Agio delivers information security solutions to help clients manage risk, meet compliance requirements and maximize efficiency within your operations. Our dedicated experts know both the regulatory demands and business requirements you face every day. We partner with you to ensure the right actions are being taken to safeguard the confidentiality, integrity, and availability of your data; monitor, detect and respond to potentially harmful events; as well as ensure your critical operations and reporting remain compliant against vertical-specific regulatory requirements. We’ve got you covered.
A Security Risk Assessment measures how effective your firm is at protecting itself against cyber threats and unauthorized access to information. It identifies vulnerabilities that speak directly to the confidentiality, integrity and availability of any data that is created, processed, transmitted or stored by your firm.
The purpose of a security risk assessment is two-fold:
- To evaluate the effectiveness of your firm’s security controls in order to recommend corrective actions and to reduce overall risk.
- To assure compliance to the specific standard or best practice that applies to your firm’s industry. For example: SEC Cybersecurity Examination Readiness, HIPAA, Sarbanes-Oxley (SOX) requirements, NIST Special Publication 800-42, and FBI/SANS Top 20 Vulnerability List.
The results of the Security Risk Assessment yield a clear picture of where your highest risks or gaps are located. It also allows Agio to provide a risk rating that accurately determines the likelihood a threat agent will act on your environment, as we identify what the impact would be to your firm. Agio then provides a detailed corrective action plan, which includes recommendations so you can take proactive steps towards protecting your organization. You can bundle any combination of Agio’s other Security Assessments into the Risk Assessment as well, such as a Gap Analysis, Penetration Test, an External Vulnerability Assessment, etc. Agio’s Security Risk Assessment uses a risk-based approach to strengthen the overall security program of your firm.
We verify the integrity of your existing security infrastructure through Agio’s proven assessment methodology, which includes:
- Performing scans of all selected network sites, segments, and subnets
- Categorizing vulnerabilities by severity
- Researching and documenting the type of action(s) to be taken
- Recommending additional updates regarding global changes to improve your overall security
- Provide guidance for remediation
Understanding the actual vulnerabilities of your systems, and the potential impact they may have on your business, is essential. Targeted penetration testing validates vulnerabilities that pose the most significant risk to your environment, helping you to avoid things like fraud or loss of revenue. Additionally, pen testing is a due diligence activity that moves you further along the compliance continuum against industry regulation, customers and shareholder requirements. At the end of your assessment, we provide you with a prioritized list of recommended fixes and suggested implementation.
Along the path toward EHR implementation comes a set of security requirements mandated by HIPAA and HITECH. Specifically, HITRUST developed the HITRUST Common Security Framework, (CSF) which provides a set of standards and auditable controls that organizations should follow. Based on industry best security practices, it also addresses the inevitable situation of these organizations having multiple security and compliance requirements, mapping common requirements among these compliance standards to each other.
HITRUST trains and authorizes individuals to be HITRUST CSF Practitioners. Agio’s HITRUST trained and certified practitioners can assist you with understanding the CSF and perform a gap analysis. Specifically, this is an assessment of your information security implementation against the HITRUST CSF, defining areas where remediation needs to take place and preparing you for a formal HITRUST assessment.
Understanding that the matrix of possible architectures and deployments in a cloud environment can be complex and unique, the Cloud Security Assessment is scoped as a custom engagement to address the same. At the core, there are a number of things that apply across the board including:
- Vendor selection, management and monitoring
- Information Risk Assessment for data in the cloud
- Audit and Accountability
- Access Controls
- Incident Response
- Data Encryption
- System and communications protection
- System and information integrity
- Media protection and encryption
- Contingency planning
- Maintenance of systems
- Virtualization strategy, design and configuration controls
Using industry best practices and guidance from organizations like the Cloud Security Alliance, Agio’s Security Consultants can assess your cloud strategy and its secure implementation.
Written security policies are a requirement of every IT security best practice and compliance standard today. Good policies have executive-level sponsorship and are enforced through good management practices with the aid of technology. Most standards require that these policies are reviewed at least annually and when there are significant changes to the network.
Our assessments frequently find weaknesses in this area, even when the organization appears to be secure and adhering to best practices. We can assist you with your security policy in the following ways:
- Assistance with developing a security policy
- A gap analysis against various compliance requirements and/or best practices
- A review of security policy and technology configurations enforcing these policies for inconsistencies
Investing in technical security controls is essential for securing your organization’s information and ensuring privacy. But technical controls are not enough.
Consider for a moment that every employee and contractor is given access through gates, locked doors, authentication systems, firewalls and encryption systems. Clearly without end-user training on security best practices, it is impossible to secure your information resources or ensure privacy.
This fact, coupled with training mandates such as PCI, FISMA, SOX, GLBA, HIPAA and Red Flag, render a turn-key security and privacy awareness training program essential to any organization’s compliance and risk management initiatives.
Setting the Standard
Most major compliance regulations, such as PCI and HIPAA, already mandate that companies provide annual security awareness training; and in general, companies are becoming more aware of the growing need for security awareness training on a continuous basis. It is just good business in today’s environment.
In partnership with award-winning Inspired eLearning, Agio offers one of the most comprehensive and effective security awareness training programs in the marketplace. This highly interactive program covers acceptable use through real-world examples, malware, how to define a security incident and reporting of anomalous activity.
Training Program Portfolio
- 41-course security awareness training library for up to seven years
- Customized training modules (10-90 minutes per module) and supplemental materials
- Anti-phishing training, simulated phishing attacks, annual updates, monthly newsletters, and posters, among other materials to supplement training modules
- Certifications for every employee who completes a module
- Satisfies annual HIPAA and PCI training requirements
Agio is there for you when you have a security incident and need troubleshooting and remediation assistance. We understand that no one is able to foresee when and how they might be affected by a security incident. That’s why we sometimes meet our customers for the first time under these stressful circumstances.
Our Security Engineers have experience with analyzing problems and isolating possible causes. We are able to utilize their breadth of experience, our extended partner relationships, commercial and proprietary tools, and our own knowledge base to limit the effect of the issue and perform root cause analysis. Where desired, we can provide documentation and reports about the incident.