- Our Approach
- 201 CMR 17.00 Mass Privacy Law
- Sarbanes-Oxley (SOX)
- Payment Card Industry Data Security Standard (PCI DSS)
- HIPAA
- State & Federal Regulations
- Red Flag Rule
- ISO 27001 Services
Our Approach
Information security is one thing every organization has to deal with. To protect critical business services and assets, your organization needs to be confident that its security architecture is providing a robust, comprehensive defense. As the security architecture evolves over time, you must also ensure that security technologies remain aligned with security policy and compliance requirements.
At TBG Security, we take a four phased, methodical approach to insuring that your organization meets their security needs today and positions themselves to meet the changing landscape of regulatory compliance and threats with a minimal impact to their business.
Assessment:
We start with an assessment of current administrative and operational processes and couple this with automated and manual testing that are all designed to identify risks to your organization. We will identify any gaps in your current security program that could prevent you from reaching your compliance goals.
View a slideshow of our Assessment process by clicking here.
Design:
At the end of the assessment phase, design work can begin to fill the gaps in your security program. Here we will work with key stakeholders to build policy and procedures and to plan technology implementations (commercial and open source). In this phase we will assure that a proper enterprise wide security policy is developed which covers your compliance needs.
Remediation/Implementation:
During the implementation phase, we will work with you to assure that any designed solutions from the previous phase are rolled out in an orderly manner. We will work on implementing new technologies architected in the previous phase, and roll out programs such as user awareness training.
Certification:
Finally, once all policy, procedures and technologies are in place, we will work to help you with reaching your full compliance goals. In the case of PCI, we will bring in the actual PCI auditor to perform your Level 1 audit. Our years of experience of working directly as and with the PCI auditors will assure a speedy and smooth completion. The state of Massachusetts has yet to adopt a formal audit and validation process for M.G.L. 93H 201 CMR 17.00, therefore TBG Security will provide a signed letter stating your compliance with the regulatory requirements.
-
Speak to a
Security Expert Now
