TouchstoneISP™ Managed Cybersecurity Program
Building an Information Security Program is tough. There are a myriad of complex laws and regulations that require adherence to strict information security standards. Penalties for noncompliance can cost tens of thousands. TouchstoneISP™ can help make sense of your information security needs. Our team has experience building, implementing, and maintaining cybersecurity programs for businesses of all sizes, from mom and pop shops to Fortune 500 companies. We pride ourselves on our commitment to delivering effective lightweight Information Security Programs that fit each of our customers unique needs.
Building a cohesive and effective Information Security Program is critical in 2020
Our team will work directly with your key stakeholders to draft policies, procedures, and plans that can help you respond to incidents and unforeseen events rapidly and efficiently. Our approach consists of two phases.
Phase 1 – Planning
We begin by performing an assessment and determining the proper framework for your security program. Frameworks include NIST 800-53, NIST 800-171 rev2, NIST 800-171B, NIST Cybersecurity Framework, ISO 27002:2013, CERT RMM v1.2, CIS Critical Security Controls v7.1, and Secure Controls Framework (SCF).
The TouchstoneISP™ program puts a strong focus on risk and compliance. A single cyberattack or unforeseen disaster can destroy a business. We start by working with your senior management to identify the biggest risks to your business which are documented in the Risk Assessment. We then work with you to define a level of “acceptable risk” before selecting a Framework and developing an ISP Manual which details how your organization intends to mitigate risks to an acceptable level. Many companies regard this planning as wasted paperwork – it’s not.
With TouchstoneISP, you will get actionable plans you can use to effectively manage risk
During this phase we also perform a comprehensive compliance evaluation. Compliance is absolutely critical in today’s regulatory environment. The acronyms can feel completely overwhelming: GDPR, FINRA, HIPAA, PCI DSS, CCPA, NYDFS Cybersecurity Regulation, the list goes on. Our world-class team at Touchstone has experience helping small businesses to large enterprises meet compliance requirements in a cost-effective way without causing major interruptions to your business. We work to understand all applicable requirements that your business may need, then by selecting and following the best applicable Framework, we design a single approach that meets those requirements.
Phase 2 – WISP
Phase two consists of writing your Information Security Program (ISP) to include all the policies and procedures required according to your ISP Manual from Phase 1. Your company will be assigned a senior-level CISO with experience securing large enterprise organizations. Their role will be to ensure your ISP meets your regulatory requirements. Then, we will provide a detailed requirements document roadmap demonstrating the final requirements to fill the gaps with your organization so that you meet and exceed your ISP.
What’s included in TouchstoneISP™?
Your Company Prior to TouchstoneISP
- Disorganized Governance Risk and Compliance structure
- Lack of accountability, many employees not following even basic cybersecurity guidelines such as having anti-virus installed
- No defined level of acceptable risk, key risks to the business haven’t been evaluated
- No planning around incident response, disaster recovery
- Lack of understanding of critical compliance requirements or how to meet them
- Non-compliance puts the company at risk for tens of thousands of dollars in fines
- No in-house cybersecurity experience
The TouchstoneISP™ Difference
Organized and coherent Information Security Program based on the NIST Cybersecurity Frameworks
Easy to understand standards for all employees
Clearly defined levels of acceptable risk with an implemented Risk Management Plan to reduce risk
Clearly written Incident Response and Disaster Recovery plans to allow the organization to respond to a security incident quickly and effectively
Applicable compliance requirements clearly documented
A streamlined approach using the NIST Cybersecurity Frameworks to meet all applicable requirements and maintain compliance
Trusted cybersecurity advisor with decades of experience designing, implementing, and maintaining high performance but lightweight cybersecurity programs