Cyber Security and Data Protection

Practical Approach.  Powerful Results.

Who We Help

CEOs and Boards of Directors

ceo board of directors boardroom cyber security information risk

You need to know, in plain terms, what technology investments will  support your financial goals.  You need to sort fad from solid trend,  know when to invest and when to say "no."


You need an independent look at your cybersecurity or data privacy program to know if it is effective, practical and reasonable.


You  want a qualified cyber, privacy or technology advisor to support the  board of directors or to add a technology voice to your regular board  conversations.


You need a qualified Information  Security Officer or Privacy Officer to meet regulatory expectations,  but you aren't in a position to hire one just yet.


You need to know if the large technology investment you are considering is really necessary or if there is a better option.

CFO

image3

You have to manage the financial risk of a data breach, and secure the right cyber insurance coverage.


You need an external risk assessment to satisfy a client or regulatory requirement.


You need a vendor information risk management program.


You need to appoint a qualified information security officer under NY DFS 23 NYCRR 500, and outsourcing that role fits your circumstances.


You need to appoint a qualified Data Protection Officer ("DPO") to meet GDPR requirements, and you are aware that the regulation requires this person to have "expert knowledge."


You want an objective opinion on the ROI of a technology or cybersecurity investment.

CIO/CISO/CPO

image4

You are fully familiar with the challenges that come with trying to protect your organization from well-armed adversaries. You need an ally and a sounding board that can give you insights from hands on experience in multiple environments.


You need a strategic planner to crystallize your vision and communicate your strategy in actionable terms.


You need additional resources to help execute or manage your project portfolio.


You need a "data map" or "data register" for GDPR compliance purposes.


You want reinforcements with specialized expertise to help you succeed.

CEO/Board Blog Topics

image5

Want a quick summary of current trends and news? 

Find out more

CFO Blog Topics

image6

Interested in which investments live up to promises and where cyber risk creates financial risk?  

Find out more

CIO/CISO/CPO Blog Topics

image7

Ready for some actionable information?  

Find out more

Services

Data Breach Prevention and Response Planning

image8

 Every business has employee or customer information that, if  compromised, could have financial or legal consequences. Our teams build  privacy programs, data breach response plans and incident response  "playbooks" that help lessen the risk and cost of embarrassing and  expensive data breach events.  Our plans help your team act decisively  when responding to security events.  

Information Security Incident Response Playbook

image9

 We literally built the SOC playbook for one of the world's largest government entities.  We've built them for small and medium sized organizations as well.  Our strength lies in our ability to meet each customer's needs precisely.  We work with the resources you have to develop a sound triage, escalation, analysis and response plan to guide cross-functional teams through difficult situations. 

Incident Response Leadership - Experienced Navigation

image10

The decisions that are made during a security incident can have a dramatic impact, either positive or negative.  The technical, financial and reputational  issues are often critical.  Having experienced guidance to avoid pitfalls can make all the difference.   We work alongside your management team and legal counsel to help you manage the technical, reputational and financial aspects of a data breach.

Compliance Programs

image11

From GDPR, to New York State Dept. of Financial Services 23 NYCRR 500 to California's new privacy law, cyber security and data privacy requirements are rapidly evolving along with consumer and customer expectations.  We bring decades of experience to help you meet these regulatory requirements without disrupting your business operations.   We can serve as a "virtual" CISO or privacy officer until you are ready to make a full-time hire.  We can help you conduct your annual assessments, present to your board of directors or help your management navigate new requirements.

Interim or "Fractional" CISO, CIO or CPO

image12

For companies that aren't in a position to recruit and hire a  full-time information security executive, but still need a qualified  chief information security officer ("CISO") to set a strategy and  provide leadership, our V-CISO service is a perfect fit.

Companies  required under NY DFS 23 NYCRR 500 to appoint a qualified CISO can  leverage our resources to have appropriately experienced professional  engaged at a fraction of the cost of a full-time employee.

Companies  required under GDPR to appoint a qualified data privacy officer ("DPO")  can rely on us to supply certified, experienced professionals with the  "expert knowledge" required by the regulation.


Cyber,  by definition, involves computers. You need specialized technical  expertise to solve technical problems. That technical expertise should  be coupled with strong business acumen and the ability to balance risk  and find technology solutions to support, and not hinder, business.


Our experienced team of technology and privacy executives and managers have "filled in" for IT, InfoSec and privacy lead roles to give the organization time to find, recruit and onboard the right talent without feeling rushed or exposed or to meet a compliance requirement without making a full-time hire.

Executive/Board Advisory Services

image13

Do you bring in an outside expert to help the board of directors with issues relating to technology investments and risk? (If so, your board is progressive -- but not at the "tip of the spear."   Or, do you add a technology seat to the board?  (If so, you are in a small, but growing, minority that recognize that technology and information governance isn't a single conversation, but a common component of revenue, growth and profitability.)


Technology is complex, changes rapidly and is subject to numerous external forces--exactly like other areas of your business. Having a true expert involved in regular board conversations can help a business capture opportunities it would otherwise miss and avoid expensive mistakes.


Leaving a complex, dynamic and expensive portion of the business to manage itself is not governance.   Expecting IT and InfoSec to self-report is a tremendous show of faith, but it is also not governance.

Who We Are

image14

Hard to Find Talent ~ Objective Advice

In a time when cyber security skills and data privacy skills are in a state of shortage, we have both.  We've worked with financial, tech, educational, retail, government and healthcare clients to deliver privacy, technology and information security services.  We don't sell technology, so you can count on us for objective guidance.   

image15

Strategic Advisors

We hold strong to our position that strategy drives investment and tactical planning.   Technology or information risk shouldn't be the "tail wagging the dog."  It shouldn't prevent the business from moving forward.  It can be wind in your sails or an anvil.  We help you be certain that your technology budget is not driven by outside influence, but rather a strategic investment that doesn't carry hidden risk.

image16

Results Oriented, "Get-the-Job Done" Professionals

We recently helped a client revive a failed SIEM implementation and successfully put it into production, saving a huge investment from being an embarrassing loss and giving the SOC the tools they needed.  


We have successfully completed multiple projects that had been deemed 

"impossible" by others. If you have a project that is struggling or completely failing, and you need to see it succeed, we should talk.


Actual customer comments:  "We chose you because you were the most sensible" and "I don't know what we would have done to handle this situation if we hadn't been working with you"  tell us we are doing something right.


We stand by the quality of our work.  100%.  


If you're not happy, we make it right or you don't pay.  

Contact Us

Contact us for experienced guidance on cyber strategy, technology governance, expense management, or just extra resources for challenging projects.

The Palisade Group

1-978-277-3778