Advisory ServicesIT Audit and Compliance
Information security functions must play a highly visible, cross-functional role within an organization. Coalfire helps to identify the IT security resources, operations, reporting structures, and program responsibilities needed by the organization to:
Manage security as an effective, proactive process;
Maintain consistent security operations, assessments, and reporting;
Build appropriate roles and responsibilities for security oversight and management;
Establish accountability for organizational information, assets, and controls;
Justify the right investments in IT security based on sound cost-benefit analysis
Coalfire engages not only the IT departments of the companies we serve, but also senior management concerned with their organization’s reputation and security profile. Retaining Coalfire as an advisory partner is the wise choice for business leaders who seek to respond to their stakeholders’ increasing concerns and the media’s growing attention to IT security and compliance issues.
Information security policies represent one of the most powerful risk management controls that an organization can deploy. Policies establish leadership positions on key control issues throughout the organization and provide clear security and control instructions to management and staff. Our policy development service creates a set of information security policies that are derived from your risk and compliance control programs - ensuring proper alignment of security control objectives and policy requirements.
Coalfire provides templates and advisory services to develop or enhance IT security policies that adhere to ISO 27001 and 27002 standards as well as provide a framework to achieve compliance with GLBA, HIPAA, FISMA, and PCI regulations.
Business Continuity Planning (BCP)
Business Continuity Planning (BCP) is a critical security requirement for any organization that needs to minimize the impact of business or IT service disruption. Coalfire's BCP service is structured to help organizations implement a full lifecycle of business continuity planning (BCP). Processes needed for regular BCP testing and adjustment include:
Business Impact Analysis
Disaster Recovery Plan Development
Incident Response Planning (IRP)
It happens every week: a company loses a set of backup files. An outsider socially engineers company information from an employee. An employee finds suspicious software running on a back-office PC. A laptop is stolen from a senior manager's car. Information security events will happen to every organization. How the organization defines, escalates, addresses and ultimately resolves these events is important to preserve:
The privacy of your customer and employee information;
Company credibility, reputation, and image;
The integrity of your business information.
Our Incident Response Planning service delivers a full set of policies and procedures that are designed to help your organization handle information security incidents, including event escalation, containment, eradication, communication, and post-mortem analysis.
As recent highly publicized data breaches expose weaknesses in managing data protection throughout integrated systems, leading organizations are establishing vendor management programs to clearly define controls and enforce compliance with their vendors. Coalfire has developed proven templates and processes to manage vendors and service providers in compliance with PCI, GLBA, HIPAA, and other state and federal regulations.