At Exact Cyber Security we don’t believe that professional and effective cybersecurity consulting should put an undue burden on an organization. Our goal is to meet your business needs economically with the specific outcome of mitigating cybersecurity risk based on your organization’s risk appetite while at the same time reducing your attack surface. We are always assessing the cybersecurity industry and analyzing the threat landscape, to include Advanced Persistent Threats (APT), common threat vectors, and potential vulnerabilities of networks and information systems that can be exploited. Our security professionals are all certified with industry leading certifications and are experts in the cyber security / cyber risk mitigation field. We take a holistic approach to cybersecurity problems and address the full spectrum from top level governance down to specific system level security controls while providing industry standard and best practice solutions to solve your security related problems.
A risk assessment is one of the fundamental components of an organizational risk management process. Effective cybersecurity risk assessments inform decision makers and support risk responses by identifying:
Our Application and System level Security Assessment provides a deep dive at the local system level to identify misconfigurations and exposed vulnerabilities which may lead to a compromise of user data and/or privacy information. Additionally we investigate open ports, services running on those ports and ensure they are working as intended with the least amount of functionality needed to accomplish their purpose. Finally, we'll look at internal and external connections and ensure they are functionally needed and operate in a secure state.
The foundation of an effective cybersecurity program is governance through executive directed, company-wide policies and department level procedures. Depending on the framework used, or compliance initiative you are trying to meet, our policy development can be tailored to meet your specific needs (FISMA, Risk Management Framework, NIST Cybersecurity Framework, PCI-DSS, ISO 27K, SOX, SOC 2, GLBA, COBIT, HIPAA etc.)
Business today rely heavily on their IT infrastructure to meet their needs for daily operations.
Sometimes components of IT infrastructure fail, or systems become infected with malware.
Having a robust, well tested contingency plan will ensure a smooth transition to a backup
capability. We can help with the development of business continuity planning and specific
disaster or system recovery plans (communications failures, natural disasters etc.).
The model for our contingency planning is based on NIST 800-53 Contingency Planning security controls and NIST 800-34 Contingency Planning Guide
More organizations are implementing the NIST Cybersecurity Framework to aid in their cybersecurity efforts
and comprehensively address risk within the organization. The Framework is broken down into 5 major functions.
Our experts are fully prepared to help your organization establish and maintain the Cybersecurity Framework by implementing industry standard best practices geared to a specific outcome of reducing your cybersecurity risk.
The Risk Management Framework (RMF) is a requirement for DoD and some Federal Agencies have adopted this framework. The RMF is a well-developed process broken down into 6 steps.
The RMF mirrors portions of the System Development Lifecycle (SDLC) so taking a hand in
hand approach from system inception to disposition when applying the RMF will ensure your
organization is taking the necessary steps required for a robust cybersecurity posture.
We use NIST 800-37
Guide for Applying the Risk Management Framework to Federal
A Security Life Cycle Approach and The Committee on National Security
Systems Instruction 1253 (as required).
Let our professional team of RMF experts guide you through the process.
The Federal Information Security Management Act (FISMA) was signed into law as part of the
Electronic Government Act of 2002. FISMA compliance is outlined by the National Institute of
Standards and Technology (NIST) with a 9 step process.
1. Categorize the information to be protected (FIPS 199)
2. Select minimum baseline controls (FIPS 200 and NIST 800-53)
3. Refine controls using a risk assessment procedure
4. Document the controls in the System Security Plan (SSP)
5. Implement security controls in appropriate information systems
6. Assess the effectiveness of the security controls once they have been implemented (NIST 800-53A)
7. Determine agency-level risk to the mission or business case
8. Authorize the information system for processing
9. Monitor the security controls on a continual basis.
Let our professionals guide you through your organization's FISMA compliance requirements.
Many DoD contracts that outsource IT services to private industry come with a wide range of
Information Assurance security requirements. Currently there is a transition between the old
Defense Information Assurance Certification and Accreditation (DIACAP) process to the newer
DoD implementation of the Risk Management Framework (RMF). Still today there are some
legacy information assurance requirements (IA Matrix) used in DoD contracts. The
requirements are outlined based on the Mission Assurance Category (MAC) levels I, II, III, with
MAC I being the most secure set of controls to ensure confidentiality of information systems.
The security controls used in the DIACAP process stem from an outdated and rescinded DoD Instruction (DoDI 8500.2). DoDI 8500.01 which has been updated as of March 2014 implements the RMF and uses the Committee on National Security Systems Instruction 1253 (CNSSI 1253) for system categorization and security controls selection. The security controls are documented in the National Institute of Standards and Technology Special Publication 800- 53 revision 4. (NIST SP 800-53r4).
Let our professionals guide you through your organization's DoD IA compliance requirements.
This international standard provides a well-rounded approach to cybersecurity. Like most other
compliance standards, ISO 27001 covers the managerial side with policy and procedures all the
way down to the technical implementation of security controls on systems and devices.
Let our experts help you navigate and implement your organization's ISO 27K compliance requirements.
If any of our pre defined solutions don't exactly meet your needs, please contact us to work out a custom solution. We are always flexible to meet organizational needs and requirements