what do these engagements focus on?
Compliance efforts focus on helping clients meet and exceed a myriad of regulatory requirements and industry standards. Some of the most popular that I help with are:
ISO 27001 - I am not an official certification body, however, the good news is the vast majority of small to mid-sized businesses don’t need to be certified! Official certification against ISO 27001 is extremely expensive and very much overkill for most businesses. Using the framework to guide an information security program, however, is quite helpful.
NIST Cybersecurity Framework (CSF)
Health Insurance Portability & Accountability Act (HIPPA)
EU General Data Protection Regulation (GDPR)
Gramm-Leach-Bliley Act (GLBA)
Personal Information Protection and Electronic Documents Act (PIPEDA)
California Consumer Privacy Act (CCPA)
Federal Information Security Management Act (FISMA)
Sarbanes-Oxley Act (SOX)
CIPA/COPPA/FERPA for educational institutions
Governance - Most organizations do not understand what role governance should play in their business, especially when it comes to cyber governance. I usually help clients with:
Adding a cyber element to an existing governance program.
Building a governance program that is focused on cybersecurity.
Improvement of an organization’s cross-team and frontline to leadership communication efforts.
Training leadership on how to make risk-based cybersecurity decisions.