CyberSix was retained by a regional Insurance Company to provide a detailed assessment of the recently enacted New York Department of Financial Services Cyber Security Regulation 23 NYCRR 500 Cybersecurity Requirements For Financial Services Companies together with an overall Cyber Operational Risk Maturity evaluation.
Site TitleSite Slogan
Outcome
Gaps were identified that impacted compliance with NYDFS cybersecurity regulations
Programmatic & strategic recommendations including timing, sequencing, and dependencies of mitigation were provided
Developed action plan for the mitigation of gaps in coordination with the deadlines prescribed by NYDFS
Increased efficiencies across cybersecurity capabilities leading to improved efficiency in business processes
Client was able to submit an attestation of compliance to NYDFS regulatory body
CyberSix continues to enhance security maturity through virtual CISO multi-year engagement
Site TitleSite Slogan
Solution
Performed an independent assessment of the organization’s cyber security capabilities utilizing our proven CI-DR™ framework to identify key areas of risk.
Cross referenced CI-DR Framework to 17 high level and 76 sublevel controls of the NYDFS 23NYCRR 500 Cybersecurity Requirements for Financial Services Companies
__
Industry:
__
Aerospace, Defense
Site TitleSite Slogan
Role: Virtual CISO Engagement & Security Operations Center
Site TitleSite Slogan
CyberSix was retained by a global aerospace manufacturer to provide a Virtual Chief Information Security Officer role to assist the organization in maturing their cybersecurity program and providing Executive Level advisory to the organization’s Audit Committee and Technology Department.
Site TitleSite Slogan
Outcome
Identified control gaps with the Industrial Control System and Information Technology infrastructures
Developed and implemented a plan of action to treat deficiencies programmatically including timing, sequencing, and minimization of business interruptions
Improved incident response capabilities and increased communications crisis effectiveness across within at executive levels
Developed a high-level stress testing program and response manual created executive visibility in gaps of coordination between the departments
Currently implementing CyberSix’s Risk Management as a Service platform to assist in NIST 171 and CMMC compliance
Site TitleSite Slogan
Solution
Conducted an independent assessment of the cybersecurity capabilities for the manufacturing and technology assets.
Designed, moderated a table-top exercise as an organization plan familiarization exercise
Evaluated incident response effectiveness across the organization from technology and business impact response
Collaborated with the client to build and improve cybersecurity incident response playbooks
__
Industry:
__
Construction
Site TitleSite Slogan
Role: Virtual CISO Engagement & Security Operations Center
Site TitleSite Slogan
CyberSix was retained by a global construction company to provide Virtual Chief Information Security Officer role to assist the organization in building their cybersecurity program and identifying the right technology implementation to correct past deficiencies.
Site TitleSite Slogan
Outcome
Identified control gaps within Information Technology assets
Remediate cybersecurity findings through an actionable programmatic risk treatment including timing, sequencing, and minimization of business of mitigation activities
Exposed business process improvement opportunities that increased cybersecurity capabilities and efficiencies executive and operational levels of the organization
Influenced budgeting and implementation for a Security Operations Center and other technology acquisition to remediate deficiencies in security posture
Site TitleSite Slogan
Solution
Conduct a CI-DR™ aligned assessment of the organization’s cybersecurity capabilities within the manufacturing and information technology environments
Lead client collaborative effort to improve cybersecurity policies and standards to support cyber insurance policy reviews
Evaluated Security Operation Center (SOC) platforms
__
Industry:
__
Aerospace, Technology
Site TitleSite Slogan
Role: Virtual CISO Engagement & Security Operations Center
Site TitleSite Slogan
CyberSix was retained by a global technology manufacturing firm specializing in Aerospace Technology to an end to end Cybersecurity & Risk Solution.
Site TitleSite Slogan
Outcome
Identified control gaps with their Information Technology assets
Addressed cyber security findings with actionable programmatic recommendations to meet CMMC requirements
Improved response capabilities to increase efficiencies across the enterprise and increase executive awareness organizationally
Virtual Chief Information Security Officer services continue to ensure consistency and effectiveness of the cybersecurity program
Site TitleSite Slogan
Solution
Conduct a Rapid Cybersecurity Risk Assessment of the organization's existing cybersecurity capabilities OT and IT assets
Developed a suite of Cybersecurity Policies & Standards
Developed and implemented a Cybersecurity Strategy addressed Security Operations and Risk Management deficiencies.
Deployed CyberSix’ SOC and Risk Management as a Service platforms across for the Corporate Networks and Industrial Control Systems
__
Industry:
__
Financial Services
Site TitleSite Slogan
Role: Virtual CISO
Site TitleSite Slogan
CyberSix was retained by an Asset Management Firm to provide penetration testing and red-teaming activities.
Site TitleSite Slogan
Outcome
Identified physical security control gaps and provided recommendations for hardening physical plants
Identified cybersecurity control weaknesses and developed an actionable risk treatment and control deficiency mitigation plan including tactically leveraging compensating controls to mitigate risk while more effective and complex control improvement can be designed, budgeted and implemented
Improved to cybersecurity incident detection, analysis and response capabilities effectively decreasing incident response dwell time and improving threat isolation capabilities
Site TitleSite Slogan
Solution
Performed evasive an external penetration testing (red-team) from a physical and cyber perspective
Conducted evasive security tests including social engineering and physical breach to gain access virtually and physically
Conducted assumed breach evasive penetration test evaluating attacker network lateral movement capability
Assessed web application security and external APIs to determine how safely customers can interact electronically
__
Industry:
__
Social Media
Site TitleSite Slogan
Role: Virtual CISO Engagement & Security Operations Center
Site TitleSite Slogan
CyberSix was retained by a Social Media startup to provide virtual Chief Information Security Officer role. Initial focus was on mitigating risk associated with secure software development practices for web, mobile, and APIs. Effective management of civil and criminal litigatory liability that could be created by the platform’s user base.
Site TitleSite Slogan
Outcome
CyberSix was retained by a Social Media startup to provide virtual Chief Information Security Officer role.
Initial focus was on mitigating risk associated with secure software development practices for web, mobile, and APIs
Effective management of civil and criminal litigatory liability that could be created by the platform’s user base
Site TitleSite Slogan
Solution
Draft and implement cybersecurity policies to prepare business maturation from startup to operational
Develop practices and procedures for eDiscovery, forensics and other legal civil and criminal judicial related activities
Architect Secure Development Life Cycle (SSDLC) in the AWS platform focusing on publicly facing APIs and Mobile Applications (iOS and Android)