Governance, Risk and Compliance
CyberClan’s Governance, Risk, and Compliance (GRC) consulting services provide support across the broad issues of corporate governance, enterprise risk management, and effective corporate compliance.
CyberClan’s defensive cybersecurity strategy includes: Governance, Policies, Standards, Procedures, Security Awareness Training, Security by Design based on industry-recognized leading practices include ISO, NIST, OWASP, CSA, Secure Controls Framework (SCF), and others.
We can help organizations identify, remediate, monitor, and manage cyber risk as well as coordinate the utilization of people, process, and technology to improve GRC effectiveness and help manage overall costs.
Our GRC services include, but are not limited to:
NIST CSF Based Risk Assessments
NIST CSF Based Risk Assessments
The NIST Cybersecurity Framework (CSF) has gained visibility around the world and has established itself as a framework that is easy to implement and to improve. CyberClan can help you identify where you stand and provide guidance on where your organization should be.
HIPAA Risk Assessments
HIPAA Risk Assessments
Our HIPAA risk assessments can be used to address the mandatory HIPAA Security Rule requirement for Covered Entities and their Business Associates to conduct an annual HIPAA risk assessment.
Policy Review / Development
Policy Review / Development
Policies are critical to the success of a cybersecurity program. CyberClan can provide templates as well as customized policies that are tailored to your specific organization. If you have policies already in place, we can review those policies for any gaps that might expose the organization to risk.
Incident Response Plan Review / Development
Incident Response Plan Review / Development
Incident Response plans are designed to help IT staff detect, respond to, and recover from network security incidents. CyberClan can help your organization develop an incident response plan or perform a detailed analysis of your organization’s existing IR plan to assess the level of detail documented in current plans and validate key measures to take in the event of a crippling cyber-attack. The assessment may be combined with a Tabletop exercise.