Business Continuity – the planning and process by which organizations maintain operation, not severely disrupted by an unwanted incident – helps keep business things humming. So, it’s good to have an awareness of the concepts of effective network security. (Turn around, bud, the thing of beauty is behind you.)
Volume 2 • From Compliance to Comprehensive Support Program
The cybersecurity terms defined here are based on Bryley’s business continuity pyramid. These terms and concepts range from foundational tools to advanced approaches. The pyramid itself was created as a visual reference to achieving a strong defense: the lower the term appears on the pyramid the more foundational it is, the converse is true, too.
Some of these terms relate specifically to how Bryley performs its IT role. These are noted, but the principles behind the topics are common to the practice of IT.
Compliance
Compliance in IT-terms refers to satisfying governmental and/or industry standards for cybersecurity or privacy.
Such requirements include:
- Health Insurance Portability and Accountability Act (HIPAA)
- Payment Card Industry Data Security Standard (PCI-DSS)
- FTC Safeguards for financial services organizations that are not governed by the SEC (the SEC has its own rules)
- Fair Credit Reporting Act (FCRA)
- Cybersecurity Maturity Model Certification (CMMC)
- Defense Federal Acquisition Regulation Supplement (DFARS)
- NIST Cybersecurity Framework (each insurer is different, but NIST [National Institute of Standards and Technology] guidelines are often a basis for cyber-insurance standards)
There is overlap in many of these rules. As an example the Massachusetts law that protects the privacy of individuals’ data held by organizations (201 CMR 17.00) is usually consistent with insurance companies’ prescribed cybersecurity practices.
The rules and laws generally aim to protect the ones we do business with. Some rules predate business computing, like the Fair Credit Reporting Act. Digitization makes protecting the information our organizations collect much more challenging. And now, largely, data is kept on machines connected to the internet. The internet was not built for security, but for the exchange of information. Obviously and sadly, people have used this founding characteristic of the internet to cause havoc. Compliance – while, yes, enforced by the threat of legal action – can provide a baseline guide for organizations to have controls in place to keep the data it stewards away from those who would use it maliciously.
Comprehensive Support Program (CSP)
Bryley’s Comprehensive Support Program (CSP) is Bryley’s structure for delivering managed IT services. Bryley’s managed IT services:
- Can handle routine IT tasks
- Can augment an internal IT team
- helping with handling the various IT functions to outsource for desired outcomes.
- Can act as an organization’s outsourced IT department
- Organizations have access to expert IT professionals, specialized tools and a focus on proactive maintenance. This can help cut costs, improve efficiency and operational performance.
- Provides access to a team of experienced IT professionals.
- A Managed Service Provider (MSP) has the expertise and resources to handle a wide range of IT tasks, from network administration and cybersecurity to software deployment and data backup. This allows businesses to focus on their core competencies while knowing that their IT infrastructure is being managed by experts.
Bryley’s CSP is available to support
- Network Infrastructure that includes support for cloud and on-premises servers, firewalls, routers, gateways, switches, IoT devices, etc.
- Mission-Critical Applications, in which Bryley acts as a technical liaison for mission-critical applications like Active Directory, SharePoint, VMware, SQL databases, Exchange Servers, your ERP, etc.
- Endpoints, such as workstations, laptops, desktops, mobile devices and tablets. Provides remote support, Windows critical patching and updates and manages antivirus, anti-malware and anti-spyware
- Backup and Data Recovery that secures and preserves your data with options for local or cloud spin-up of servers and mission-critical applications.
- 3-2-1 data-redundancy program
- full-image backup with 1-year data retention with spin-up capabilities for mission-critical VMs
- unlimited remote support
- daily monitoring of backups
- Cybersecurity, including multi-factor authentication, file and patch updates, antivirus, anti-malware, anti-spyware, network assessments, web content filtering, dark web monitoring, phishing campaigns, advanced email threat protection, incident response plan, vulnerability assessments, risk assessments, compliance readiness (see above) and penetration testing
- Strategic and Custom Business Continuity, such as Bryley Virtual CIO/CTO, strategic planning and custom IT needs, periodic on-site technical visits, compliance readiness and application support
Bryley is available to advise regarding your organization’s particular IT needs. Since 1987 Bryley has helped organizations build networks and deal with cyber-threats. To speak to Roy Pacitto, please complete the form, below, call 978.562.6077 x217 or email RPacitto@Bryley.com or schedule a 15-minute call via Roy’s Calendly.
Lawrence writes about networking and security. He’s written for Bryley since 2015.
Fill in our quick form.
We’ll schedule an introductory phone call.
We’ll take the time to listen and plan the next steps.
