Patrick Rost

Information security is not just an IT function.  Risk is managed through administrative, physical, and technical controls.  Our approach is a unique combination of your knowledge of your business, and our knowledge of information security controls and how they work together.  Our consultants have not only technical skills but practical experience and common sense solutions to address business risk.

Our assessment process:

  • Through interviews and observations, we mutually review the practices contained in your target level.
  • For each practice we will ascertain whether the practice is currently being performed or not, and how it is being performed.
  • We provide guidance on best practices and options to accomplish currently unperformed or incomplete practices.
  • We mutually review the maturity of processes contained in your target level including documentation, policies, and planning.

Delivering recommendations:

Upon completion of the assessment, the client will have a list of CMMC practice gaps and recommendations.  Process maturity will be identified for each practice in your target level.  Each practice that requires additional documentation, policies, or planning will be reported.

We then suggest an action plan that offers a realistic approach to reaching your target level.  New security practices can be overwhelming.  Our action plan structures implementation timing and shared responsibilities to create a sustainable security culture.

Our remediation assistance services include:

  • Risk Assessments
  • User training and testing
  • Identifying and implementing technical controls
  • Assistance with documentation development
  • Creating policies
  • Incident response plans