Cybervisors (cybersecurity advisers) from Lazarus Alliance, Inc. provide
information security chiefs (CISOs) and IT security teams with information and
advice on how to address the cybersecurity skills gap.
How to find a trusted GRC partner
Outsourcing Cybersecurity Operations is a great way to save money and time and close the very
serious and growing gap in computer security skills. However, it is also a very
serious decision. Your cyber security provider has access to your entire
network and all your confidential data. How can you ensure that you trust your
business to a provider that is not only legitimate but also suitable for your
organization and data environment? Below are five best practices to follow when
outsourcing your IT security and IT compliance.
If something seems "out" of a company, it is likely
At a minimum, avoid providers who do the following:
- You
cannot provide an address and phone number.
- They
do not have corporate email addresses and instead communicate with
addresses from Gmail, Yahoo, etc.
- Do
you have websites that look very "amateur" in design and / or
contain broken English text.
These are instant red flags indicating that you are dealing with a
hobbyist, or possibly night surgery.
Get referrals
Even if a provider seems absolutely legitimate and professional, always
ask for references and call them. Professional cyber security companies are
happy to provide verifiable references. You should also Google the name of the
company and its customers and look for comments, or complaints.
Make sure the provider can meet all of your compliance requirements
GRC's ongoing assessment and evaluation services include HIPAA and
HITECH, PCI DSS QSA, SSAE 16 and SOC, FedRAMP, FISMA, NIST, CJIS, ISO, NERC
CIP, SOX, ISO Certifications and EU-US Privacy Shield reports. We are the only
company based in Arizona that offers this depth of coverage.
However, many GRC companies, including some very large ones, meet
certain IT compliance requirements, but not others. Make sure that your
provider not only offers all of the compliance services you need, but also has
experience performing these specific audits. Ask about your specific compliance
requirements while reviewing supplier references.
Ask the provider about their audit and compliance processes.
Believe it or not, some IT auditors still use Excel or other spreadsheet
programs for reporting and IT compliance audits, although spreadsheet programs
were never used with the large amounts of data found in today's complex data
environments. They were created. A GRC provider who is still messing around
with spreadsheets will end up costing you a lot of time, money, and headaches.
Make sure your provider uses modern RegTech software to perform
compliance reports and audits, such as: B. Continuum GRC's proprietary IT Audit
Machine (ITAM). ITAM leverages big data and rapid reporting capabilities to
automate reporting and data management. Instead of dozens of different
spreadsheets and general ledgers, ITAM creates a central repository of all IT
compliance requirements with associated controls and automated information
flows for audits, evaluations and tests. This saves you time, money, and stress
and gives you a complete picture of your data environment, as well as its risks
and weaknesses.
Get everything in writing
Finally, make sure the provider signs a written contract that details
what is expected of them and is willing to guarantee any promises you make.
By following these best practices, companies can reap the benefits of
outsourcing, minimize risk, and build fruitful long-term relationships with
trusted cyber security providers.
No comments:
Post a Comment