This week’s post was written by Tracy Fox, Foresite Channel Director.
It’s always exciting to start a new engagement (especially with a client we have never worked with before) but the most rewarding part for me is the project debrief call when we confirm that the client’s objectives have been met, and that they understand any next steps and recommendations. This is the point where we get some really great feedback from clients, such as:
“I saw the difference in the report and recommendations you provided us vs our last (penetration testing) provider. It’s so helpful to have the steps to tell us what we need to do and to be able to ask questions until we understand.“
“(Foresite auditor) was great to work with. He listened to our team and was able to give us valuable advice on specifically how we could make changes to meet compliance requirements and also improve our overall security.“
“We love that Foresite is part of our team. Our internal IT staff can keep things running day-to-day, but we need to have resources that can help us with the latest cyber threats and compliance regulations and we rely on you for that.“
Here are just a few of our engagements in 2015 that I wanted to highlight as examples of the work of our team, and how we were able to help our clients:
1) Physical security assessment for financial sector client – Foresite sent staff to 9 locations to confirm that the firm’s staff and building security were following the security procedures as provided by their head office. We were able to gain unauthorized access to several, and followed up with a sit down with each location’s staff and the firm’s Security Officer to pinpoint the points of weakness and how to remediate them.
2) Audit of 3rd party vendor for insurance client – The insurer needed to confirm the potential vendor’s level of cybersecurity as well as the procedures to protect the data that would be shared with a new vendor. Another security firm had performed an assessment, but the resulting report did not provide enough detail and verification to make our client comfortable with moving forward. Foresite performed testing and also audited the vendor using both HIPAA and NIST framework. The changes the vendor agreed to make not only benefit our client, but also the other insurers that are sharing data with this vendor.
3)Managed Security Monitoring and Management for higher education – A group of Universities wanted to centralize security monitoring and management to meet compliance requirements for 24/7/365 monitoring without adding the costs of additional full-time staff. Our ProVision team worked very closely with the stakeholders at each campus to make sure that every group’s needs were met, while setting a consistent procedure for change management moving forward.
There are so many more, some of which are highlighted in our current case studies. we thank you all for the opportunity to help you reach your goals, and we look forward to the new challenges that 2016 will bring!