Industry:

Financial Services

Role: NYDFS Assessment & Attestation

CyberSix was retained by a regional Insurance Company to provide a detailed assessment of the recently enacted New York Department of Financial Services Cyber Security Regulation 23 NYCRR 500 Cybersecurity Requirements For Financial Services Companies together with an overall Cyber Operational Risk Maturity evaluation.

Outcome

  1. Gaps were identified that impacted compliance with NYDFS cybersecurity regulations
  2. Programmatic & strategic recommendations including timing, sequencing, and dependencies of mitigation were provided
  3. Developed action plan for the mitigation of gaps in coordination with the deadlines prescribed by NYDFS
  4. Increased efficiencies across cybersecurity capabilities leading to improved efficiency in business processes
  5. Client was able to submit an attestation of compliance to NYDFS regulatory body
  6. CyberSix continues to enhance security maturity through virtual CISO multi-year engagement

Solution

  1. Performed an independent assessment of the organization’s cyber security capabilities utilizing our proven CI-DR™ framework to identify key areas of risk.
  2. Cross referenced CI-DR Framework to 17 high level and 76 sublevel controls of the NYDFS 23NYCRR 500 Cybersecurity Requirements for Financial Services Companies

Industry:

Aerospace, Defense

Role: Virtual CISO Engagement & Security Operations Center

CyberSix was retained by a global aerospace manufacturer to provide a Virtual Chief Information Security Officer role to assist the organization in maturing their cybersecurity program and providing Executive Level advisory to the organization’s Audit Committee and Technology Department.

Outcome

  1. Identified control gaps with the Industrial Control System and Information Technology infrastructures
  2. Developed and implemented a plan of action to treat deficiencies programmatically including timing, sequencing, and minimization of business interruptions
  3. Improved incident response capabilities and increased communications crisis effectiveness across within at executive levels
  4. Developed a high-level stress testing program and response manual created executive visibility in gaps of coordination between the departments
  5. Currently implementing CyberSix’s Risk Management as a Service platform to assist in NIST 171 and CMMC compliance

Solution

  1. Conducted an independent assessment of the cybersecurity capabilities for the manufacturing and technology assets.
  2. Designed, moderated a table-top exercise as an organization plan familiarization exercise
  3. Evaluated incident response effectiveness across the organization from technology and business impact response
  4. Collaborated with the client to build and improve cybersecurity incident response playbooks

Industry:

Construction

Role: Virtual CISO Engagement & Security Operations Center

CyberSix was retained by a global construction company to provide Virtual Chief Information Security Officer role to assist the organization in building their cybersecurity program and identifying the right technology implementation to correct past deficiencies.

Outcome

  1. Identified control gaps within Information Technology assets
  2. Remediate cybersecurity findings through an actionable programmatic risk treatment including timing, sequencing, and minimization of business of mitigation activities
  3. Exposed business process improvement opportunities that increased cybersecurity capabilities and efficiencies executive and operational levels of the organization
  4. Influenced budgeting and implementation for a Security Operations Center and other technology acquisition to remediate deficiencies in security posture

Solution

  1. Conduct a CI-DR™ aligned assessment of the organization’s cybersecurity capabilities within the manufacturing and information technology environments
  2. Lead client collaborative effort to improve cybersecurity policies and standards to support cyber insurance policy reviews
  3. Evaluated Security Operation Center (SOC) platforms

Industry:

Aerospace, Technology

Role: Virtual CISO Engagement & Security Operations Center

CyberSix was retained by a global technology manufacturing firm specializing in Aerospace Technology to an end to end Cybersecurity & Risk Solution.

Outcome

  1. Identified control gaps with their Information Technology assets
  2. Addressed cyber security findings with actionable programmatic recommendations to meet CMMC requirements
  3. Improved response capabilities to increase efficiencies across the enterprise and increase executive awareness organizationally
  4. Virtual Chief Information Security Officer services continue to ensure consistency and effectiveness of the cybersecurity program

Solution

  1. Conduct a Rapid Cybersecurity Risk Assessment of the organization's existing cybersecurity capabilities OT and IT assets
  2. Developed a suite of Cybersecurity Policies & Standards
  3. Developed and implemented a Cybersecurity Strategy addressed Security Operations and Risk Management deficiencies.
  4. Deployed CyberSix’ SOC and Risk Management as a Service platforms across for the Corporate Networks and Industrial Control Systems

Industry:

Financial Services

Role: Virtual CISO

CyberSix was retained by an Asset Management Firm to provide penetration testing and red-teaming activities.

Outcome

  1. Identified physical security control gaps and provided recommendations for hardening physical plants
  2. Identified cybersecurity control weaknesses and developed an actionable risk treatment and control deficiency mitigation plan including tactically leveraging compensating controls to mitigate risk while more effective and complex control improvement can be designed, budgeted and implemented
  3. Improved to cybersecurity incident detection, analysis and response capabilities effectively decreasing incident response dwell time and improving threat isolation capabilities

Solution

  1. Performed evasive an external penetration testing (red-team) from a physical and cyber perspective
  2. Conducted evasive security tests including social engineering and physical breach to gain access virtually and physically
  3. Conducted assumed breach evasive penetration test evaluating attacker network lateral movement capability
  4. Assessed web application security and external APIs to determine how safely customers can interact electronically

Industry:

Social Media

Role: Virtual CISO Engagement & Security Operations Center

CyberSix was retained by a Social Media startup to provide virtual Chief Information Security Officer role. Initial focus was on mitigating risk associated with secure software development practices for web, mobile, and APIs. Effective management of civil and criminal litigatory liability that could be created by the platform’s user base.

Outcome

  1. CyberSix was retained by a Social Media startup to provide virtual Chief Information Security Officer role.
  2. Initial focus was on mitigating risk associated with secure software development practices for web, mobile, and APIs
  3. Effective management of civil and criminal litigatory liability that could be created by the platform’s user base

Solution

  1. Draft and implement cybersecurity policies to prepare business maturation from startup to operational
  2. Develop practices and procedures for eDiscovery, forensics and other legal civil and criminal judicial related activities
  3. Architect Secure Development Life Cycle (SSDLC) in the AWS platform focusing on publicly facing APIs and Mobile Applications (iOS and Android)