We know that cybersecurity has become an increasing focus of regulators and it continues to be an SEC priority. It impacts your investors, involves a firm’s board, officers, and other senior management because of the inherent risks associated with any single threat to a frm’s cyber environment.
We partner with another cybersecurity firm to provide our clients with a comprehensive and understandable set of cybersecurity services. Yes, we oversee the process for you. One of our partners will work alongside a top cybersecurity firm, including, if you so wish, a law firm (which maintains attorney-client privilege) to help you navigate all the complex regulations and demands placed on your organization.
We offer the following services:
We partner with another cybersecurity firm to provide our clients with a comprehensive and understandable set of cybersecurity services. Yes, we oversee the process for you. One of our partners will work alongside a top cybersecurity firm, including, if you so wish, a law firm (which maintains attorney-client privilege) to help you navigate all the complex regulations and demands placed on your organization.
We offer the following services:
Operational Cybersecurity Assessments (annual)
- Perform the required annual qualitative cybersecurity assessment
- Evaluate the efficacy of our client’s cybersecurity controls (including IT infrastructure, governance and controls, monitoring and scanning, detection control, operational procedures, mobile security controls, incident response)
Tailored Cybersecurity Policies and Procedures (ongoing, hourly)
- Conduct initial overview of client’s cybersecurity risk exposure
- Map each client’s current cybersecurity baseline controls (vs regulatory requirements)
- Develop an achievable set of operational technological, governance, and security controls mapped directly to all SEC requirements, encompassing user security access, information protection, threat and vulnerability management, and incident management
- Identify and help procure appropriately scaled cybersecurity technologies
- Assist with hardening systems
- Provide guidance on appropriate governance, record-keeping, and document-retention controls
- Draft related documents such as business-continuity and disaster-recovery plans
- Prepare a cybersecurity roadmap for the proposed cybersecurity program with estimated budget levels and suggested timelines
Annual Cybersecurity Written Reports
- We will review or assist in drafting the required annual cybersecurity written reports
Administer and Oversee Cybersecurity Programs
- Review, discuss, and assist in prioritizing various day-to-day cybersecurity occurrences, incidents, and questions
- Assess various technical outputs, scanning results and monitoring reports
- Conduct or assist with vendor due diligence
- Assist with documenting all monitoring, detection, and response activities and compliance with books and record rules
- Provide or oversee cybersecurity employee training and education
- Provide or review penetration testing
Respond to Cybersecurity Events and Incidents
- Assess the design and efficacy of the client’s current cybersecurity program
- Address changes in the client’s cybersecurity risk over the current year
- Explain the annual review process, any control tests, and the results thereof
- Identify any material changes made to the client’s cybersecurity program (if needed, we coordinate with a client’s technical consultant)
Related Services
We can also provide related services to assist clients in enhancing existing cybersecurity programs and related endeavors, such as:
- Managing counter-party cybersecurity risk management
- Explaining cybersecurity controls in ODD examinations and inquiries
- Procuring cybersecurity insurance
- Defending cybersecurity programs in regulatory examinations and investigations
- Conducting mock cybersecurity examinations
- Conducting pre-closing IT and security diligence for M&A transactions