Trillium was contacted by a large airline that believed strongly in rewarding its employees for their performance. However, despite spending significant capital on reward programs, and having a ... Continue »
As companies share more information with their vendors, partners and customers, they are introducing additional cyber vulnerabilities
Protection of critical company and customer information is critical to protect any company’s reputation and viability. Even with the best security programs and measures, companies experience some type of failure that exposes some information that they want to protect. There is a tradeoff between the need to provide additional security measures with the impacts of those measures on the business. While it is impossible to eliminate all risks of security breaches, a well-designed program will minimize the impact on your business.
Management and Governance – Trillium has special skills for cybersecurity management, along with a well-designed approach for governance of the program to minimize potential impacts that a security breach may cause your business. They include:
- Strategy and Metrics – Establishing a cybersecurity strategy aligns with business objectives, as well as ensuring that the appropriate measurement and metrics are in place to demonstrate the progress of the cybersecurity program and its business alignment.
- Policy and Compliance - Creating and managing cybersecurity policies and corresponding procedures that correspond to internal rules, external regulations, and industry best practices. Additionally, creating the structures and recommending the appropriate technologies to identify, assess, and continuously monitor compliance.
- Education and Advisory – Providing the education on current environment, trends, and potential threats surrounding the cybersecurity environment, and providing the advisory services to assess your current situation, along with recommending potential remediation measures to actual and potential threats so that your environment remains secure.
Implementation and Operations – Reviewing your operations may result in implementing new technologies and processes and tightening security, providing you with strengthened protection of your technical environment.
- Capability Enablement – Working with you to establish the processes, tools, subject knowledge, skills, and competencies necessary to manage and make the changes necessary for a mature cybersecurity environment.
- Environment Hardening - Recommending methods of reducing security vulnerabilities in your technical environment based on our assessment. These may involve areas such as login security, password security, firewalls, securing file sharing, virus and spyware protection software, keeping software patches up-to-date, installing encryption software, and others.
- Efficiency and Automation – Recommending methods and workflows for increasing technological efficiencies based on our security maturity assessment. This often consists of automated methods for eliminating repetitive tasks, defining processes, minimizing errors, and may have an added benefit of reducing costs.
Incident and Threat Management - With Trillium’s incident and threat assessment, we will use our security capability model to determine your company’s level of cybersecurity maturity. Using the results of the assessment, we will assist you with your cybersecurity path forward, including:
- Identification and Response – Recommending preventive measures and defined processes to minimize the impact of a cybersecurity breach on your business, and to attempt to identify potential sources of breaches before they occur. This also consists of creating a comprehensive data breach response plan to minimize your staff constantly being in “crisis mode” and to protect your internal and external exposure and maintain trust with your clients and business partners.
- Secure Architecture – Based on our security assessment and system configuration analysis, recommending methods and system architectures that will minimize your security exposure and protect your critical business assets from unauthorized access. This can include ensuring that security is integrated with Software Development Lifecycle (SDLC) processes, implementing network monitoring and segmentation, ensuring that secure coding practices and secure software development are in place, and others.
- Risk Profile Management – Working with you to improve and manage your risk profile. This involves the ability to measure the gaps between your organization’s profile for risk and its risk tolerance, while also including any regulatory requirements that must be met.
- Software Assurance – Trillium’s expert software assurance assistance will help your company with confidence that your software is free from vulnerabilities, functions as intended, and is designed to operate in a secure manner to minimize any potential harm resulting from possible loss, inaccuracy, unavailability, or misuse, including:
- Security Testing – Implementing techniques to determine how your information systems protect data while still maintaining its intended functionality. Typically, these are automated technologies that include vulnerability testing, penetration testing, software testing, and installation testing to ensure that your company is not detrimentally exposed.
- Code Review – Implementing rules for writing code that minimize security exposure, and designing processes for formal reviews prior to code being released. There may also be automated methods for code review that are applicable to your company.
- Design Review – Implementing in-depth analysis of your company’s systems reviewing system security and best practices to determine the optimal architecture to protect and safeguard your company’s critical data and access.
This for-profit division of a major national Medical Association provides market, clinical, medical, and community information and research services to the healthcare and insurance industries, as well... Continue »
Trillium’s Client is a large public utility company having issues with customer relations. Specifically, when the client had outages, customers were informed about these outages via a non-secu... Continue »
Trillium’s Client is a large banking firm having issues with customer recognition and retention. Changes in its client base, especially in the personal banking/wealth management area, caused i... Continue »