Setting Expectations

Our Cyber Security Risk Assessments are designed to highlight areas where your IT program may be weak or have gaps. The goal is to help you identify those areas so that they can be fixed – not get you into trouble. As such, we do not report our findings to anyone other than you. What you choose to do with the information is up to you and you alone. You can take our findings back to your current IT provider and ask them to remediate, you can do nothing, or you can have us fix them – no matter what, the choice is yours.

In our experience, cyber security gaps cause a cascading effect of additional governmental regulation and scrutiny, identity theft, loss of time, money, energy and reputation. By helping the Financial Planning and Registered Investment Advisor Community improve their cyber-security posture, we can focus on projects that move our clients forward rather than reacting to incidents and new regulations.

There are two versions of this assessment, the detailed assessment requires a site visit.

  • Basic Cyber Security Risk Assessment
    • Non-Invasive, Light-Touch Cyber Security Assessment Detailed (Remote/Onsite)
  • Advanced Cyber Security Risk Assessment
    • Minimal-Impact, High-Touch, Cyber Security Assessment (Onsite Only)

General Timeline:

  1. First call (30 Minutes). This call can be with the CEO or Office/Operations Manager. We will go over the general process and identify the key team members needed to successfully complete the assessment.
  2. Initial Interview (60-90 Minutes)
  3. Information Gathering
    1. Basic Onsite Assessment – Collecting Information (4 Hours)
    2. Basic Remote Assessment – Collecting information (5-10 Minutes Per Computer)
    3. Advanced Onsite Assessment -Collecting Information/Network Scans (6-8 Hours)
  4. Report Processing (1-2 Hours)
  5. Debrief (30 Minutes – 1 Hour, Depending on Questions)

We will work with a member of your team to gather the information we need to conduct the assessment remotely. Each step comes with a written procedure for them to follow. However, If the assigned team member needs technical assistance gathering information, we will schedule a call and walk them through it step-by-step.

Important Note: We will be gathering information that we consider sensitive but not confidential. If you have any questions or concerns about the information being collected, please ask!

Part 1: Initial Interview

The initial interview will provide us with most of the information we need to understand your network environment and firm structure. Here is a subset of the questions we will be asking. We will need someone from the leadership team that is familiar with these items on the initial call.

  • When was the last time your business continuity and disaster recovery plan was tested?
  • Do you have a data retention policy? If so, is it enforced with technical controls or is the data manually purged?
  • Do you have a Risk Assessment Program in place?
  • Do you have an Incident Response Plan?
  • Do you carry a cyber-security focused insurance policy?
  • When was the last time your management team had a formal discussion around cyber-security?

Part 2: Policy Review

We will need copies of the policies listed below. Because every firm will structure their policies a little different, yours may go by a different name, or have its consents merged in with a different policy. Since this is a voluntary assessment (and we will not report our findings to anyone besides you), it’s at your discretion as to what you send for review. We have had clients send their entire handbook for us to sort though, while other pick and choose the parts they want reviewed. Although it’s up to you, our assessment will be based on the information you provide, the more information you send, the more complete our assessment will be.

Suggested Policy List:

  • Acceptable Use Policy (AUP)
  • Business Continuity and Disaster Recovery Plan
  • High Level Network Diagram (scrubbed, NO PASSWORDS)
  • Security Awareness Training
  • Data Destruction Policy
  • Password Policy
  • Risk Assessment Program

Part 3: Computer Systems Review

For Onsite Assessments: we ask that a member of your team stay with the technician during the assessment and that all confidential information is either closed or minimized before they sit down at the computer.

For Remote Assessments: we will need a member of your team to gather the following information from each computer.

Microsoft Windows Environment

  • Operating System Version
  • Bitlocker Status
  • Antivirus Brand/Status
  • Service Tag number (small tag on the back of each PC or under the laptop)

Apple / Mac Environment

  • OSX Version
  • System Model Number
  • FileVault Status
  • Antivirus Status

 

 

Contact

Our Private Office is Located on
The Linnville Homestead:

M-Linton TechService LLC
4293 Linnville Rd
Newark, Ohio 43056

Phone: 740-334-4493
E-Mail: vcio@riatechpartner.com

Recent Articles

Playing by the Rules

Rules.  Have you ever considered the structure rules bring to a game? Pick any game. It can be a board game, card game or even your favorite sport. What if I take away the rules? Chaos. Right? In Monopoly, your opponent decides to skip jail and earn money without mortgaging properties. Or let’s say the […]

Cut, Copy, and Paste: Learn the Shortcuts!

Video Write Up Sometimes we put things where we don’t really want them. No big deal, right? We can always move them around, especially in the digital world. Here’s a handy set of shortcuts that let you Cut, Copy, and Paste whatever you need to adjust a whole lot faster. Copy That, Victor Five Niner. […]

Mission

To protect the financial health of our community.

© M-Linton TechService LLC | Privacy Policy | Terms of Service