Risk and Compliance
Focus on company culture
Risk and compliance are not just security issues to be solved by an organization’s information security group, especially if that group resides within the IT department. Since most risk frameworks contain a significant focus on policies and procedures, understanding organizational development and culture is essential to successfully implementing security related policies and procedures. Using years of study in management and human resources, C G Silvers Consulting blends this knowledge with a deep understanding of not only individual risk frameworks, but also enterprise risk management.
Business process analysis
Risk assessment starts with an analysis of business processes. Using a “hacker mindset” C G Silvers Consulting is able to view business processes in such a way to immediately identify areas of risk or “loopholes” in processes that might enable someone to leverage those loopholes to cause the organization harm. In the case of PCI related business processes, this can mean disaster in the form of compromised consumer credit card information. Therefore, it is a critical first step in the PCI DSS Gap assessment process.
Once business processes are understood and enhanced, a network architecture review can be used to isolate critical systems from those that may not need the heightened level of security. While this strategy serves to reduce the scope of many compliance requirements, such as PCI DSS and HIPAA, it also provides creater risk mitigation. The additional advantage of network segmentation is that in most cases, it reduces the expense a company faces with establishing and maintaining compliance.
In addition to interpreting security controls, requirements, and safeguards, C G Silvers Consulting works with clients to create a strategic risk management roadmap and becomes their partner in implementing solutions. With more than two decades of experience in the security industry, we know someone who can solve any security issue you have. Our partnerships with solution providers are built on personal relationships, not some business arrangement, so you can be assured that C G Silvers Consulting will stand behind any referrals.
Whether you are concerned about PCI DSS as a merchant or service provider, concerned about HIPAA as a covered entity or business associate, concerned about NIST SP 800-171 as a defense contractor, or just want some level assurance against an industry standard such as the SANS Top 20 Critical Security Controls, C G Silvers Consulting can provide you with solid assistance to achieve and maintain an effective risk management program.