We will soon officially announce a new set of services called TeamSecurity.
What are these services, you may ask? They are a collection of three service levels whereby the Botz team partners with your IT team to varying degrees to help you manage your security at a much lower cost than hiring that expertise full time.
All three levels of TeamSecurity provide an Annual Risk Assessment plus ongoing monitoring of critical IBM i security configuration factors that are associated with increased risk.
The middle level also provides security expertise on a monthly basis to work on any security issues you ultimately determine need to be addressed. Our expertise and input help you identify and prioritize those issues.
Our highest level of service, the Virtual Chief Information Security Officer (Virtual CISO) package, includes all the services provided at the lower levels, plus it embeds our deep understanding and expertise in information security management into your management and technical processes.
Don’t have information security management processes? This is the single biggest sign that your organization is at risk! We’ll help you establish and execute the processes you need in order to identify, manage and mitigate risk – and to make rational business trade-offs between risk and cost.
Why are we launching Team Security now? Attacks against small and mid-sized companies have skyrocketed. (Read The Rise of “Fractional” CISO Services for the top 4 trends that make smaller businesses the ideal targets for today’s breaches.)
Because the risk is so great, the National Institute of Standards and Technology (NIST) now recommends that organizations start with the assumption that they have already been breached. You should assume that one or more attackers have compromised your environment. They may have come and gone already; or, they may have left malware and created back doors in your system so they can come and go as they please.
Detecting and reacting to a breach requires an entirely different set of skills and business and technical processes than those required to prevent (or attempt to prevent) breaches.
Due to the current state of affairs, security can no longer be a “set and forget” proposition. It requires ongoing monitoring of your systems, assuming someone has already breached your network, and proactively seeking evidence of that breach or compromise. Detecting and reacting to a breach requires an entirely different set of skills and business and technical processes than those required to prevent (or attempt to prevent) breaches.
New business processes are also required to make appropriate business and technical tradeoffs about risk, risk mitigation, and prioritization. These new processes don’t necessarily require more headcount. They do, however, require that you use your existing headcount in more effective ways.
Many businesses (IBM i and non-IBM i alike) simply don’t have this expertise in-house and can’t afford to hire a CISO. So that’s why we are introducing our TeamSecurity offerings.
We’re not looking to be the consultant that tells you what to do and then leaves you on your own. We act as a virtual member of your IT organization, available on an ongoing basis for both planned and as-needed work.
This model carries several benefits:
- Our experts keep up-to-date on the latest threats, vulnerabilities, technologies, compliance issues and best practices, so you and your staff don’t have to. It’s necessary to identify the process and technical changes an organization needs to make. We can bring that knowledge and expertise to each of our clients at a lower price because multiple customers contribute to the overhead of acquiring and maintaining our expert skill set.
- Identifying the changes you need to make is one important aspect of information security management. Implementing technical changes is another. Technical change can sometimes be easy, but it often requires architecture, design, and careful planning – typically beyond the skillset of in-house staff.
- In addition to helping you identify what to do and how to do it, our TeamSecurity offerings provide the implementation skills to mentor your staff in implementing changes or to implement them more quickly than you can with your existing staff.
I’m really excited about how we can help small and medium sized businesses begin to proactively manage security and to be able to do it a price that hasn’t been available to them in the past.
Watch for our official announcement. In the meantime, contact me if you’d like to learn more.