nist-powered managed cybersecurity
TechMD is a SSAE-19 Certified Security Services Provider. Our managed cybersecurity solutions follow the recommendations of the most widely accepted and proven cybersecurity authorities: the National Institute of Standards and Technology (NIST) and the Center for Internet Security (CIS), The NIST Cybersecurity Framework is the de-facto standard for managed cybersecurity, whether you’re simply looking to protect your business from cybercriminals or need to meet compliance requirements (like CMMC, HIPAA, and many others).
nist compliant managed cybersecurity services
In the face of growing cyber threats, all organizations need an ongoing cybersecurity program. One-time cybersecurity projects like installing anti-virus software or setting up firewalls are important, but they only protect one piece of the puzzle. A robust cybersecurity program that can protect your business from ongoing threats should answer three central questions:
1. How secure is our business today?
2. What is the appropriate level of cybersecurity for our business?
3. How can we improve cybersecurity practices to meet business objectives?
techmd's proven cybersecurity program
powered by nist csf
TechMD’s cybersecurity program is not something we invented. Instead we follow the assessment process and authoritative guidelines outlined by the National Institute of Standards and Technology (NIST) and the Center for Internet Security (CIS). As a SSAE 19 Certified Security Services Provider, we know which cybersecurity policies, controls, and procedures must be prioritized and we know how to implement them correctly. This means your business will be able to maximize your cybersecurity budget, align your risk tolerance to the right security maturity level, and show your clients and vendors that you take cybersecurity seriously.
step 1: security maturity level assessment
The first step in developing an ongoing cybersecurity program is conducting a deep-dive Security Maturity Level Assessment (SMLA). Our SMLA will provide you with a big picture look at your current cybersecurity posture and help you understand how secure your organization is today.
sml assessment process
- Confirmation of Specific Business Cybersecurity Requirements
- Interviews with key personnel: IT, HR, C-Level
- Review of the CIS Top 20 Controls + Sub Controls
- IT policy verification: verbal, written, automated, reported
- Evidence requests to prove control compliance
sml assessment deliverables
- Official Security Maturity Level Score
- Executive Summary Report
- Full Detail and Risk Analysis Report
- Customized system security plan with timeline and budget
- Live Web or In-Person Presentation with Q&A
step 2: review system security plan and budget
Once you know where your organization stands in terms of cybersecurity, we’ll help answer questions like “does my organization need an official certification?” and “what is the appropriate level of cybersecurity for us?”. Then we’ll meet to review and approve a customized system security plan and budget that meets your organization’s needs.
- Decide the SML Score appropriate for your business
- Decide if your business needs an official certification:
- CMMC, HIPAA, DFARS, ITAR, FISMA, FINRA, SOC for Cybersecurity, CCPA, HITRUST, etc.
- Confirm and approve managed cybersecurity budget
- Select Cybersecurity Officer and Team
- Sign Managed Cybersecurity Services Agreement
step 3: system security plan implementation
Finally, we’ll work through your system security plan at whatever pace fits your organization’s budget and timeframe.
- Implement Security Information and Events Management System
- Implement Vulnerability Management System
- Dark Web ID Monitoring and Response, Malware Endpoint Detection
- CIS Asset Hardening
- Quarterly: SMLA, Security Committee Meeting, Policy Review Meeting
- Monthly: Risk Management Meeting, Vulnerability Report Review
- 24x7x365 Security Monitoring and Security Administration
- CyberSOC Response, Escalation and Remediation Assistance for P1 alerts
we do cybersecurity right
TechMD has decades of experience implementing cybersecurity products, services and solutions. We do not just recommend products—we do the work, test them in our own environment first, perform detailed analysis, and then recommend them to our clients. If you have an existing IT team or cybersecurity program in place and are looking for specific tools to complement or improve security, we can help.
- Backups + Disaster Recovery for servers and workstations
- Best in class Recovery Time Objective (RTO) and Recovery Point Objective (RPO)
- Local Backup, Cloud Backup + Instant Virtualization
- Nightly backup verification and automated quality inspection
- Microsoft Office 365 and G-Suite Automated Backups
- 24/7 Cyber Security Operations Center (SOC)
- Security Information and Events Management (SIEM) System
- Local offices
- Cloud environments
- Vulnerability scans: internal, external & host based
- Emergency Cyber Incident Response
- Dark Web Monitoring
education & training
- Online Cybersecurity Education Portal
- Annual Cybersecurity Training + Test
- Email Phishing Simulation
- IT Security Policies
- Employee Security Score (ESS) for Compliance Tracking
- HIPAA focused training module available
- Penetration Testing
- Local Network
- Web Applications
- Social Engineering Simulations
- Cloud Security Configuration
- Microsoft Office 365
- Azure Infrastructure
- Firewall Security Management
- Role-Based Access Control: files, apps, systems
- Microsoft and Third –Party Patch Management
- Wi-Fi Security
- IT Asset Management
- IT Documentation and Standardized IT Policies
security software tools*
- Multifactor Authentication
- Encryption Solutions: email, data, hardware
- Spam + Web + Content Filtering
- Endpoint Protection (Anti-Virus, Anti-Malware, AEP)
* Included for TechMD Managed IT Service clients
You have probably heard the news by now that Russia has invaded Ukraine, and this will likely have a major impact on the cybersecurity world moving forward. The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is recommending that all American organizations be on high alert, especially small and mid-sized businesses as they are seen as softer targets for cybercriminals.
Every year, Verizon releases their Data Breach Investigations Report (DBIR) and it usually contains some useful takeaways about how SMBs can protect themselves from cybercriminals. In case you haven’t read this 119-page report, here’s TechMD’s breakdown of the Top 3 most relevant takeaways for your business.
Microsoft has announced that Hafnium, a Chinese-backed cybercriminal organization, has been taking advantage of four zero-day exploits to attack on-premises Microsoft Exchange servers. We strongly recommend that any organizations with on-premises Exchange servers, including hybrid Office 365 setups, should apply Microsoft’s patch immediately.