RedLegg's unique approach to Security Program Development is based on a solid Risk Management Foundation. The Risk Management approach considers the business needs while navigating the complexities of legal, regulatory and security requirements.
Presentation on how to chat with PDF using ChatGPT code interpreter
RISK MANAGEMENT
1. RISK MANAGEMENT
RISK MANAGEMENT
Redlegg’s unique approach to Security Program Redlegg’s ARMEE (Assess, Remediate, Monitor, Educate,
Development is based on a solid Risk Management Enforce) methodology applies a lifecycle approach to Risk
foundation. The Risk Management approach considers the Management. This lifecycle is applicable regardless of
business needs while navigating the complexities of legal, regulatory requirements and is designed to be portable to
regulatory, and security requirements. the unique legal, regulatory, security, and business needs
of the organization.
Assess
• Risk Assessment
• Compliance Gap Assessment / Readiness
• Vulnerability Assessment ASSESS
• Security Controls Review
• Network Architecture Review
Remediate
• Policy and Procedure Development ENFORCE REMEDIATE
• Incident Preparedness Development
RISK
• Network, System, and Data Security
Controls Implementation
MANAGEMENT
• System Hardening / Configuration
Monitor
• Data Flow Monitoring
• Log Monitoring / Management
• Intrusion Detection EDUCATE MONITOR
• Configuration / Change Management
• Account / Activity Auditing
Educate
• Security Awareness Development and
Delivery
• Information Security and
Risk Management Workshops
Enforce
• Data Loss Prevention
• Encryption
• Endpoint Protection
• Content Filtering
• Vulnerability Management
• Wireless Intrusion Prevention
311 N Aberdeen Ste 300C, Chicago, Illinois 60607 | Tel. 877 811 5040 | Fax. 312 275 7806 | www.redlegg.com
2. ASSESS
ISO 27002 Gap Assessment Cloud Security Assessment
RedLegg’s ISO 27002 Gap Assessment provides a RedLegg’s Cloud Security Assessment offering has been
comprehensive assessment of Security Policies, developed in accordance with the Cloud Security Alliance
Procedures, and Controls currently in place as well as framework. RedLegg is committed to participating
recommendations for enhancements that support and driving the security standards associated with cloud
regulatory and business requirements. computing and sits on the board of the CSA Chicago
Chapter.
RedLegg’s Anatomy of a Hack
RedLegg’s FISAP (Shared Assessment Program) RedLegg’s Enterprise Security Assessment includes an
Anatomy of a Hack that outlines the specific steps the
assessor has taken to compromise your environment.
RedLegg’s FISAP (Financial Institution Shared Assessment This provides a unique perspective from an attacker’s
Program) allows clients to reduce their 3rd party audit point of view that allows you to focus on the
requirements while providing their clients with increased vulnerabilities that present the greatest degree of risk and
assurance their data is protected. impact to your environment.
311 N Aberdeen Ste 300C, Chicago, Illinois 60607 | Tel. 877 811 5040 | Fax. 312 275 7806 | www.redlegg.com
3. REMEDIATE
Policy Framework Development Incident Response Plan
Developing a comprehensive Risk Management Program RedLegg’s Incident Response Plan provides the
begins with a foundation of policies and procedures. preparedness required to respond to unexpected events.
RedLegg’s Policy Framework creates the Governance Identifying Roles and Responsibilities as well as testing the
required to manage the security program and is based on plan ensures the organization is able to effectively contain
the ISO 27002 standard. This approach allows for portability and manage data compromises.
to any applicable regulatory requirements such as HIPAA
or PCI.
Security Controls Design and Implementation
RedLegg’s consultative approach to evaluating, selecting, Physical Controls Data Controls
designing, and deploying security solutions provides • Video Surveillance • Endpoint Protection
clients with the assurance the right solution is being • Access Control • Mobile Device
selected in accordance with business requirements. Management
RedLegg’s security solution portfolio supports a full array Network Controls
• Encryption
of vendor solutions and allows clients to implement • Firewalls
• Tokenization
solutions that support the Monitoring and Enforcement • Intrusion Detection
components of the security lifecycle. • Content Filtering Security Information
Application Controls and Event Management
• Vulnerability (SIEM)
• Log Management
Policies and Procedures Management
• Event Monitoring /
• Access Control
Alerting
• Configuration
Physical Network Application Data
Management
Controls Controls Controls Controls
• Change Management
Security Information and Event Management
311 N Aberdeen Ste 300C, Chicago, Illinois 60607 | Tel. 877 811 5040 | Fax. 312 275 7806 | www.redlegg.com
4. EDUCATE
Executive Briefing
RedLegg’s Executive Briefings present technical
vulnerabilities in a business friendly format allowing
Executive Management to mitigate risk in accordance with
business requirements.
Security Awareness Program Development
RedLegg’s Information Security Awareness Development
provides clients with a fully customized process that is
specific to the clients end user base. Content is developed
in accordance with business, legal, and regulatory
requirements such as HIPAA or PCI.
311 N Aberdeen Ste 300C, Chicago, Illinois 60607 | Tel. 877 811 5040 | Fax. 312 275 7806 | www.redlegg.com