Governance, Risk and Compliance

Complying to regulations, and managing cyber security risks.

Consulting & advisory services


Risk is what defines any business, but understanding and actually quantifying it, is a competitive advantage. As a company, it is also your duty to comply to all regulation in your industry. Silent Breach offers advisory services to help companies meet or exceed existing regulations, and be aware of their exposure and risk on the market place.

image

Business Impact Analysis


Disaster recovery planning is a multi-stage process, and one of the most vital of those stages is the business impact analysis (BIA). A business impact analysis is where you research the likely impact of a disruption to your organisation in terms of loss of business, effects on your reputation, loss of staff and loss of data. In some ways it is the heart of the disaster recovery planning process because it is during the business impact analysis you will determine the precise effects of disaster on your organisation.

Our consultants are certified ISO 22301 and able to help you define your business impact analysis plan, in line with a full business continuity strategy.

Threat modelling and risk assessment


Understanding threats and evaluating the likelihood of an attack is a valuable piece of information.

Creating a threat model allows you to clearly establish the angles any attacker would be likely to use to attack your organization, and evaluate the risk for each attack vector. Threat modelling is an essential step towards risk mitigation, and repeatable risk assessment procedures. With ever changing IT environments (patches, system upgrades), risk assessment is an exercise to perform on a regular basis.

Sharing common knowledge among the IT security team through threat models, and being well aware of where an attack could come from, is also an important part of a full business continuity strategy.

image
image

Risk aversion


We don't live in a perfect world, sometimes risks need to be accepted and managed within what the company is able to sustain. But how much risk are you prepared to take, and plan for ?

Our risk aversion program determines exactly what constraint your company is dealing with (budget, skills, man power, etc..) and defines a risk aversion index to help you take realistic measures within your IT security strategy.

Security awareness program


Over three quarters of the data breaches happen by employees opening an infected email, or surfing to websites that compromise the security of the entire company. Ransomeware is a new threat for businesses around the globe, and all employees should be trained to avoid this kind of threat through simple precautions that are easy to implement.

Our on-line eLearning program can make employees more aware of the risks, be more cautious with sensitive data and implement the company policies in terms of corporate security.

Silent Breach offers a wide range of on-line eLearning videos to train staff to be more security aware.

image
image

Compliance


Information security is often feared as an amorphous issue that only the IT department has to deal with. The reality is that companies need to be concerned with complying with information security from top to bottom. Regulations are in place that can help a company improve information security while non-compliance can result in severe fines.

Silent Breach offers compliance programs for HIPAA or the Health Insurance Portability and Accountability Act, The Sarbanes Oxley Act, Federal Information Security Management Act of 2002 (FISMA), Family Educational Rights and Privacy Act (FERPA), Payment Card Industry Data Security Standard (PCI-DSS), and the Gramm Leach Bliley Act (GLBA).

Business continuity plan


If you want peace, prepare for war. That sums up pretty well the need for a business continuity plan.

Silent breach can deliver all of the services above to advise and implement a full business continuity plan following the ISO22301 standard.

Silent Breach is committed to assist companies in any or all of the aspects of disaster recovery and business contingency planning, as well as comply to all regulations in the industry.

image

Contact Us