A solid security strategy takes more than a software package and an occasional checkup.
You need a team of good guys who are trained to think like the bad guys. That’s where our cybersecurity professionals come in. We have nationally accredited information security experts whose sole focus is to help our clients meet their risk management goals and compliance obligations with risk management, Regulatory support including NERC CIP, PCI-DSS, and HIPAA, security and vulnerability reviews, security monitoring, training and awareness, program audits and incident response planning.
Assessment and Audit
We test to ensure your security program is designed effectively.
A complete cybersecurity program requires that controls and configurations are periodically evaluated. Guernsey provides an array of services that minimize cybersecurity risks by evaluating systems to make sure they are properly design and operating effectively. Specific services include application security reviews, vulnerability scanning, penetration testing, and IT Audits. Call Guernsey today to help you prepare for the CMMC audit required for government contractors.
Cybersecurity Management Service
Let us help you monitor your networks and controls.
Tools such as Security Event Management, Intrusion Detection Systems, and Vulnerability Scanners are designed to look at your systems and logs in order to detect incidents early. These tools are often an underutilized resource for a security program. If your staff doesn’t have the time to calibrate and maintain these tools, they become ineffective. When the tools aren’t updated with the latest risks and environmental changes, the system creates false positives, which eventually get ignored. Our cybersecurity professionals partner with organizations to regularly maintain systems and ensure useful and actionable information is provided.
We recommend AlienVault Unified Security Management Software and intelligence to alert IT organizations to network anomalies, weaknesses, and possible attacks. This tool is very powerful and combines security event management, intrusion detection, and vulnerability analysis to alert IT, often before an attack is successful. Our cybersecurity professionals will help configure, monitor, and calibrate this system in order to ensure that your organization’s investment in these tools is a successful one.
Training and Awareness
Our training is customized and client focused.
Most security breaches include some level of social engineering, and accordingly, your people are essential to a sound cybersecurity program. At Guernsey, we support our clients by creating a culture of emphasis on cybersecurity. We develop and provide training and awareness programs with related supporting materials specifically for you.
Helping clients select and manage solutions.
Assistance with vulnerability management often involves helping clients select and manage solutions to identify and address and patch both software and configuration-based vulnerabilities before attackers can exploit them. Guernsey helps organizations design and execute the process to continuously acquire, assess, and act on new information to identify, prioritize, and remediate vulnerabilities.
Properly configuring IT systems has been shown to eliminate 80-95% of known security vulnerabilities.
Guernsey can help you design and implement standardized, secure configurations for operating systems, firewalls, routers, and switches. Hardening typically includes the removal of unnecessary accounts, disabling or removal of unnecessary services, applying patches, closing open and unused network ports, and the use of host-based firewalls. Properly designing and configuring network devices can be complicated, and misconfiguration may result in issues as minor as reduced network speed to as serious as a total breach of internal systems.
Disaster Recovery and Incident Management Planning
We develop procedures required to restore operations.
We work with organizations to develop, implement, and test disaster recovery and business continuity programs. Based on an evaluation of risk and identification of a range of disaster scenarios, we develop procedures required to restore operations. Guernsey will assist you with plan updates and maintenance by facilitating testing and executing tabletop exercises.
You need a team of good guys who are trained to think like the bad guys. That’s where our cybersecurity professionals come in.
Timothy Fawcett, CISSP, CISA, CSSA
Director of Cyber Security Consulting
Tim Fawcett is the Director of Cyber Security Consulting with Guernsey. He has extensive experience in performing risk assessments for IT environments and communicating best practices related to a range of systems and technologies. Tim started his career in information assurance and auditing in 2001. In his career, he has performed IT audits, risk assessments, and cyber threat and vulnerability analyses. Specific project topics include the areas of NERC-CIP compliance, PCI Data Security Standard compliance, ERP system security, application, and operating system security configurations, business continuity planning and disaster recovery, physical security, telecommunications, and security architecture and design.
Cyber Security Consultant
Isaac is an experienced pentester with experience from dozens of penetration tests. Working with companies of all fields and all sizes, he can communicate effectively and promptly with all parties involved. Other than pen testing, he has experience in physical security assessments and forensic work.
Forensic Security Analyst
As the lead forensic examiner, Hunter's responsibilities include forensic imaging, investigations, and testifying in court. Hunter is also an expert witness in the state of Oklahoma.
GSA Schedule 70
Engage Guernsey through Schedule 70.
Organizations that are eligible to purchase through GSA schedules can engage Guernsey through Schedule 70 - Contractor Awarded Unique Entity ID (DUNS): 062275144