Cyber Assessment and Readiness (CAR)™
Our solution will:
- Provide a comprehensive assessment of your gaps with NIST SP 800-171 and current CMMC 2.0 guidance
- Develop a plan to demonstrate compliance at the lowest possible cost
- Provide added protection against breaches and malware
- Train your staff how to practice good cybersecurity
- Provide evidence for customers and regulators to prove you take cybersecurity seriously
You Get the Complete Solution
- Annual risk and gap assessment – we find the gaps between your company and NIST SP 800-171/CMMC, and help you address them.
- High Value data inventory – High Value datasets that need elevated levels of security controls
- Third party vendor assessments – review each tier of the supply chain for appropriate security controls
- Train your users on common cybersecurity mistakes – monthly training videos that are reviewed on demand.
- Detect suspicious activity – analyze firewall logs for indications of an attack.
- Secure computing – Review system configurations for alignment with industry best practices.
- Secure mobile devices – checklists and tests to make sure your smartphones and tablets are configured properly.
- Incident response tests – quarterly phishing campaigns that will test how your employees will behave if targeted.
- User security tests – quarterly reviews with users to confirm that your security controls are maintained.
- Find the vulnerabilities before they are exploited – quarterly scans of your high value systems and of your enterprise.
- Monitoring for suspicious changes – on-going monitoring of your network and DNS records to identify potential threats.
- Executive cybersecurity briefings – semi-annual reviews of your security plans and outline current ongoing risks.
Cost and Purchase Options
COMPACT:
- CMMC Readiness Assessment
This assessment, a series of predefined questions about the current state of their organization’s security controls, will be done through a survey that ITSC will provide. The analysis of the assessment is a spreadsheet highlighting where there are gaps in security controls for CMMC levels 1-3, depending on a predetermined level.
Cost: $1,500 | CMMC Levels 1-3
ECONOMY:
- COMPACT Deliverables +
- Dashboard with findings explained
- Plan of Action and Milestones (POAM) with remediations
- Review of current ISPs and SSPs
- Security Policy Templates
Cost: $7,000 | CMMC Level 1
INTERMEDIATE:
- ECONOMY Deliverables +
- INTERIM RULE Deliverables +
Cost: $9,000 | CMMC Level 1
- 17 Practices
Cost: $25,000 | CMMC Level 2
- 110 Practices aligned with NIST SP 800-171
LUXURY:
- INTERMEDIATE Deliverables +
- Virtual Chief Information Security Officer (vCISO)
- Hands off autonomous option providing the highest level of service
Cost: Call for a customized quote | CMMC Levels 1-3
CAR Package Add-On
INTERIM RULE:
- DoD Interim Rule Assessment
- Review of current ISP and SSP
- IT Security Policy Templates
Cost: $3,750
For more information email CAR@ITSC-SS.com.
Cybersecurity Training – Cyber Awareness & Training (CAT)
Provides cyber awareness and training in the following areas
BASIC:
- Cyber Hygiene Basic
- Phishing
- Controlled Unclassified information (CUI)
- Physical Security/Device Management
INTERMEDIATE:
- Threat Management
- Advanced Cyber Awareness
- Secure Architecture
- Initial Cyber Forensics
- How to Build a Security Operations Center (SOC)
- Incident Response
- Risk Management
- Vulnerability Management Best Practices
- Penetration Testing
- COOP/DR Planning
ADVANCED:
- Red Teaming
- Artificial Intelligence (AI) Discovery and Automation
- Advanced Threat Analytics and Incident Recovery
- Enhanced Insider Threat Programs
For more information email CAR@ITSC-SS.com.
Virtual Chief Information Security Officer (vCISO)
ITSC provides adaptive vCISO solutions that fit SMB enterprises.
- Defining security strategy and goals
- Determine Risk Tolerance
- Implement security and compliance governance
- Build Compliance Reports
- Draft security budgets and customer specific security solutions
- Develop System Security Policies
- Review current internal security controls
- 24/7 availability for cyber event analysis
- Attend monthly or quarterly executive meetings and board meetings
- Provide other advisory input as defined
- Architect and implement adaptive SOC Solutions
For more information email CAR@ITSC-SS.com.
ITSC Virtual Security Operation Center (vSOC)
Flexible Security for Any Architecture
- Endpoint Log Aggregation- SIEM
- Data Encryption
- VPN
- Multi-Factor Authentication
- Firewall
- Threat Intelligence
For more information email CAR@ITSC-SS.com.
Virtual Incident Response (vIR)
- Define Incident Response Plan
- Prepare public information release
- Correlate logs to generate forensic analysis report
- Evaluate event boundaries
- Submit remediation actions to senior leadership/board
- Submit government notification within 72 hours
- Generate root cause analysis
- Review of disaster recovery plan
For more information email CAR@ITSC-SS.com.