Many of our customers periodically need an information security or privacy expert for assistance with answering questions, conducting remediation activities, and creating and/or providing information security and privacy documentation. However, the organization may not be able to justify the expense of hiring a full-time certified security or privacy professional. Also, there is a high demand for cybersecurity talent that holds Certified IT Security Professional (CISSP) credentials, and that demand is outstripping supply as well.
Programs Tailored to your Goals and Budget
Our goal is to provide a reasonable, practical approach to information security, and privacy adhering to the highest ethical standards of behavior - the code of ethics for a CISSP which includes acting honorably, honestly, justly, responsibly, and legally.
Our information security and privacy support services are tailored to our customers and designed to work within their budget. We have been supporting information security programs since 2003, and for over 15 years, our team of consultants has been working behind the scenes, providing continual or recurring information security support allowing their staff time to focus on the daily operational issues that only they can address.
How We're Different
In contrast to healthcare information technology firms who only provide assessments, tw-Security is engaged with multiple healthcare customers to help maintain a compliant information security program through continual or recurring support and advisory services. Based on our hands-on experience leveraging lessons learned, we assist our customers to develop their HIPAA compliance programs by providing a reasonable, practical approach to cybersecurity in healthcare using methodologies and tools that have been honed over 15 years!
Our Information Security and Privacy Support Models
Virtual Information Security Officer (VISO) and Virtual Privacy Officer (VPO)
– Aimed at maintaining or advancing the information security and privacy program with an emphasis on compliance risk management. Primarily provided remotely, this support model allows responsive access to experienced certified professionals who are familiar with your program and organization when needed. This managed support service has a minimum commitment of hours per month.
Information Security and Privacy Staff Augmentation – Working in a staff augmentation capacity, responsibilities are mutually agreed upon and defined in a Statement of Work. Generally, a commitment of 40 hours or more per month is required. Services are provided remotely with planned onsite visits.
Project-based – A defined scope with clear start/finish and tasks/deliverables, usually involves 20 hours or more level of effort.
On-Demand – Designed to quickly respond to small requests and typically used for one-time support issues or provide help as needed. Because incidents and cyber-attacks can occur at any time, emergency and after hours support by our team of certified professionals falls within the On-Demand support model
How our Programs can Help your Organization - Our Team Makes Your Team Stronger!
- Serve as an Information Security or Privacy Officer to provide ongoing tactical and strategic support on a part-time basis
- Develop risk analysis/risk management process to be followed organization-wide
- Conduct risk analysis at the enterprise and/or at the entity level
- Maintain the risk register using any OTC risk tool(s) or help develop one
- Participate and/or facilitate security steering committee meetings (Agendas, Minutes, etc.)
- Provide an information security program evaluation to enhance program maturity based on the Center for Internet Security’s (CIS) top 20 Critical Security Controls (CSC) and categorized to align with the NIST Cybersecurity Framework
- Offer recommendations for information security controls (products or tools)
- Create a CISO Dashboard intended to demonstrate the importance of the information security program and cyber protections to leadership, including how risk mitigation can save money and protect against reputational damage in the long-term
- Establish a process and conduct vendor assessments (existing and vetting potential vendors)
- Support incident response/breach preparedness including decision flow diagrams and playbooks; conduct training and leading tabletop exercise(s)
- Provide information security training, education, workshops, presentations, or webinars (phishing, cybersecurity, regulatory updates, including distributing periodic security reminders, etc.)
- Update/develop business impact analysis (BIA) and disaster recovery/business continuity efforts
- Evaluate and review IT products and services contracts from an information security perspective
- Assist in achieving compliance with standards or frameworks such as HIPAA, HITECH Act, Meaningful Use, MACRA, NIST Cybersecurity, Payment Card Industry Data Security Standard (PCI DSS), Joint Commission, HITRUST Common Security Framework, SSAE 16 Type 1/Type 2 (SOC1/SOC2), ISO/IEC 27001, General Data Protection Requirement (GDPR)
- Assess the risk and compliance prior to acquiring a new entity – part of the due diligence
- Review cyber insurance policy
- Mentor new Information Security and Privacy Officers
- Represent your information security program to attest to compliance