Cyber Hygiene
Health Check

Not sure where to start on your cybersecurity journey? Maybe you just want to make sure you have all the basics covered when it comes to your cybersecurity posture. MPG's Cybersecurity Hygiene Health Check is the perfect way to get the lay of the land and a road map to a better security posture for your organization.

Schedule a Discovery Session
Risk Assessment Services

How Well Does Your Company Keep Up Its Cybersecurity Posture?

Good cybersecurity hygiene practices are paramount in preventing costly breaches, information leakage, and ransomware attacks. Cybersecurity hygiene refers to the set of practices, procedures, and tools your business has implemented in order to secure your systems, environments, and data.
While it might seem daunting, routinely validating and maintaining your cybersecurity posture is one of the best steps your organization can take to protect your sensitive data and business-critical information systems from attack.
Regulated industries such as the government, financial services, healthcare, etc., often have specific cybersecurity frameworks and requirements they must meet. However, even non-regulated companies have must-do cybersecurity tasks to safeguard their business.

Cybersecurity Hygiene Engagement Overview

Identify critical issues before they're used in an attack.
1

Review critical areas

MPG consultants either use your identified framework, or best pracices developed over thousands of assessments to determine and grade your organization's cybersecurity fitness.

2

Detail high-impact findings

High-impact findings are prioritized, and we provide suggestions and details you can use to close the gaps exploited by attackers, malware, and ransomware.

3

Take action

Every engagement includes an actionable report including Hygiene grades for each critical area, detailed findings, high-priority actions required, and a remediation roadmap.

Identify gaps so they can be fixed

Right-Sized and Customized for Your Organization

  • Your analysis will be based on a framework of your choice, or we'll use our in-house developed critical areas that have been developed over thousands of real-world customer assessments.
  • Our cybersecurity subject-matter experts evaluate your cybersecurity preparedness across dozens of high-impact areas.
  • Regardless of framework, our engagement ensures you know what critical steps must be taken to secure your environments.
Trusted Risk Management Experts

Our Framework

These focus areas are proven to improve cybersecurity posture and readiness.

Email, web browser, business application protections

Plans and tools for hardening typical business applications and user actions; users' training and monitoring.

Network infrastructure management, monitoring, defense

Secure configuration and active management of Network infrastructure, and routine monitoring for attack signals.

Data recovery/disaster recovery

Process, tooling, and routine testing of backup, failover, and business continuity capabilities.

Account management and access control

User and system accounts are well-managed, and appropriate access controls are in place to govern account access.

Vulnerability management

Processes and tooling are in place to detect and patch software vulnerabilities.

Data protection

A set of processes and procedures for data processing, access, and retention.

Log management

System, application, and user logs are collected and routinely analyzed for signs of an attack.

Penetration testing

Routine IT environments, systems, applications, and user defense testing and control effectiveness through simulated attacks.

Secure configuration

Security Baselines such as STIG or CIS are routinely applied and maintained.

Incident response

In the event a breach is detected, effective processes, procedures, roles/responsibilities, and communication plans exist to manage the response effort and shorten the time to recovery.

Service provider management (Third Party Risk Management)

Routinely evaluate service providers that handle sensitive data or provide business-critical capabilities.

Security awareness training

Users are informed and educated about proper IT systems and applications usage and routinely tested for phishing awareness.

Asset inventories

A continuously maintained list of software, hardware, and other endpoints that exist and have access to your IT environments and data.

Malware defenses

Tools and processes that detect and prevent the spread and execution of malware code.

Application software security

In-house software development practices follow best practices, and vulnerability management processes include in-house developed software.

Or Yours...

We have significant experience across many different frameworks.

NIST 800-53

NIST 800-53 was created by the National Institute of Standards and Technology (NIST) and outlines guidelines for privacy and cybersecurity for federal IT. Although it was created for federal information systems, this Risk Management Framework provides core guidance to other compliance frameworks.

GDPR

General Data Protection Regulation (GDPR) provides a security framework around how personal data is collected stored, handled, and processed. While GDPR originated in the EU, it applies to any enterprise that comes in contact with personal data of any EU citizen or resident.

GLBA

The Gramm-Leach-Bliley Act (GLBA) requires financial institutions or organizations who offer financial services to take the appropriate measures to safeguard customer data.

HIPAA

Health Insurance Portability and Accountability Act (HIPAA) of 1996 was created to protect all forms of health information confidentiality and data privacy. Organizations who handle, process, transfer, receive or store any patient's health information must adhere to HIPAA compliance requirements.

PCI DSS

The Payment Card Industry Data Security Standard is a compliance framework created to protect the financial information of card holders and prevent unauthorized usage.

FISMA

The Federal Information Security Modernization Act, or FISMA governs how the Department of Homeland Security (DHS) administers information security policies for US Government Executive Branch agencies.

FedRAMP

The Federal Risk and Authorization Management Program (FedRAMP) provides a standardized approach to security authorizations for Cloud Service Offerings.

NIST 800-171

NIST 800-171 is another SP (Special Publication) developed by the National Institute of Standards and Technology (NIST) to standardize how federal agencies define Controlled Unclassified Data (CUI) and the IT security standards for those that have access to it. Unlike NIST 800-53, SP 800-171 is a set of requirements for intended federal contractors.

CMMC

The Cybersecurity Maturity Model Certification (CMMC) is a regulation framework for DoD contractors. The CMMC program evolved as a more robust response to ineffective cybersecurity measures set out in the Defense Federal Acquisition Regulation Supplement (DFARS).

Which assessment type do you need?

FedRAMP

The Federal Risk and Authorization Management Program (FedRAMP) provides a standardized approach to security authorizations for Cloud Service Offerings.

FISMA

The Federal Information Security Modernization Act, or FISMA governs how the Department of Homeland Security (DHS) administers information security policies for US Government Executive Branch agencies.

NIST 800-171

NIST 800-171 is another SP (Special Publication) developed by the National Institute of Standards and Technology (NIST) to standardize how federal agencies define Controlled Unclassified Data (CUI) and the IT security standards for those that have access to it. Unlike NIST 800-53, SP 800-171 is a set of requirements for intended federal contractors.

NIST 800-53

NIST 800-53 was created by the National Institute of Standards and Technology (NIST) and outlines guidelines for privacy and cybersecurity for federal IT. Although it was created for federal information systems, this Risk Management Framework provides core guidance to other compliance frameworks.

CMMC

The Cybersecurity Maturity Model Certification (CMMC) is a regulation framework for DoD contractors. The CMMC program evolved as a more robust response to ineffective cybersecurity measures set out in the Defense Federal Acquisition Regulation Supplement (DFARS).

GLBA

The Gramm-Leach-Bliley Act (GLBA) requires financial institutions or organizations who offer financial services to take the appropriate measures to safeguard customer data.

GDPR

General Data Protection Regulation (GDPR) provides a security framework around how personal data is collected stored, handled, and processed. While GDPR originated in the EU, it applies to any enterprise that comes in contact with personal data of any EU citizen or resident.

PCI DSS

The Payment Card Industry Data Security Standard is a compliance framework created to protect the financial information of card holders and prevent unauthorized usage.

HIPAA

Health Insurance Portability and Accountability Act (HIPAA) of 1996 was created to protect all forms of health information confidentiality and data privacy. Organizations who handle, process, transfer, receive or store any patient's health information must adhere to HIPAA compliance requirements.
Features Overview

Cybersecurity Hygiene Engagement

Accountability Icon - Blue

Interviews and Document Reviews

We conduct thorough stakeholder interviews, environment observation, and documentation. We also lean heavily on our experience of common areas customers think are covered, but upon additional inspection often are found to need improvements.
Assess icon blue

Hygiene Report

We capture the output from our review process, and develop a cybersecurity fitness grade for each critical area, as well as assign an overall grade. The report details any findings.
Impactful arrow target Icon blue

High priority actions

Every report includes a detailed list of high-priority findings that should be fixed as soon as possible. Additionally, we include recommendations on how to correct findings.
Assessment Pricing

Pricing and Duration

 

Align to Our Framework

Align to Your Framework

Stakeholder Interviews
CheckmarkCheckmark
Documentation Review
CheckmarkCheckmark
Critical Control Areas Evaluated
CheckmarkCheckmark
Detailed Report
CheckmarkCheckmark
Critical Findings Detailed
CheckmarkCheckmark
Remediation Roadmap
CheckmarkCheckmark
Cybersecurity Hygiene Grades Included
CheckmarkCheckmark
Duration
2 weeks
2+ weeks

Resources from the Assessment Team

Learn more about our assessment services

Free Discovery Session

Have a quick question?
Email us: cybersecurity@mindpointgroup.com
Give us a call: (703) 636-2033 Option 2