Assess your Cybersecurity Program and Supporting Policies
Build a Roadmap to a Mature Cybersecurity Foundation
Establish Organizational Standards for Cyber Risk Management
Ongoing CISO Advisory Services for Cybersecurity Initiatives
Assistance in Obtaining Grants & Funding for Governmental Entities
For more information on these or other ThetaPoint Service Offerings, please contact us.
Virtual CISO Service
ThetaPoint’s virtual Chief Information Security Officer (vCISO) services give our clients strategic insight into their cybersecurity initiatives and posture. Our experienced team can help you achieve measurable improvements and transform your cybersecurity strategies to mitigate risks and ensure compliance.
ThetaPoint’s approach to building a robust and sustainable cybersecurity program is address your organization’s cyber maturity, resiliency, and risk. An organization that has a fully mature cybersecurity program can effectively address threats and potential threats with minimum impact. A cyber resilient organization can recover from zero-day and supply chain attacks because they have the expertise and contingent processes in place to avoid catastrophic business failure. ThetaPoint’s Risk Assessments are the catalyst to maturity and resiliency. Undiscovered risk can cripple an organization, ThetaPoint is committed to shining a light on these “mitigate-able” threats. ThetaPoint knows this requires funding, and our experienced team has previously worked in government, private, academic, research, and other types of organizations whose budgets are tight. We know getting funds can be a challenge, so let us help you.
vCISO – Maturity Assessments
It is important that your organization has a mature cybersecurity program. This maturity provides consistent data security and best in class cyber hygiene. Most organizations struggle with knowing their cybersecurity maturity level, let Theta-Point’s Virtual CISO Service service manage and simplify this for you.
We use the following Standards as the basis for our methodology to measure your organization’s maturity level:
Cybersecurity Maturity Model Certification (CMMC): CMMC is a major Department of Defense (DoD) program built to protect the defense industrial base (DIB) from increasingly frequent and complex cyber attacks. It particularly aims to enhance the protection of controlled unclassified information (CUI) and federal contract information (FCI) shared within the DIB.
NIST Cybersecurity Framework (CSF 2.0): The NIST Cybersecurity Framework (CSF) 2.0 provides guidance to industry, government agencies, and other organizations to manage cybersecurity risks. It offers a taxonomy of high-level cybersecurity outcomes that can be used by any organization — regardless of its size, sector, or maturity — to better understand, assess, prioritize, and communicate its cybersecurity efforts.
vCISO – Plan of Action and Milestones (POAM)
Upon completion of the Assessment, ThetaPoint’s Virtual CISO Service establish a Plan of Action and Milestones (POAM) with our clients. The POAM is an essential step that identifies tasks needing to be accomplished. It details resources required to accomplish the elements of the plan, any milestones in meeting the tasks, and scheduled completion dates for the milestones.
Project Management: All identified Assessment Findings are recorded and sorted by the 800-53 Function and Category and provided in a Project Management Format (MS Project, Smartsheets, CSV, Etc.) for ease of use.
Project Planning: Each POAM Finding is reviewed, planned, resourced, and implemented as part of the Organization’s Remediation / Risk Mitigation process.
Next Steps: The POAM is used to establish the Policy Development Actions that are Needed.
vCISO – Policy Library and Development
ThetaPoint’s Policy and Standards Library is intended to be an authoritative and complete library of NIST based Policies, Standards, and Controls that are easily adoptable. Clients may need Custom Policy Development to incorporate the various Policy Elements into a pre-existing policy framework. ThetaPoint’s Virtual CISO Service will provide Client with tailored and customized policies in addition to assisting with Client Policy Adoption efforts.
vCISO – Controls Inspection, Verification, and Validation
ThetaPoint’s Virtual CISO Service will perform a comprehensive review, analysis, and testing, (software and/or hardware) to confirm (i.e., verify) that the requirements are correctly defined, and to confirm (i.e., validate) that the system correctly implements the required functionality and security requirements.
IV&V: Upon remediation of POAM findings and achievement of L3 – Defined Maturity regarding Policies and Standards, a secondary assessment is completed to Inspect, Verify, and Validate Controls adopted to measure L4 – Managed and L5 – Optimize Maturity Ratings.
Controls: Processes, Procedures, and Technical Features / Capabilities adopted by the Organization ensuring compliance with Policies and Standards.
vCISO – Advisory Services
ThetaPoint provides ongoing virtual Chief Information Security Officer (vCISO) Advisory Services to support your Organization’s Cybersecurity efforts.
Program Governance: Clients who do not have a full time CISO may experience challenges in running an effective Cybersecurity Program. ThetaPoint vCISO will provide leadership and mentoring to help develop and maintain Client’s Cybersecurity Program. The vCISO will also serve as the Security Subject Matter Expert (SME) for Client’s Executive Leadership.
Custom Policy Development and Adoption: ThetaPoint’s Policy and Standards Library is intended to be an authoritative and complete library of NIST based Policies, Standards, and Controls that are easily adoptable. Clients may need Custom Policy Development to incorporate the various Policy Elements into a pre-existing policy framework. ThetaPoint vCISO will provide Client with tailored and customized policies in addition to assisting with Client Policy Adoption efforts.
SDLC and Configuration Management: Mature organizations leverage a System Development Lifecycle and Configuration Management Program to ensure Systems standards and controls are documented and implemented. ThetaPoint vCISO will support SDLC and Configuration Management activities by serving as a Security Subject Management Expert while participating in Change Management Boards or Gate Check Reviews.
Assessments, Compliance, and Audits: Clients typically have multiple compliance assessments and audits throughout the year. ThetaPoint vCISO will support Client by helping them prepare for upcoming assessments and audits while providing representation during the audit. Additionally, vCISO will support Client by developing and managing Remediation Plans while providing guidance on how to best satisfy individual findings.
Cybersecurity Incident Response: In every Client’s worst nightmare, they have a major security incident, breach, or ransomware event. ThetaPoint vCISO will assist the Client’s Incident Response Team / Vendor in an advisory capacity to help identify, contain, eradicate, recover, and record lessons learned from the incident.
For more information on these or other ThetaPoint Service Offerings, please contact us.