INFORMATION SECURITY SERVICES
Do the countless stories of cyber security attacks make you nervous? Do you start sweating thinking about what would happen to your business if...? Information threats are no joke, but putting bandaids, or mending broken fences aren't going to keep them at bay for long. That is why Scalesology not only weaves in best-in-class security protocols but works with you to ensure your business has the right processes in place to keep you in business. Implementing proper information security practices allows your business to scale without fear of threat.
​
Whether it is threat hunting, evaluating your current programs or providing threat intelligence, Scalesology provides an unbiased and valuable perspective. We can help your organization on an ongoing basis with our vCISO services or with a project focused on your specific need.
​
Virtual Chief Information Security Officer (vCISO)
Most organizations need leadership-level expertise to manage their information security program, but they don’t need someone in that role full-time. We offer Fractional Chief Information Security Officer services to provide experts in the field for anything from a few hours a month to quarter-time, depending on your specific needs.
​
Information Security Services:
​
Risk Assessments
Understanding risks, threats, and holes take experience and an outside perspective. Scalesology looks at the landscape not just in your industry or business, but globally, tapping into key trends and emerging threats. Technology evolves rapidly, and checklists are insufficient; you need to have a view of the entire landscape to be effective considering people, processes, and technology. Our holistic approach provides peace of mind by reviewing not just the external, but internal threats and all steps and processes in between.
​
Business Continuity and Disaster Recovery Planning
If recent history has taught us anything, it's that disasters happen. In the wake of the World Trade Center collapse on 9/11 we saw some tenants fail and others thrive based on whether they had business continuity and disaster recovery plans. These plans were further tested a few years later with Hurricane Katrina, and most recently by the pandemic and supply chain disruption. We can't anticipate every possible disaster our organizations will face, so business continuity and disaster recovery planning focuses on the critical business processes and what resources those processes require. Scalesology can help you with this planning with everything from coaching to complete plan preparation.
Threat Hunting Program Development
Too often organizations use a reactive approach to security. This means attackers often live in an organization’s systems for months – looking through an organization's data, picking out the crown jewels, and exfiltrating them – before being detected and eradicated. Instead of waiting around for a sign that you've been breached, a better approach is a threat hunting program to proactively look for signs of intrusion, allowing for early detection and eradication, hopefully before any serious damage is done.
​
Security Orchestration Automation Recourse (SOAR) process modernization
As an organization grows, so does its security program, and the number of controls it has in place to protect its information. While these controls are good in that they provide defense-in-depth, it can also produce a significant workload on your staff by having to constantly jump between tools, for instance to collect log data in response to an alert, or to block malicious actors more quickly. This is where Security Orchestration Automation and Response (SOAR) comes into play; SOAR allows you to define your security workflows, and to a large extent automate those workflows, reducing the load on your overworked staff. Scalesology brings together our expertise in application integration and security to help you deploy and configure SOAR solutions for your environment.
Blockchain and Cyptocoin Security Services
Cryptocoins or cryptocurrency, and blockchain or Web3 is all the rage these days. There are different takes on the potential utility for this technology, but regardless of your views on the future potential you may still want to invest in cryptocurrency as part of your investment portfolio. Unfortunately, cryptocurrency – by design – operates differently than traditional securities like stocks, bonds, and mutual funds. Instead, it’s more like investing in precious metals where you are holding onto the gold, silver, platinum, etc. yourself. The risk here is that may be easy to steal from you, in the same way someone might smash your window and grab gold you have sitting on the kitchen counter. While it sounds outlandish to leave gold sitting on your kitchen counter, that’s the level of protection many people have on their cryptocurrency. Scalesology can help you protect your investment by helping you set up appropriate protections for your cryptocurrency – the virtual equivalent of safes and safe deposit boxes – such as strong passwords, multifactor authentication, offline wallets, and hardware wallets.
Security Program Strategy
Building an effective strategy doesn't just mean just solving for immediate obstacles, but looking towards future needs. Our collaborative approach provides options, education, and prioritization to support effective decision-making and guidance as you scale. Not every business needs a complete overhaul, and we will find the right approach that aligns with your goals. Our strategies are customized to your organization's needs, size and maximizes the value for your security spend. It's always our preference to build security by design instead of defaulting to a wack a mole approach.
Security Policy Creation
Security policies provide some of the biggest bang for the buck of any security controls. Security policies help organizations by providing clear guidance to all staff on issues such as appropriate use, data handling, and data retention such that incidents don't occur simply because staff did not know any better. Policies also give organizations leverage in the event of employee malfeasance, or gross negligence. Scalesology can help your organization quickly deploy simple policies tailored for your environment, or more detailed policies when necessary, such as for highly regulated entities.
​
Incident Response Planning
Successful organizations must be resilient. Besides business continuity and disaster recovery planning, organizations should be prepared for information security incidents. When performing the security planning for any organization we look for controls that will reduce the likelihood and impact of any sort of security incident. Most controls – like firewalls and multifactor authentication – are focused on reducing the likelihood of incidents; having a tested incident response plan is typically the most important thing an organization can do to reduce the impact of any sort of security incident. Incident response plans reduce incident impact by allowing for a fast and organized response to incidents, reducing the time a threat actor has to do damage. Scalesology can help by reviewing or creating your instant response plan, as well as help you test the plan so that your entire team knows what to do before an incident happens.
​
Data Protection
Data Protection Impact Assessments (DPIAs) are important for both security and privacy of data in an organization. A (DPIA) documents the full lifecycle of data in an application, from collection, through processing, storage, and deletion. By looking at the life cycle of the specific data in an application, it allows us to ensure that we have identified the risks to that data, especially when that data directly impacts people, and have appropriate protections in place. DPIAs as are required for high-risk processing by the General Data Protection Regulation (GDPR), and as such represent best-practice by most privacy regulations such as the California Consumer Privacy Act (CCPA).
​
Software Development Life Cycle (SSDLC) Security
While social engineering remains the most popular vector for external attackers, application vulnerabilities have been responsible for some of the most devastating attacks to hit organizations. The best way to guard against application attacks is to build in is to avoid application vulnerabilities in the first place. This is accomplished using a Secure Software Development Life Cycle (SSDLC), where security is built in as the application is developed. Scalesology can help you with your SSDLC by creating a policy and procedures tailored for your environment to produce appropriately secure software right out of the gate. Additionally, Scalesology can help implement these procedures by working with your development team on things such as architecture reviews, code reviews, unit testing, and system tests including penetration testing period. Of course, Scalesology can also help by taking over by serving as the lead developer on your application.
​