Privacy

Privacy & Data Security

Regulatory Compliance
Review

$2500

to

$5000


Get Started

Review of legal and regulatory exposure relative to cyber security preparedness.

  • Independent Regulatory Agencies (e.g. SEC, FTC, FCC, CFPB, FDIC), FFIEC, FINRA
  • Federal statutory (e.g., SOX/GLBA/HIPAA/COPA)
  • State statutes (e.g., California data privacy and breach notification)
  • Status as a third-party vendor possibly subject to the regulatory authority governing the client/customer (includes services provided to, e.g., banks, communications companies, retailers, among others)
  • One hour of advice outlining possible and probable compliance exposure
  • One hour of advice highlighting possible compliance obligations (e.g., obligations of Board of Directors to approve of and oversee an information security program, fiduciary duties to shareholders, requirement of a risk management program, requirement of a risk management program, requirement for a robust vendor risk management program, etc.).

Information
Security
Audit

$4500

to

$8000


Get Started

An information security audit is designed to, among other things, identify information and physical assets in most need of protection, identifying apparent vulnerabilities, map out the "threat landscape" and attack vectors, and illuminate hidden risks and liabilities. An information security audit lays the groundwork for an organization to define its "risk appetite," and to strategically allocate a cyber security budget.

  • Review information security program documentation, if any
  • Identify and prioritize assets in need of protection
  • Assess base controls (e.g., data segmentation, identity and access control, information security policies, separation of duties, data loss prevention, perimeter hardening, logging and monitoring, etc.).
  • Assess training and awareness
  • Assess cyber resilience (backup & recovery, disaster planning, business continuity)
  • Comprehensive or targeted penetration testing and vulnerability assessments available separately

NIST
Cybersecurity
Framework
Implementation
Planning

$5000

to

$10000


Get Started

A cyber security program, tailored to an organization's business objective and risk appetite, is at the core of responsible corporate stewardship, fiduciary duties to employees, customers, and shareholders.

  • Counsel on establishing an information security program
  • Prioritize and scope business objectives relative to cybersecurity
  • Conduct a risk assessment, taking into account the asset values, their exposure, the threat landscape, and other factors affecting likelihood and impact
  • Ascertain a current framework profile and identify the target profile
  • Conduct a gap assessment on contorls for reaching the target profile, and prioritize gaps based on severity, resources, and risk appetite
  • Establish an action plan and time table to achieve the target profile
  • Security incident preparedness

° Flat fees based upon estimated number of hours billed at a rate of $300/hr.