Cyber and Vendor Risk Management

Executive level risk management designed to identify, mitigate and manage risks

Not knowing your vulnerabilities places your organization at risk for cyber attacks and ransomware. With an increase in online activity, cyber attacks have become more prevalent.

Protecting your organization’s assets and confidential data is a business decision, not a technical solution. Federal and state requirements, such as Ed Law 2D, SHIELD ACT, and the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF) aim to mitigate cyber risks; however, the requirements are overwhelming for an organization to manage on its own.

The cost of not engaging in cyber and vendor risk services is likely to cost more than the initial engagement. Additionally, many districts will likely see a cost savings related to their cyber insurance as a result of properly identifying and mitigating their risks.

Our comprehensive service allows for a holistic management approach and includes all areas of cyber security:

  • IT Risk Assessment — Analysis is centered on publicly-accessible systems that can be observed from the internet.
  • Board IT Policy Review — We will review Board IT policies against current federal and state requirements and will provide recommendations for each policy and where deemed appropriate.
  • General Liability and Cyber Insurance Review — At the organization’s discretion, we will develop and facilitate the process for an Insurance RFP and/or a review of your current cyber liability insurance.
  • Compliance Analysis with Industry, Federal and State Standards — Using a number of online assessment tools, a gap analysis will be conducted, and an action plan created to assist the organization in increasing their level of compliance. Project Management support will be provided throughout the agreement to implement the action plan.
  • Training and Advisement, Including Awareness and Incident Response Training — We will provide training materials and guidance related to awareness and incident response training. The training and guidance provide staff with the knowledge, skills and resources regarding data, cyber security, vendor risk management and responding to a cyber security incident.
  • Vendor Risk Vetting — An assessment and recommendation will be conducted on vendors which the organization would like to engage with. The assessment will be based on information provided by the vendor regarding their compliance with New York State Education Law 2-d and NIST CSF compliance.
  • Facilitate Data Privacy Agreements — Based upon the organization’s request to proceed with an engagement with a vendor, we will work with the vendor to develop a data privacy agreement for review and acceptance.

What You Can Expect

  • Expert Guidance — Certified third-party risk management specialists will provide an independent analysis to identify your vulnerabilities.
  • Better Preparation — Once you understand areas of weakness in your organization you’ll be able to take steps to protect, reduce and monitor cybersecurity threats and ensure vendor compliance with federal and state requirements.
  • Everything You Need — We offer a full suite of risk management services so you can create and maintain a safe environment for all.

How It Works

  • Contact Us – We provide your Executive Management team with a comprehensive overview of cyber security and vendor risks and how our services are designed to identify and mitigate risks.
  • Work with Us – We coordinate and provide project management around all service deliverables.
  • Make Changes – We communicate risks and respective recommendations to Executive Management.
  • Ongoing Support – Risk management is not an event but rather a process. We provide continuous monitoring of your cyber and vendor risks for the length of the engagement.