What do I do next?
We were founded to answer that question.
WynnSecure is a management consultant firm for the design and implementation of the information security program lifecycle.
We assist organizations with comprehensive program development including policies, awareness programs, incident response, breach tabletop exercises, staff evaluations, third party information security risk management programs, and information security project management.
Organizations find they must complete vulnerability assessments and penetration tests for many reasons:
To be in compliance with their industry regulations
To satisfy customer requests
To be completed at the direction of their Board of Directors
To be ethical and excel
After the assessment is completed, the engagement draws to an end and the organization is provided the results. There may be too many findings to easily comprehend and these findings must be added to the existing long list of issues from other audits and assessments.
If you have found yourself in that situation, WynnSecure can help.
It is likely the root cause is a missing or incomplete information security program.
With WynnSecure's expertize and your team's desire to implement an information security program, your organization can create processes to reduce the existing findings and create sound practices to prevent issues from occurring in your environment.
Information Security Policy Review and Implementation
Every organization needs to have information security policies to govern how they protect their information. We understand that not all organizations are the same.
WynnSecure helps you understand the information security policies appropriate to your organization and prepare drafts that you can submit through your policy approval process.
Information Security Awareness Program Implementation
Once your organization has an approved information security strategy with executive leadership buy-in, you will need to ensure you build a culture of information security into your business. An effective program is not a one size fits all design.
While you will need to have a common curriculum for everyone, you will need to have training customized for your executive leaders and workforce who handle specialized information such as credit card data, health information, and other personally identifiable information.
WynnSecure can assist you with implementing an Information Security Awareness Program tailored to your business’ needs.
Evalute and Coach Information Security Staff
WynnSecure helps you evaluate your current workforce competencies and understand their information security skills strengths and weaknesses.
We assess the existing workforce compared to the information security services and processes to identify gaps.
We assist you with creating a staffing plan aligned to the information security strategic plan objectives and develop a multi-year staffing model.
We can coach your existing team in their efforts of improving your program.
Third Party Information Security Risk Assessment Program
Third party relationships are key to the success of many businesses.
You will need to ensure that the vendors you rely on will not degrade the security of your information.
Regulators expect organizations to develop programs aligned with the size and complexity of their organization.
WynnSecure can help you create a third party information security risk assessment program that is aligned with your internal risk structure and industry standards.
Information Security Incident Response Team Implementation
When you detect a security incident you have to be ready.
You will need a team trained in how to respond.
You will need a documented incident response plan.
WynnSecure helps you organize for a successful response to incidents including the evaluation and proactive contracting with third parties you will need in place before the incident occurs.
Information Security Breach Tabletop Exercise
When your information security program is established and you have implemented an incident response strategy, it is imperative that you test it.
A tabletop exercise is an ideal way to walk through your plan by using predefined scenarios.
WynnSecure can assist your business with developing appropriate scenarios and then holding workshops with your incident response teams and your business leaders.
The goals of the exercise are to:
Identify shortcomings in your existing plans allowing for improvements before an actual incident;
Train your teams in what to expect during an actual incident and prepare them to defend your organization; and
Ensure an appropriate communication strategy is in place supporting conversations from the individual contributors to the CEO.
Information Security Program Development and Remediation
WynnSecure can help you develop a comprehensive information security program so you can understand your current state and move to an improved state.
Begin with an initial identification of the broad information security risk areas using a simple risk assessment methodology.
Continue with a comprehensive information security risk assessment to measure maturity across the applicable information security domains using detailed risk assessment methodologies commonly accepted by your industry.
We work with you to identify the critical business assets most affected by your information security deficiencies and create protection strategies for them.
Provide guidance on the development of an information security strategic plan.
A customized information security program consisting of defined services and process specific to your business will be identified and drafted. These services and process will be mapped to your critical business assets resulting in an operational framework for managing information security activities.
Applicable metrics will be identified to evaluate the effectiveness of your information security program.
The program development service can be customized to account for progress your business has already made in establishing your information security program.
Joe has held positions of Chief Information Security Officer (CISO) in the energy and higher education industries where he has built service-based and business-strategy aligned information security programs.
The programs were established according to a comprehensive security architecture framework aligned to common industry and international standards. He used the frameworks for continuous program improvement.
Joe is a firm believer in success through ownership. Programs must have defined services and processes where individuals are accountable for each activity. Programs without ownership and accountability will degrade and fail.
In 2011, Joe co-founded BSidesPittsburgh, an annual volunteer run information security conference. Security BSides is part of a global series of community-driven conferences presenting a wide range of information security topics.
email: info [at] wynnsecure.com