Cyber Hygiene
Health Check

Not sure where to start on your cybersecurity journey? Maybe you just want to make sure you have all the basics covered when it comes to your cybersecurity posture. MPG's Cybersecurity Hygiene Health Check is the perfect way to get the lay of the land and a road map to a better security posture for your organization.

Schedule a Discovery Session

How Well Does Your Company Keep Up Its Cybersecurity Posture?

Good cybersecurity hygiene practices are paramount in preventing costly breaches, information leakage, and ransomware attacks. Cybersecurity hygiene refers to the set of practices, procedures, and tools your business has implemented in order to secure your systems, environments, and data.

While it might seem daunting, routinely validating and maintaining your cybersecurity posture is one of the best steps your organization can take to protect your sensitive data and business-critical information systems from attack.

Regulated industries such as the government, financial services, healthcare, etc., often have specific cybersecurity frameworks and requirements they must meet. However, even non-regulated companies have must-do cybersecurity tasks to safeguard their business.

Cybersecurity Hygiene Engagement Overview

Identify critical issues before they're used in an attack.

1

Review critical areas

MPG consultants either use your identified framework, or best pracices developed over thousands of assessments to determine and grade your organization's cybersecurity fitness.

2

Detail high-impact findings

High-impact findings are prioritized, and we provide suggestions and details you can use to close the gaps exploited by attackers, malware, and ransomware.

3

Take action

Every engagement includes an actionable report including Hygiene grades for each critical area, detailed findings, high-priority actions required, and a remediation roadmap.

Show me the Investment

Identify gaps so they can be fixed

Right-Sized and Customized for Your Organization

Your analysis will be based on a framework of your choice, or we'll use our in-house developed critical areas that have been developed over thousands of real-world customer assessments.
Our cybersecurity subject-matter experts evaluate your cybersecurity preparedness across dozens of high-impact areas.
Regardless of framework, our engagement ensures you know what critical steps must be taken to secure your environments.

Our Framework

These focus areas are proven to improve cybersecurity posture and readiness.

Vulnerability management

Processes and tooling are in place to detect and patch software vulnerabilities.

Malware defenses

Tools and processes that detect and prevent the spread and execution of malware code.

Network infrastructure management, monitoring, defense

Secure configuration and active management of Network infrastructure, and routine monitoring for attack signals.

Service provider management (Third Party Risk Management)

Routinely evaluate service providers that handle sensitive data or provide business-critical capabilities.

Data recovery/disaster recovery

Process, tooling, and routine testing of backup, failover, and business continuity capabilities.

Application software security

In-house software development practices follow best practices, and vulnerability management processes include in-house developed software.

Email, web browser, business application protections

Plans and tools for hardening typical business applications and user actions; users' training and monitoring.

Data protection

A set of processes and procedures for data processing, access, and retention.

Log management

System, application, and user logs are collected and routinely analyzed for signs of an attack.

Account management and access control

User and system accounts are well-managed, and appropriate access controls are in place to govern account access.

Incident response

In the event a breach is detected, effective processes, procedures, roles/responsibilities, and communication plans exist to manage the response effort and shorten the time to recovery.

Penetration testing

Routine IT environments, systems, applications, and user defense testing and control effectiveness through simulated attacks.

Security awareness training

Users are informed and educated about proper IT systems and applications usage and routinely tested for phishing awareness.

Secure configuration

Security Baselines such as STIG or CIS are routinely applied and maintained.

Asset inventories

A continuously maintained list of software, hardware, and other endpoints that exist and have access to your IT environments and data.

Or Yours...

We have significant experience across many different frameworks.

GLBA

The Gramm-Leach-Bliley Act (GLBA) requires financial institutions or organizations who offer financial services to take the appropriate measures to safeguard customer data.

GDPR

General Data Protection Regulation (GDPR) provides a security framework around how personal data is collected stored, handled, and processed. While GDPR originated in the EU, it applies to any enterprise that comes in contact with personal data of any EU citizen or resident.

FISMA

The Federal Information Security Modernization Act, or FISMA governs how the Department of Homeland Security (DHS) administers information security policies for US Government Executive Branch agencies.

HIPAA

Health Insurance Portability and Accountability Act (HIPAA) of 1996 was created to protect all forms of health information confidentiality and data privacy. Organizations who handle, process, transfer, receive or store any patient's health information must adhere to HIPAA compliance requirements.

PCI DSS

The Payment Card Industry Data Security Standard is a compliance framework created to protect the financial information of card holders and prevent unauthorized usage.

CMMC

The Cybersecurity Maturity Model Certification (CMMC) is a regulation framework for DoD contractors. The CMMC program evolved as a more robust response to ineffective cybersecurity measures set out in the Defense Federal Acquisition Regulation Supplement (DFARS).

FedRAMP

The Federal Risk and Authorization Management Program (FedRAMP) provides a standardized approach to security authorizations for Cloud Service Offerings.

NIST 800-53

NIST 800-53 was created by the National Institute of Standards and Technology (NIST) and outlines guidelines for privacy and cybersecurity for federal IT. Although it was created for federal information systems, this Risk Management Framework provides core guidance to other compliance frameworks.

NIST 800-171

NIST 800-171 is another SP (Special Publication) developed by the National Institute of Standards and Technology (NIST) to standardize how federal agencies define Controlled Unclassified Data (CUI) and the IT security standards for those that have access to it. Unlike NIST 800-53, SP 800-171 is a set of requirements for intended federal contractors.

Which assessment type do you need?

FedRAMP

The Federal Risk and Authorization Management Program (FedRAMP) provides a standardized approach to security authorizations for Cloud Service Offerings.

FISMA

The Federal Information Security Modernization Act, or FISMA governs how the Department of Homeland Security (DHS) administers information security policies for US Government Executive Branch agencies.

NIST 800-171

NIST 800-171 is another SP (Special Publication) developed by the National Institute of Standards and Technology (NIST) to standardize how federal agencies define Controlled Unclassified Data (CUI) and the IT security standards for those that have access to it. Unlike NIST 800-53, SP 800-171 is a set of requirements for intended federal contractors.

NIST 800-53

NIST 800-53 was created by the National Institute of Standards and Technology (NIST) and outlines guidelines for privacy and cybersecurity for federal IT. Although it was created for federal information systems, this Risk Management Framework provides core guidance to other compliance frameworks.

CMMC

The Cybersecurity Maturity Model Certification (CMMC) is a regulation framework for DoD contractors. The CMMC program evolved as a more robust response to ineffective cybersecurity measures set out in the Defense Federal Acquisition Regulation Supplement (DFARS).

GLBA

The Gramm-Leach-Bliley Act (GLBA) requires financial institutions or organizations who offer financial services to take the appropriate measures to safeguard customer data.

GDPR

General Data Protection Regulation (GDPR) provides a security framework around how personal data is collected stored, handled, and processed. While GDPR originated in the EU, it applies to any enterprise that comes in contact with personal data of any EU citizen or resident.

PCI DSS

The Payment Card Industry Data Security Standard is a compliance framework created to protect the financial information of card holders and prevent unauthorized usage.

HIPAA

Health Insurance Portability and Accountability Act (HIPAA) of 1996 was created to protect all forms of health information confidentiality and data privacy. Organizations who handle, process, transfer, receive or store any patient's health information must adhere to HIPAA compliance requirements.

Features Overview

Cybersecurity Hygiene Engagement

Interviews and Document Reviews

We conduct thorough stakeholder interviews, environment observation, and documentation. We also lean heavily on our experience of common areas customers think are covered, but upon additional inspection often are found to need improvements.

Hygiene Report

We capture the output from our review process, and develop a cybersecurity fitness grade for each critical area, as well as assign an overall grade. The report details any findings.

High priority actions

Every report includes a detailed list of high-priority findings that should be fixed as soon as possible. Additionally, we include recommendations on how to correct findings.

Assessment Pricing