Cyber Security Services offers a suite of consulting services designed to help organizations prepare for, withstand, recover from, and adapt to cyber threats. The offering is divided into proactive and reactive service categories. Proactive Services: - Risk Assessment and Management: Identifies and evaluates risks to critical assets (2–4 weeks; NIST SP 800-30, ISO/IEC 27001, SOC 2) - Security Architecture Review: Reviews existing security architecture to identify weaknesses and recommend improvements (3–5 weeks; NIST SP 800-160, ISO/IEC 27001, SOC 2) - Incident Response Planning: Develops tailored incident response plans including procedures, roles, and communication protocols (2–3 weeks; NIST SP 800-61, ISO/IEC 27001, SOC 2) - Business Continuity Planning (BCP): Ensures critical business functions continue during and after disruptions (4–6 weeks; NIST SP 800-34, ISO/IEC 27001, SOC 2) - Business Impact Analysis (BIA): Evaluates the effects of disruptions on critical business functions to prioritize recovery (3–5 weeks; NIST SP 800-34, ISO/IEC 27001, SOC 2) - Vendor Risk Assessments: Evaluates the security posture of third-party vendors (2–4 weeks; NIST SP 800-161, ISO/IEC 27001, SOC 2) Reactive Services: - Incident Response and Forensics: Immediate response to active security incidents including containment, eradication, and recovery (1–3 weeks; NIST SP 800-86, ISO/IEC 27001, SOC 2) - Disaster Recovery Implementation: Restores critical systems and data after a cyberattack or disaster (2–6 weeks; NIST SP 800-34, ISO/IEC 27001, SOC 2) - Post-Incident Review: Reviews the incident response process to identify improvements (1–2 weeks; NIST SP 800-61, ISO/IEC 27001, SOC 2) - Threat Hunting: Proactively searches for hidden threats or active adversaries within an environment (2–4 weeks; NIST SP 800-150, ISO/IEC 27001, SOC 2)