TouchstoneISP® Managed Cybersecurity Program
Building an Information Security Program is tough. There are a myriad of complex laws and regulations that require adherence to strict information security standards. Penalties for noncompliance can cost tens of thousands. TouchstoneISP® can help make sense of your information security needs. Our team has experience building, implementing, and maintaining cybersecurity programs for businesses of all sizes, from mom and pop shops to Fortune 500 companies. We pride ourselves on our commitment to delivering effective lightweight Information Security Programs that fit each of our customers unique needs.
Building a cohesive and effective Information Security Program program is critical
Our team will work directly with your key stakeholders to draft policies, procedures, and plans that can help you respond to incidents and unforeseen events rapidly and efficiently. Our approach consists of two phases.
We begin by performing the assessments and building the base of your security program. The TouchstoneISP® program puts a strong focus on risk and compliance. A single cyberattack or unforeseen disaster can destroy a business. We start by working with your senior management to define the biggest risks to your business which is documented in the Risk Assessment. We then work with you to define a level of “acceptable risk” before drafting a Risk Management Plan which details how your organization intends to mitigate risks to an acceptable level. Many companies regard this planning as wasted paperwork – it’s not.
With TouchstoneISP®, you will get actionable plans that you can use to effectively manage risk
During this phase we also perform a comprehensive compliance evaluation. Compliance is absolutely critical in today’s regulatory environment. The acronyms can feel completely overwhelming: HIPAA, PCI DSS, NYDFS Cybersecurity Regulation, the list goes on. Our world-class team at Touchstone has experience helping small businesses to large enterprises meet compliance requirements in a cost-effective way without causing major interruptions to your business. We work to understand all applicable requirements that your business may need, then by following the NIST Cybersecurity Framework, we design a single approach that can meet those requirements.
Phase two consists of the Touchstone vCISO service. Your company will be assigned a senior-level CISO with experience securing large enterprise organizations. Their role will be to ensure you remain compliant with a myriad of ever-changing laws while also keeping your Information Security Program up to date.
Your Touchstone vCISO will hold monthly meetings with key stakeholders from your company to review what’s been put in place, plan and assess changes, and to document updates to policy. Hiring a Touchstone vCISO can help you cost-effectively achieve your cybersecurity objectives. Touchstone’s vCISO offering ensures that your company maintains the confidentiality, integrity, and availability of your data effectively.
What’s included in TouchstoneISP®?
Your Company Prior to TouchstoneISP®
- Disorganized Governance Risk and Compliance structure
- Lack of accountability, many employees not following even basic cybersecurity guidelines such as having anti-virus installed
- No defined level of acceptable risk, key risks to the business haven’t been evaluated
- No planning around incident response, disaster recovery
- Lack of understanding of critical compliance requirements or how to meet them
- Non-compliance puts the company at risk for tens of thousands of dollars in fines
- No in-house cybersecurity experience
The TouchstoneISP® Difference
Organized and coherent Information Security Program based on the NIST Cybersecurity Frameworks
Easy to understand standards for all employees
Clearly defined levels of acceptable risk with an implemented Risk Management Plan to reduce risk
Clearly written Incident Response and Disaster Recovery plans to allow the organization to respond to a security incident quickly and effectively
Applicable compliance requirements clearly documented
A streamlined approach using the NIST Cybersecurity Frameworks to meet all applicable requirements and maintain compliance
Trusted cybersecurity advisor with decades of experience designing, implementing, and maintaining high performance but lightweight cybersecurity programs