Security and Privacy

Business Continuity, Disaster Recovery and Incident Response Readiness. Prepare for disruption and take preventative action to minimize loss and recover data. Focus areas include:

• Business continuity and disaster recovery.
• Business impact assessments (BIA).
• Incident response planning and recovery.
• Tabletop exercises.
• Threat hunting.

Election Security and Technology. Understand threats to voting and build security controls and processes to help keep elections safe and secure. Focus areas include:

• Assistance with election technology adoption.
• Election system security.
• System certification testing oversight.

Security Assurance and Testing. Discover and identify device, operating system, and software vulnerabilities. Focus areas include:

• Cloud security design.
• Penetration testing.
• Secure application design.
• Security architecture design.
• Vulnerability testing.
• Vulnerability and threat management.
• Web application testing.

Security and Privacy Compliance. Provide administrative, technical, and physical security and privacy safeguards to protect data confidentiality, integrity, and availability. Focus areas include:

• Review and development of data-sharing agreements.
• Security subject matter expertise in standards and best practices (private, state, federal).

Security and Privacy Governance. Measure, improve, and track governance, risk, and compliance objectives and incorporate them into organizational processes. Focus areas include:

• Data classification.
• Identity and access management.
• Independent verification and validation.
• Information security and privacy policy development.
• Risk management.
• Security awareness training.
• Security policy and procedure development.
• Vendor management and oversight.
• Virtual chief information security officer (vCISO).

Security and Privacy Risk Assessment. Understand, measure, and mitigate organization- and system-level security and privacy risks. Focus areas include:

• Application security assessments.
• Cloud security assessments.
• Mobile device security assessments.
• Open-source assessments.
• Organizational risk assessments.
• Privacy compliance assessments.
• Privacy impact assessments.
• Risk assessments (National Institute of Standards and Technology [NIST] 800-30).

Transformative Security and Privacy Governance. Find the right balance between regulatory compliance and risk mitigation with supporting critical business needs. Focus areas include:

• Governance strategy development and execution.
• Policy analysis.
• Security and privacy gap analysis.
• Security and privacy policy and procedure development.
• Security and privacy program development.