NIST-POWERED MANAGED CYBERSECURITY
TechMD's managed cybersecurity solutions follow the recommendations of the most widely accepted and proven cybersecurity authorities: the National Institute of Standards and Technology (NIST) and the Center for Internet Security (CIS). The NIST Cybersecurity Framework is the de-facto standard for managed cybersecurity, whether you're simply looking to protect your business from cybercriminals or need to meet compliance requirements (like CMMC, HIPAA, HITRUST, and many others).
FOR SMALL & MID-SIZED BUSINESSES
In the face of growing cyber threats, all organizations need an ongoing cybersecurity program. One-time cybersecurity projects like installing anti-virus software or setting up firewalls are important, but they only protect one piece of the puzzle. A robust cybersecurity program that can protect your business from ongoing threats should answer three central questions:
1. How secure is our business today?
2. What is the appropriate level of cybersecurity for our business?
3. How can we improve cybersecurity practices to meet business objectives?
TECHMD’S PROVEN CYBERSECURITY PROGRAM
POWERED BY NIST CSF
TechMD’s cybersecurity program is not something we invented. Instead we follow the recommendations of the most widely accepted and proven cybersecurity authorities: the National Institute of Standards and Technology (NIST) and the Center for Internet Security (CIS). The NIST Cybersecurity Framework and the CIS Top 20 security controls are the de-facto standards for countering cybersecurity threats, and their prescriptive framework offers specific guidance for businesses in all industries.
Step 1: Security Maturity Level Assessment
The first step in developing an ongoing cybersecurity program is conducting a deep-dive Security Maturity Level Assessment (SMLA). Our SMLA will provide you with a big picture look at your current cybersecurity posture and help you understand how secure your organization is today.
SML Assessment Process
- Confirmation of Specific Business Cybersecurity Requirements
- Interviews with key personnel: IT, HR, C-Level
- Review of the CIS Top 20 Controls + Sub Controls
- IT policy verification: verbal, written, automated, reported
- Evidence requests to prove control compliance
SML Assessment Deliverables
- Official Security Maturity Level Score
- Executive Summary Report
- Full Detail and Risk Analysis Report
- Customized system security plan with timeline and budget
- Live Web or In-Person Presentation with Q&A
Step 2: Review System Security Plan and Budget
Once you know where your organization stands in terms of cybersecurity, we'll help answer questions like “does my organization need an official certification?” and “what is the appropriate level of cybersecurity for us?”. Then we’ll meet to review and approve a customized system security plan and budget that meets your organization’s needs.
- Decide the SML Score appropriate for your business
- Decide if your business needs an official certification:
- CMMC, HIPAA, DFARS, ITAR, FISMA, FINRA, SOC for Cybersecurity, CCPA, HITRUST, etc.
- Confirm and approve managed cybersecurity budget
- Select Cybersecurity Officer and Team
- Sign Managed Cybersecurity Services Agreement
Step 3: System Security Plan Implementation
Finally, we’ll work through your system security plan at whatever pace fits your organization’s budget and timeframe.
- Implement Security Information and Events Management System
- Implement Vulnerability Management System
- Dark Web ID Monitoring and Response, Malware Endpoint Detection
- CIS Asset Hardening
- Quarterly: SMLA, Security Committee Meeting, Policy Review Meeting
- Monthly: Risk Management Meeting, Vulnerability Report Review
- 24x7x365 Security Monitoring and Security Administration
- CyberSOC Response, Escalation and Remediation Assistance for P1 alerts
WE DO CYBERSECURITY RIGHT
TechMD has decades of experience implementing cybersecurity products, services and solutions. We do not just recommend products—we do the work, test them in our own environment first, perform detailed analysis, and then recommend them to our clients. If you have an existing IT team or cybersecurity program in place and are looking for specific tools to complement or improve security, we can help.
- Backups + Disaster Recovery for servers and workstations
- Best in class Recovery Time Objective (RTO) and Recovery Point Objective (RPO)
- Local Backup, Cloud Backup + Instant Virtualization
- Nightly backup verification and automated quality inspection
- Microsoft Office 365 and G-Suite Automated Backups
- 24/7 Cyber Security Operations Center (SOC)
- Security Information and Events Management (SIEM) System
- Local offices
- Cloud environments
- Vulnerability scans: internal, external & host based
- Emergency Cyber Incident Response
- Dark Web Monitoring
EDUCATION & TRAINING
- Online Cybersecurity Education Portal
- Annual Cybersecurity Training + Test
- Email Phishing Simulation
- IT Security Policies
- Employee Security Score (ESS) for Compliance Tracking
- HIPAA focused training module available
- Penetration Testing
- Local Network
- Web Applications
- Social Engineering Simulations
- Cloud Security Configuration
- Microsoft Office 365
- Azure Infrastructure
- Firewall Security Management
- Role-Based Access Control: files, apps, systems
- Microsoft and Third –Party Patch Management
- Wi-Fi Security
- IT Asset Management
- IT Documentation and Standardized IT Policies
SECURITY SOFTWARE TOOLS*
- Multifactor Authentication
- Encryption Solutions: email, data, hardware
- Spam + Web + Content Filtering
- Endpoint Protection (Anti-Virus, Anti-Malware, AEP)
* Included for TechMD Managed IT Service clients