A solid security strategy takes more than a software package and an occasional checkup.
You need a team of good guys who are trained to think like the bad guys. That’s where our cybersecurity professionals come in. We have nationally accredited information security experts whose sole focus is to help our clients meet their risk management goals and compliance obligations with risk management, Regulatory support including certified CMMC Assessor (C3PAO), NERC CIP, PCI-DSS, and HIPAA, security and vulnerability reviews, security monitoring, training and awareness, program audits and incident response planning.
Assessment and Audit
We test to ensure your security program is designed effectively.
A complete cybersecurity program requires that controls and configurations are periodically evaluated. Guernsey provides an array of services that minimize cybersecurity risks by evaluating systems to make sure they are properly designed and operating effectively. Specific services include application security reviews, vulnerability scanning, penetration testing, and IT Audits. Call Guernsey today to help you prepare for the CMMC audit required for government contractors.
Guernsey is an Authorized C3PAO for CMMC. For more information about becoming CMMC complaint, click here: https://guernsey.us/services/c...
Governance Risk and Compliance (GRC)
Manage your Cybersecurity Program
Guernsey can help you meet regulatory and compliance obligations by implementing a Governance Risk and Control Program. Depending on regulatory or contractual requirements, organizations may be required to be compliant with different cybersecurity frameworks, pass a regulatory review or audit such as CMMC and SOC2.
We help you identify the appropriate framework to measure the design and effectiveness of your cybersecurity program. Common frameworks we have helped our clients implement include NERC-CIP, CIS7.1, NIST 800-171, CMMC, HIPAA, and Trust Services Criteria.
We track and measure compliance with control objectives, identify and map control activities, and create processes to collect evidence that controls are completed. We also identify control objectives that are not being met and prioritize recommendations for improvement based on risk.
Our GRC process is one of the best ways to continually measure the adequacy of your cybersecurity program. We have individuals with experience assisting organizations who must comply with various standards mandated by government entities, customers, or industry groups. We can help you build a cybersecurity program that provides security and complies with any applicable standards, including CMMC, NERC-CIP, PCI, HIPAA, FFIEC, and others. We can also prepare you for CMMC, SOC2, and HITRUST assessments.
Cybersecurity Management Service
Let us help you monitor your networks and controls.
Tools such as Security Event Management, Intrusion Detection Systems, and Vulnerability Scanners are designed to look at your systems and logs in order to detect incidents early. These tools are often an underutilized resource for a security program. If your staff doesn’t have the time to calibrate and maintain these tools, they become ineffective. When the tools aren’t updated with the latest risks and environmental changes, the system creates false positives, which eventually get ignored. Our cybersecurity professionals partner with organizations to regularly maintain systems and ensure useful and actionable information is provided.
We recommend AlienVault Unified Security Management Software and intelligence to alert IT organizations to network anomalies, weaknesses, and possible attacks. This tool is very powerful and combines security event management, intrusion detection, and vulnerability analysis to alert IT, often before an attack is successful. Our cybersecurity professionals will help configure, monitor, and calibrate this system in order to ensure that your organization’s investment in these tools is a successful one.
Training and Awareness
Our training is customized and client focused.
Most security breaches include some level of social engineering, and accordingly, your people are essential to a sound cybersecurity program. At Guernsey, we support our clients by creating a culture of emphasis on cybersecurity. We develop and provide training and awareness programs with related supporting materials specifically for you.
Helping clients select and manage solutions.
Assistance with vulnerability management often involves helping clients select and manage solutions to identify and address and patch both software and configuration-based vulnerabilities before attackers can exploit them. Guernsey helps organizations design and execute the process to continuously acquire, assess, and act on new information to identify, prioritize, and remediate vulnerabilities.
Properly configuring IT systems has been shown to eliminate 80-95% of known security vulnerabilities.
Guernsey can help you design and implement standardized, secure configurations for operating systems, firewalls, routers, and switches. Hardening typically includes the removal of unnecessary accounts, disabling or removal of unnecessary services, applying patches, closing open and unused network ports, and the use of host-based firewalls. Properly designing and configuring network devices can be complicated, and misconfiguration may result in issues as minor as reduced network speed to as serious as a total breach of internal systems.
Disaster Recovery and Incident Management Planning
We develop procedures required to restore operations.
We work with organizations to develop, implement, and test disaster recovery and business continuity programs. Based on an evaluation of risk and identification of a range of disaster scenarios, we develop procedures required to restore operations. Guernsey will assist you with plan updates and maintenance by facilitating testing and executing tabletop exercises.
You need a team of good guys who are trained to think like the bad guys. That’s where our cybersecurity professionals come in.
Timothy Fawcett, CISSP, CISA
Director of Cyber Security Consulting
Tim Fawcett is the Director of Cyber Security Consulting with Guernsey. He has extensive experience in performing risk assessments for IT environments and communicating best practices related to a range of systems and technologies. Tim started his career in information assurance and auditing in 2001. In his career, he has performed IT audits, risk assessments, and cyber threat and vulnerability analyses. Specific project topics include the areas of NERC-CIP compliance, PCI Data Security Standard compliance, ERP system security, application, and operating system security configurations, business continuity planning and disaster recovery, physical security, telecommunications, and security architecture and design.
GSA Schedule 70
Engage Guernsey through Schedule 70.
Organizations that are eligible to purchase through GSA schedules can engage Guernsey through Schedule 70 - Contractor Awarded Unique Entity ID (DUNS): 062275144