Strategic Consulting

Strategic Cybersecurity Consulting

SIG Cyber provides knowledgeable cybersecurity consultants who deliver value to your organization by helping create and manage your information security strategy.

Configuration Reviews and Audits

Identifying vulnerabilities or opportunities for improvement within applied configurations for network devices, security-related devices, or host operating systems.

SIG cyber offers security program development services.

Security Program Development/vCISO

Providing dedicated vCISO resources to help with reviewing/writing organizational security policies or guiding your security program with a roadmap for improvement.

Customized On-Demand Services

Providing cybersecurity expertise when needed. This includes risk assessments, Incident Response Tabletops, customized information security policy development.

Strategic Cybersecurity Consulting Services

We provide knowledgeable cybersecurity consultants who deliver value to your organization by helping create and manage your information security strategy. Services include:

  • Information security planning and management
  • Development and enhancement of privacy and security policies, standards, procedures, and guidelines
  • Assistance with vendor negotiations on key cybersecurity hardware, software, and managed service solutions (SIG does not resell hardware or software)
  • Performing risk assessments to evaluate security gaps and spending needs
  • Managing key security controls such as vulnerability management, asset protection, and security awareness
  • Incident response planning and response activities

Comprehensive security policies written by security professionals. Our policies are designed to meet your compliance needs. And to optimize your business requirements. Some of the policies we can help with include:

  • Access Control Policy
  • Acceptable Use
  • Disaster Recovery Plan
  • Password Policy
  • Incident Response Plan

Our training avoids the pitfalls of normal, generic security awareness training that puts employees to sleep. We do this by incorporating details from our experience and previous assessments. It highlights the ramifications to personal privacy, and organizational exposure. Our security awareness training will educate your employees to:

  • Identify common indicators of an attack
  • Understand ways to protect themselves
  • Recognize the bypass of security controls
  • Report potential incidents

A firewall audit is a manual inspection of your firewall using the Center for Internet Security (CIS) benchmark and device-specific best practices. Our engineers will review the firewall rules, searching for overly specific rules, proper rule sequencing, or other gaps in your security posture. After the audit we will scan the network to validate the firewall’s effectiveness.

Developing a secure IoT solution depends on a number of security considerations. This assessment will evaluate the IoT device and its associated infrastructure against common attacks. It can include an evaluation of the edge device, the gateway, the cloud infrastructure, and/or any mobile applications. Our engineers will evaluate your IoT Device utilizing the OWASP IoT Framework Assessment methodology.

A formal risk assessment evaluates the threats to your organization, the vulnerabilities of your network, and the security controls you have in place to protect your network. A risk assessment correlates information from your security assessments and helps drive strategic decisions.

Have a need not mentioned? Contact us today to customize an assessment or package to meet your security needs. Our engineers have a wealth of experience performing a wide variety of assessments, and we’re confident they can meet your needs. Let us know how we can help.

This assessment is an evaluation of your organization’s cloud infrastructure for security vulnerabilities. Our engineers will assist you in evaluating the unique security responsibilities associated with cloud computing. Individual services can include cloud application assessments, cloud infrastructure penetration testing, host/OS configuration audits, and cloud architecture reviews.