Why do I need cyber security services for my organization?

A lack of cyber security protections can affect your organization’s bottom line.  A major security breach can cost up to 5 million dollars.*  In today’s economy, businesses have a high reliance on valuable corporate data and the information systems that process that data.  Safeguarding these information systems and data is critical for organizational success, from small businesses to large corporations, to run effectively and achieve their goals.  According to the Ponemon Institute, 43% of US corporations have fallen victim to a security breach.**   Given the steady increase of security breaches over the past few years, it is not a question of “if” but “when” a business will be hacked. 

Several organizations, from US federal and state entities to international consortiums, have enacted regulatory compliance guidance (e.g. PCI DSS v3.1) and law (e.g. HIPAA, HITECH, California Privacy Act SB1386, Senate Bill 541 SB541).  Recently, the Federal Trade Commission has confirmed its authority to sue corporations that have allowed the breach of consumer data under 15 U.S.C. Sec.45.

A breach could result in the loss of proprietary corporate data or sensitive customer information.  The initial breach or following incident response could cause a major impact to the information systems, which process that data and information. Impacts from a single breach could result in:

  • Disruption of business capabilities leading to a significant loss of revenue
  • Fines and penalties to federal and state regulatory bodies
  • Loss of customer and business partner confidence

Do Small Businesses require cyber security services?

Definitely – Small businesses are regularly targeted and vulnerable to the impacts of security breaches. According to the Ponemon institute, 55% of small businesses surveyed have had security breaches.***  The impact of a breach, as discussed in the previous section can result in lost revenue, fines, and damaged reputation.  Every organization, no matter the size, have cyber security requirements.  Defense Point Security is a cyber-focused company with a wide-range of capabilities from security engineering, security monitoring, vulnerability assessment, penetration testing and incident response.  Small businesses can benefit from a team of Subject Matters Experts, providing them services such as these, without the expense of hiring full time experts.

What is the difference between MSOC and VSOC?

Managed SOC (MSOC) is a security monitoring service provided by Defense Point Security where all or most of the security infrastructure, most particularly the Security Information Event Management (SIEM) tool, is provided by Defense Point Security.  This is an ideal service for entities that have not made large investments in security infrastructure and labor.  Our process includes Defense Point Security’s evaluation of your requirements which will result in a  customized service and toolset recommendations will yield a cost-efficient yet highly effective solution for customers of all sizes.

Virtual SOC (VSOC) is a security monitoring service provided by Defense Point Security where the security infrastructure is provided by the customer.  This is an ideal service for entities who have already made large investments in security infrastructure but want to take advantage of the reduced labor costs from a shared team of subject matter experts without having to hire a team of full time experts. 

Can Defense Point’s Cyber Security services assist with regulatory requirements such as HIPAA, FISMA, and PCI DSS?

In short: Yes.

HIPAA has strict requirements for safeguarding electronic Protected Health Information detailed in the “The Security Rule” which requires covered entities to implement data security measures for electronic Protected Health information”.  DPS can monitor for activities related to the standard activities of a covered entity and provide alerting when suspicious activity occurs including non-compliance and intrusion.  PCI Security Standards Council recommends that all entities involved in payment card processing to implement technical and operational cyber security controls to safeguard customer data.  These include the implementation of security infrastructure, monitoring the network and all systems on that network, manage vulnerabilities, and regularly assess your environment.  FISMA requirements, as detailed in NIST guidance, are a framework for our service capabilities.  Defense Point Security’s services directly meet the requirements outlined in NIST 800-53v4 related to Incident Response, Security Monitoring, Vulnerability Management, and many others.

Can I afford to have a professional cyber security provide this service?

Pricing for services are based on the size and complexity of your organization.  Defense Point Security will be able to meet your requirements while providing you superior service and expertise at a cost that is far lower than hiring an in-house team of experts.

What services do I need?

We always encourage our customers to be wary of anyone selling a one-size-fits-all approach to security. Right-sizing security solutions to manage risk appropriately is important to do correctly, and Defense Point Security is able to offer a suite of customized services that meet the specific requirements of your company.  By evaluating your cyber security and budgetary requirements, we can provide you advisement on what services you require.  

* http://www.ponemon.org/blog/ponemon-institute-releases-2014-cost-of-data-breach-global-analysis
**  http://www.ponemon.org/library/is-your-company-ready-for-a-big-data-breach-the-second-annual-study-on-data-breach-preparedness
*** http://www.reuters.com/article/ct-hsb-idUSnBwcfsbFBa+106+BSW20130306