WebGeneration Corp.
Cyber Security, Risk Management, IT Compliance, and Governance Consulting
Cyber Security
Cyber Security and information Security Expertise for Traditional WAN and LAN Network Environments as well as today's Cloud environments. AWS, Google, and Microsoft Clouds Expertise. Providing Expertise in the Design and implementation of Security Components as well as testing of such environments through Gray Box testing on a regular basis to address any issues and development and implementation of Remediation Plans to ensure Continual Security and Protection of the Critical Systems. Design & Implementation of SIEMs to continuously monitor the Critical Nodes within the networks in order to ensure timely discovery of any attacks and addressing them in a timely manner.
IT Compliance & Governance
Development of Policies, Standards, and Procedures to implement, enforce, and continually monitor controls that are required as the base controls for fortune 500 financial companies per the ISO 2700 family of standards (ISO27001 Through ISO27006), SSAE 16 Type 2, SOC 2, SOX404, Global FSA, BASLE II, COSO, COBIT, SafeHarbor, HIPAA, NIST, DITSCAP and NIACAP, SEC, NIST 800-53, FISMA, FEDCAP, ISF, MAS, FCRA, GSA, FINRA, SEC, AMEX, and NASD, and other Compliance and Audit requirements. Performing Risks & Gap Analysis on a Continual Basis and Designing & Implementing Remediation plans accordingly.
Business Continuity & Disaster Recovery
Development implementation, testing, and continual improvement of Contingency Planning, Disaster Recovery, and Business Continuity infrastructure, Policies, and Procedures on an enterprise-wide global scale. Performed risk and impact assessments for all existing infrastructures including applications, databases, systems, network infrastructures, telecom connections, data feeds, application servers, critical intranet services, and other critical components. Planning BC/DR Plans for both Traditional Networks as well as Cloud Environments as well as BC/DR training & Awareness programs for all Critical Personnel as well as Employees.
IT Risk Management
Development of a Risk Assessment and Risk Classification Framework which is based on the assets of the company. Upon classification of the Company assets developing and implementing appropriate Security and Protection Measures based on the Criticality of such assets may it be Systems, Data, Hardware, Software, etc. rather than a one-fits all approach. In addition, assigning and maintaining Classification Standards to all New Assets and devising the appropriate measures as defined in the Risk Assessments Policies and Procedures.
Vendor Information Security Risk Assessment
Provide the vision and hands-on approach in development of a comprehensive, viable, and efficient approach to the vendor information security risk assessment framework for qualification and approval of Clients at the global level. Development of the framework based on industry standards including ISO 27000 family, NIST, HIPPA, COBIT, etc. and their related certifications and independent audits in order to make the assessments as efficient, acceptable, and workable by vendors. Development of a meaningful and systematic approach to the qualification process to eliminate and replace the old exhaustive processes, thus eliminating redundancies, and meaningless self certifications.
Satisfaction Guaranteed
Development of a close partnership with the Clients, Vendors, and Auditors in preparing a comprehensive information Security Program based on the principles specified above and conducting of information security risk assessments based on the specified asset classification to ensure buy-in and full cooperation and participation from the vendors and clients. This approach ensure willing participation and timely Completion and Implementation of the information security Elements in viable and maintainable environment year after year. Our goal is to provide experienced professionals with a tailored plan to address your company's needs, We work closely with all related Departments, Groups, and Executives to Develop, Implement, and Maintain a Comprehensive Information security program in a timely, professional, and maintainable fashion all within the specified and agreed upon budgetary and time constraints.