Security & Privacy

Business Continuity, Disaster Recovery & Incident Response Readiness. Prepare for disruption and take preventative action to minimize loss and recover data. Focus areas include:

• Business Continuity & Disaster Recovery.
• Business Impact Assessments (BIA).
• Incident Response Planning & Recovery.
• Tabletop Exercises.
• Threat Hunting.

Election Security & Technology. Understand threats to voting and build security controls and processes to help keep elections safe and secure. Focus areas include:

• Election System Security.
• System Certification Testing Oversight.
• Assistance with Election Technology Adoption.

Security Assurance & Testing. Discover and identify device, operating system, and software vulnerabilities. Focus areas include:

• Vulnerability Testing.
• Web Application Testing.
• Penetration Testing.
• Vulnerability & Threat Management.
• Security Architecture Design.
• Secure Application Design.
• Cloud Security Design.

Security & Privacy Compliance. Provide administrative, technical, and physical security and privacy safeguards to protect data confidentiality, integrity, and availability. Focus areas include:

• Review & Development of Data-Sharing Agreements.
• Security Subject Matter Expertise in Standards & Best Practices (Private, State, Federal).

Security & Privacy Governance. Measure, improve, and track governance, risk, and compliance objectives and incorporate them into organizational processes. Focus areas include:

• Data Classification.
• Information Security & Privacy Policy Development.
• Risk Management.
• Identity & Access Management.
• Security Awareness Training.
• Security Policy & Procedure Development.
• Vendor Management & Oversight.
• Virtual Chief Information Security Officer (vCISO).
• Independent Verification & Validation.

Security & Privacy Risk Assessment. Understand, measure, and mitigate organization- and system-level security and privacy risks. Focus areas include:

• Cloud Security Assessments.
• Application Security Assessments.
• Mobile Device Security Assessments.
• Organizational Risk Assessments.
• Risk Assessments (NIST 800-30). · Privacy Compliance.
• Privacy Compliance Assessments.
• Privacy Impact Assessments.
• Open-Source Assessments.

Transformative Security & Privacy Governance. Find the right balance between regulatory compliance and risk mitigation with supporting critical business needs. Focus areas include:

• Governance Strategy Development & Execution.
• Security & Privacy Policy & Procedure Development.
• Security & Privacy Program Development.
• Policy Analysis.
• Security & Privacy Gap Analysis.