Portfolio
Data Protection Program for a Fortune 500 company of 20,000+ employees
Case Description
Implementation of a corporate-wide Data Protection program involving identification, classification and labeling of unstructured data with sensitive information. One of the largest and earliest implementations of its kind. A technical implementation of Microsoft information protection, data loss prevention, cloud access and cyber defense tools. A detailed change management plan that enabled a shift in how 20,000+ employees across 33 business units thought about, labeled and protected sensitive information.
Case Results
Data Protection strategy
Implementation of Microsoft information protection tools
A systematic and automated data labeling and remediation process
Organizational change management plan
An easy to use tool adopted by 20,000+ employees
Phased roll-out to 33 business units
Reduction of organizational risk reported to board with metrics
Cyber Security program assessment for a Fortune 500 SaaS company
Case Description
Assessment of the Information Security program of a SaaS company against NIST 800-53 to identify and document risks, controls, gaps and prepare a roadmap for remediation to achieve compliance. Agreed upon project scope, milestones and deliverables. Identification of stakeholders and a kick off meeting to ensure objectives are aligned. Leveraging a combination of interviews, documentation analysis, and technical assessments, our team meticulously evaluated the effectiveness and maturity of each control domain outlined in NIST 800-53.
Case Results
Comprehensive documentation of gaps
Board-level presentation of gaps with heat map
Documentation of existing processes and controls with flowcharts
Prioritized roadmaps for resolution with estimated effort and timelines
Recommendations included technological upgrades, policy enhancements, and workforce training initiatives to bolster cybersecurity posture.
Third Party Risk Management & Business Continuity program establishment for a FinTech startup
Case Description
Setup of Third Party Risk Management program through conducting a comprehensive assessment of the startup’s vendor relationships, identifying critical dependencies and potential vulnerabilities. Establishment of a tailored framework to mitigate risks, establish clear protocols for due diligence, and ensure ongoing monitoring of third-party performance and security standards, leveraging industry best practices. Implementation of a robust Business Continuity program, designing contingency plans and conducting drills to ensure the company’s operations remained resilient in the face of unforeseen disruptions, safeguarding both the company’s reputation and its stakeholders’ interests.