Cybersecurity

A complete cybersecurity program requires that controls and configurations are periodically evaluated. Guernsey provides an array of services that minimize cybersecurity risks by evaluating systems to make sure they are properly designed and operating effectively. Specific services include application security reviews, vulnerability scanning, penetration testing, and IT Audits. Call Guernsey today to help you prepare for the CMMC audit required for government contractors.

Guernsey is an Authorized C3PAO for CMMC. For more information about becoming CMMC complaint, click here: https://guernsey.us/services/c...

Guernsey can help you meet regulatory and compliance obligations by implementing a Governance Risk and Control Program. Depending on regulatory or contractual requirements, organizations may be required to be compliant with different cybersecurity frameworks, pass a regulatory review or audit such as CMMC and SOC2.

We help you identify the appropriate framework to measure the design and effectiveness of your cybersecurity program. Common frameworks we have helped our clients implement include NERC-CIP, CIS7.1, NIST 800-171, CMMC, HIPAA, and Trust Services Criteria.

We track and measure compliance with control objectives, identify and map control activities, and create processes to collect evidence that controls are completed. We also identify control objectives that are not being met and prioritize recommendations for improvement based on risk.
Our GRC process is one of the best ways to continually measure the adequacy of your cybersecurity program. We have individuals with experience assisting organizations who must comply with various standards mandated by government entities, customers, or industry groups. We can help you build a cybersecurity program that provides security and complies with any applicable standards, including CMMC, NERC-CIP, PCI, HIPAA, FFIEC, and others. We can also prepare you for CMMC, SOC2, and HITRUST assessments.

Tools such as Security Event Management, Intrusion Detection Systems, and Vulnerability Scanners are designed to look at your systems and logs in order to detect incidents early. These tools are often an underutilized resource for a security program. If your staff doesn’t have the time to calibrate and maintain these tools, they become ineffective. When the tools aren’t updated with the latest risks and environmental changes, the system creates false positives, which eventually get ignored. Our cybersecurity professionals partner with organizations to regularly maintain systems and ensure useful and actionable information is provided.

We recommend AlienVault Unified Security Management Software and intelligence to alert IT organizations to network anomalies, weaknesses, and possible attacks. This tool is very powerful and combines security event management, intrusion detection, and vulnerability analysis to alert IT, often before an attack is successful. Our cybersecurity professionals will help configure, monitor, and calibrate this system in order to ensure that your organization’s investment in these tools is a successful one.

Most security breaches include some level of social engineering, and accordingly, your people are essential to a sound cybersecurity program. At Guernsey, we support our clients by creating a culture of emphasis on cybersecurity. We develop and provide training and awareness programs with related supporting materials specifically for you.

Assistance with vulnerability management often involves helping clients select and manage solutions to identify and address and patch both software and configuration-based vulnerabilities before attackers can exploit them. Guernsey helps organizations design and execute the process to continuously acquire, assess, and act on new information to identify, prioritize, and remediate vulnerabilities.

Guernsey can help you design and implement standardized, secure configurations for operating systems, firewalls, routers, and switches. Hardening typically includes the removal of unnecessary accounts, disabling or removal of unnecessary services, applying patches, closing open and unused network ports, and the use of host-based firewalls. Properly designing and configuring network devices can be complicated, and misconfiguration may result in issues as minor as reduced network speed to as serious as a total breach of internal systems.

We work with organizations to develop, implement, and test disaster recovery and business continuity programs. Based on an evaluation of risk and identification of a range of disaster scenarios, we develop procedures required to restore operations. Guernsey will assist you with plan updates and maintenance by facilitating testing and executing tabletop exercises.

Timothy Fawcett, CISSP, CISA
Director of Cyber Security Consulting

Tim Fawcett is the Director of Cyber Security Consulting with Guernsey. He has extensive experience in performing risk assessments for IT environments and communicating best practices related to a range of systems and technologies. Tim started his career in information assurance and auditing in 2001. In his career, he has performed IT audits, risk assessments, and cyber threat and vulnerability analyses. Specific project topics include the areas of NERC-CIP compliance, PCI Data Security Standard compliance, ERP system security, application, and operating system security configurations, business continuity planning and disaster recovery, physical security, telecommunications, and security architecture and design.

timothy.fawcett@guernsey.us

T 405.416.8182
M 918.808.0558

Organizations that are eligible to purchase through GSA schedules can engage Guernsey through Schedule 70 - Contractor Awarded Unique Entity ID (DUNS): 062275144

Email: cybersecurity@guernsey.us

Phone: 405.416.8245