Strategic Consulting

SIG Cyber provides knowledgeable cybersecurity consultants who deliver value to your organization by helping create and manage your information security strategy.

Configuration Reviews and Audits

Identifying vulnerabilities or opportunities for improvement within applied configurations for network devices, security-related devices, or host operating systems.

SIG cyber offers security program development services.

Security Program Development/vCISO

Providing dedicated vCISO resources to help with reviewing/writing organizational security policies or guiding your security program with a roadmap for improvement.

Customized On-Demand Services

Providing cybersecurity expertise when needed including risk assessments, Incident Response Tabletops, customized information security policy development.

SIG Cyber Consulting Services

We provide knowledgeable cybersecurity consultants who deliver value to your organization by helping create and manage your information security strategy. Services include:

  • Information security planning and management
  • Development and enhancement of privacy and security policies, standards, procedures, and guidelines
  • Assistance with vendor negotiations on key cybersecurity hardware, software, and managed service solutions (SIG does not resell hardware or software)
  • Performing risk assessments to evaluate security gaps and spending needs
  • Managing key security controls such as vulnerability management, asset protection, and security awareness
  • Incident response planning and response activities

Comprehensive security policies written by security professionals. Our policies are designed to meet your compliance needs while optimizing your business requirements. Some of the policies we can help with include:

  • Access Control Policy
  • Acceptable Use
  • Disaster Recovery Plan
  • Password Policy
  • Incident Response Plan

Our training avoids the pitfalls of normal, generic security awareness training that puts employees to sleep. We do this by incorporating details from our experience and previous assessments that demonstrate the ramifications of employee actions to both their privacy and the organization as a whole.  Our security awareness training will educate your employees to:

  • Identify common indicators of an attack
  • Understand ways to protect themselves
  • Recognize the bypass of security controls
  • Report potential incidents

A firewall audit is a manual inspection of your firewall using the Center for Internet Security (CIS) benchmark and device-specific best practices. In addition, our engineer will review the firewall rules, searching for overly specific rules, proper rule sequencing, or other gaps in your security posture. Finally, the firewall audit will include network scanning to validate its effectiveness.

Developing a secure IoT solution depends on a number of security considerations. This assessment will evaluate the IoT device and its associated infrastructure against common attacks. It can include an evaluation of the edge device, the gateway, the cloud infrastructure, and/or any mobile applications. Our engineers will evaluate your IoT Device utilizing the OWASP IoT Framework Assessment methodology.

A formal risk assessment evaluates the threats to your organization, the vulnerabilities of your network, and the security controls you have in place to protect your network. A risk assessment correlates information from your security assessments and evaluates the overall risk to your organization to help drive strategic decisions.

Have a need not mentioned? Contact us today to customize an assessment or package to meet your security needs. Our engineers have a wealth of experience performing a wide variety of assessments, and we’re confident they can meet your needs. Let us know how we can help.

This assessment is an evaluation of your organization’s cloud infrastructure for security vulnerabilities. Our engineers will assist you in evaluating the unique security responsibilities associated with cloud computing. Individual services can include cloud application assessments, cloud infrastructure penetration testing, host/OS configuration audits, and cloud architecture reviews.