Cybersecurity Program Development

STIGroup has a proven methodology for the development and implementation of a Cybersecurity program for your business.  While a consistent methodology is necessary, experience and expertise in the nuances of your specific industry is vital to the successful institution of a Cybersecurity program.  STIGroup has the breadth of industry experience (financial, healthcare, e-commerce, mass transit, power, political and think tank, manufacturing, insurance, etc.) to apply our methodology effectively while accounting for the specific needs of your organization and industry.

Risk Assessment & Policy Development
A review of your business processes and the associated information flow is conducted in order to establish the risk to the business represented by current and anticipated threats to the security of your information.  Clarifying the risk by defining information sensitivity and criticality levels forms the basis for development of an effective Information Security Policy.  A formal Information Security Policy is then developed which defines the technical and procedural controls to ensure the confidentiality, integrity, availability, and accountability of your organization’s information. 

  • Business Process Review
  • Information Flow Analysis
  • Information Security Threat Analysis
  • Regulatory Requirements Review
  • Policy Gap Analysis
  • Information Classification
  • Administration Policy
  • Assurance Policy
  • Usage Policy
  • Incident Response Procedure

Audit & Security Posture Assessment
STIGroup conducts a thorough analysis of your systems and associated processes to measure their resistance to internal and external threats.  All aspects of your technology environment are reviewed and tested for compliance with industry specific regulations as well as existing corporate, partner, and/or customer standards and policies.  The deliverables from this phase of the process emphasize the structuring and prioritization of recommendations for addressing identified threats and achieving compliance with existing regulations, standards, and policies.

  • Internet Penetration Test
  • Server/Host Configuration & Security Audit
  • Infrastructure Configuration Audit
  • Regulatory Compliance Audit
  • Application Audit
  • Vulnerability Scanning
  • Wireless Network Audit
  • Policy & Procedure Audit

Architecture, Remediation, & Certification
With over 30 years of industry experience in technology services and solutions, STIGroup excels at providing secure, stable, and scalable solutions to alleviate internal and external threats to your information.  STIGroup resources effectively integrate new security infrastructure, systems, and software with your existing technology environment while ‘hardening’ existing systems to mitigate vulnerability.  Changes to current and newly developed processes are effectively balanced with technology based controls to achieve the security goals of your organization. 

  • Firewall Architecture and Implementation
  • Intrusion Detection and Prevention Systems
  • Endpoint Security Solutions
  • Proactive Vulnerability Scanning Tools
  • Policies, Procedures, Standards and Guidelines
  • Network and System Hardening/Logging
  • Virtual Private Networking - VPN
  • Event Management and Logging
  • Authentication and Identity Solutions
  • Encryption Solutions
  • Breach Detection Technologies
  • Compliance Workshops (PCI, HIPAA, etc.)

Information Security Management
STIGroup consultants implement technical and procedural measures to effectively manage your information security.  Our service offerings include real-time monitoring of network traffic and SEIM systems for inappropriate activity, management of firewall, intrusion detection, advanced threat detection, and Honeypot systems, periodic vulnerability scanning, and appropriate response services.  This proactive approach to security management ensures compliance of your technology environment with existing regulations, standards, and policies. 
  • Managed Security Services
  • Security Staffing Solutions
  • Managed Breach Detection
  • Managed Intrusion Detection Solutions
  • Managed Content Filtering Solutions
  • Managed Endpoint Security Solutions
  • Proactive Vulnerability Management
  • Incident Response and Recovery
  • Technology Forensics
  • Governance and Strategic Consulting