Cybersecurity demands a month-in, month-out commitment to habitual activities that fortify your environment. Our team is relentless, constantly researching and assessing your infrastructure against a backdrop of international security intelligence. We know what it takes to be at the top of the game, and we’re going to get you there.
Have a question about Agio SEC Cybersecurity Readiness Program?Contact Us
Qualifications & Associations
Agio provides managed IT and cybersecurity services to firms at every stage, including technology hosting, monitoring, management, disaster prevention and recovery, managed security, cybersecurity consulting, and other high-end services.
Over the last five years, the number of cyber attacks on businesses increased by 144%, the cost of cyber crime per company has increased by 95%, and the average time to resolve incidents has increased by 221%1. Faced with the reality of this increasing threat, the SEC issued the 28-item OCIE Risk Alert in April 2014, followed by a Guidance Update a year later in April 2015. Additionally, a stream of large corporate breaches, including Target, Home Depot, eBay, JP Morgan, Sony, and others, exposed critical vulnerabilities that ignited investor and C-Suite pressure, demanding firms to act.
As a trusted and premier MSP to hedge funds at every level, we saw the need to not only leverage our expertise in cybersecurity, but also create a program specifically aligned with the SEC OCIE Risk Alert so you, and your investors could sleep at night. Agio’s SEC Cybersecurity Readiness Program is a proactive, methodical approach to cybersecurity, under the direction of a virtual CISO, which aligns with the SEC OCIE Risk Alert and drives clients toward compliance. Through Risk Assessments, Penetration Testing, Security Architecture, and more, we’ll spend 24 months getting you and your environment fit. You’ll begin seeing immediate results within the first few months, and each month that follows you’ll be put through exercises, seminars, testing, and briefings that will continue to develop fitness at a digestible level. ×
We begin by evaluating your firm’s information security program, policies, workflows, vendor relationships, security architecture, and user awareness. These functional areas are then measured against the NIST Cybersecurity Framework and the 28 areas of interest from the SEC OCIE Risk Alert. Consider the first six months of Agio’s SEC Cybersecurity Readiness Program as boot camp, where we provide you with deliverables that help you respond to investors and the SEC Risk Alert. The remaining 18 months is training and conditioning, helping your firm develop tier one cybersecurity habits. Activities include:
Security Risk Assessment -With SEC/OCIE Gap Analysis
-Based on NIST Framework
Policy Review & Development
Social Engineering Testing: Phishing, Pretexting, USB Drive Baiting, Physical Office Security, etc.
One or two internal security engineers don’t stand a chance against the thousands of advanced hackers out there dedicated to breaching your network. You need an army—no ordinary battalion will do. You need rigorously trained, hardcore, unshakeable, obsessed cybersecurity special forces. Meet Agio Security. Our team has over 20 years of security experience, including deep PCI, HIPAA, and NIST expertise. We eat security and compliance for breakfast. Additionally, our proactive relationships at the SEC ensure we have a direct line to the latest and greatest intelligence. We’ve got you covered.
CISO on Deck
Every team needs a great leader: someone who’s strategic, proactive, and can lead their troops in and out of the stickiest, most dangerous situations. With our SEC Cybersecurity Readiness Program, you not only get special forces, you get experienced, forward-thinking CISO guidance to oversee your environment’s security and compliance posture. In monthly check-ins, we sit down with you to discuss the best long-term direction for your firm and the decisions and tactical execution required to get you from A to B. With this type of ground and air support, you can rest assured you’re setting your firm up for success now and in the future.
Agio Incident Response is a planned program designed for the unplanned. Over the course of 12 months we onboard, organize, prep and continually test your ability to respond when a breach happens. We get, and keep you, battle-ready so when an attack happens, we mobilize immediately and effectively, neutralizing the threat and containing your exposure.
Here’s what the program includes:
o Environment Discovery
o Data Mapping
o Incident Response Plan Development & Review
- Incident Response Policy
- Data Classification Policy
- Incident Response Procedure
- Incident Response Communication-Chain of Command Procedure
o Tactical/Operational Incident Response Tabletop Exercise
Monthly Incident Response Readiness Review
Quarterly Status Review (monthly for first three months after going live)
o Intelligence Briefings
o Cybersecurity Events & Incidents Statistics Review
Annual Executive IR Tabletop Exercise
Incident Response Annual Review & Report
Red Team Security Assessment* (annually, if applicable)
It’s about practicing chaos. You’ll never be able to predict the specific type of breach your firm will ultimately fall victim to, but you can predict how you respond. And that response is comprised of the people you have in place, the processes you’ve implemented, and the technology that supports it all. How do these three facets interact with one another when tragedy strikes? Where are the loopholes, the gaps, and the ambiguity within your plan?
These are the details, when left undiscovered, unremediated and unrehearsed, create chaos on top of chaos for organizations.
We’re here to fix that. By proactively learning your environment, mapping what data lives where, reviewing your policies with a critical eye, and then practicing chaos, we improve your reaction to a breach. Your response goes from languid, haphazard and insufficient to immediate, efficient, and most importantly, effective.
It’s tempting to sit back and hope that a breach won’t happen. Or maybe when it does, that it’s not that bad. But when your company’s operations, reputation, and even your career are on the line, hope isn’t a strategy. Because even if the initial breach doesn’t bring down your environment, the longer the malicious activity goes undetected and unaddressed, the worse it gets. What may have started as a cybersecurity event, can quickly escalate to an incident and a full-blown breach.
TIME IS MONEY
Then there’s the financials. Bringing in an Incident Response team only after a breach guarantees one thing; you’re going to pay. Why? Because the firm you bring in, even if they’re the best, doesn’t know your environment. They don’t know where your data lives; they don’t know how you collect and store that data (for analysis); they don’t know your policies; and they don’t know who’s involved in your Incident Response Plan. They’re flying blind, and it’s going to take them time to get up to speed. That’s time you’re paying for, and even more importantly, that’s time in which the breach is getting worse.
By investing in an Incident Response service, proactively, you drastically reduce your time to resolution, which means less money out the door, less exposure and ultimately less damage. And you look good for preparing for the inevitable. You took chaos, mapped it, prepared for it, and even amortized it (i.e the cost). Well played.