, operate, monitor, review, maintain, and improve the security in your organization.
This program includes the services of a Chief Information Security Officer. It begins with an assessment of risks and provides training and awareness classes and testing. Deliverables include certificates of completion and a plaque for the employer after completion of the first-year activities.
- Phishing exercises
- Risk assessments
- Penetration testing
- Vulnerability assessments
- Application fuzzing
- Data loss prevention threat assessments
- Wireless threat assessments
- Security benchmark and reporting
- Firewall installation and configuration
- System hardening
- Port filtering
- Web filter
- DRAAS solutions
- Wireless hardening
- Security breach response
- Host Intrusion Prevention and Detection Systems
- Network Intrusion Prevention and Detection Systems
- Egress filtering
- Expert forensic analysis