Minnesota Information Security (InfoSec) Consultant

by | Jul 18, 2019 | Blogs | 0 comments

You’ve got sensitive or confidential data you want protected and you need to be sure it gets done right. 

From information security (InfoSec) policies to secure data destruction, we help local Minnesota businesses reduce their risk by helping you develop and mature your information security (InfoSec) program. 

Our secret sauce? It’s our process.

We focus on the data lifecycle. Where is the data ‘born’. In other words, where did the information originate?

We follow it. To servers, to email, applications, CRM systems, and even to the cloud. 

We identify your unique business risks.  Then we tie that risk to data sets. 

For some of our clients, it’s sensitive records, for others, it’s manufacturing code. And others it’s personal healthcare information. 

What’s your secret sauce?

Cybersecurity vs. Information Security (InfoSec)

It used to be that the whole field of security fell under ‘information security’. And then a few years ago a new term, ‘cybersecurity’ was born. I remember being frustrated, and confused. Why would they (whoever they are) introduce a new confusing term into an already existing confusing field? 

The answer – separation and specialty. The field started to become so large that pillars of excellence and discipline were defined, and boundaries of responsibility were created. It was identified that the old role of ‘information security’ was too broad for the new space. That’s because the scope of the traditional information security field was everything, and everywhere, the information was. If it was printed, it was included in the scope. If it was on backup tape, it was included in the scope. If it was a sticky note containing the mainframe password… you got it, it was included in the scope. 

The new definition of cybersecurity attempted to differentiate the scope of security responsibilities. The new scope was data that was on computer systems. Digital data. The storage, transmission, and processing of sensitive data. No longer were the cybersecurity folks responsible for the paper files, and data retention policies. 

What do you need help with? The whole scope of information security, or just cybersecurity?

Focus on the risk

We can help you with both. We’ve been serving Minnesota companies for a long time and it never really matters how you define what you need, it only matters that the risk is defined. 

Starting with a clear risk posture, the assessment exercises will drive the process of identifying where the data lives. Sometimes it’s all within computer systems, oftentimes it doesn’t. It’s really important to have an industry best practice to identify all the data, and not start an assessment with a limited scope. 

When data is discovered in a format that was not previously identified or known we can table it and start to ask if it needs to be in that format. 

It’s often we find documents that are being printed and filed. When asked about the policies and compliance requirements driving this procedure none are found. The person responsible for this action only knows they do it because it’s always been done that way. 

We as Minnesota information security (InfoSec) consultants don’t tell you to stop doing it. Our role is to help you identify the risk and build a roadmap to reduce your business risk. So we’ll review other procedures that can be used to achieve the same business goals. We can also recommend mitigating security controls so that you can leave the current process, but add security controls so that we lower the risk. 

Are you open to us recommending ways to reduce your risk?

How can we engage with you?

We can serve you with information security (InfoSec) consulting in many forms. 

Most often we have a discovery call with our clients to get to know them and learn their business and their role within the company. 

After that, if we believe we can provide value we’ll often come onsite and have a follow-up discussion or whiteboarding session. Here we can really start to understand the goals and the scope of the project. We get to ensure we”re all on the same page and you’re getting exactly what you need. 

Next, we’ll propose an approach. For some clients this a project. For others, this is a workshop, and still, others may just want our help in implementing a specific solution. 

We provide hourly consulting, workshops, assessments, advisory services and even ongoing partnerships where we act like a staff member or staff augmentation. This is usually in a strategic role helping steer and guide the information security program to its successful goals. 

How would you like to engage with us?

Schedule a Call…

Anywhere other than Minnesota?

We love Minnesota. Born and raised. If you don’t have cheese and midwestern beef then, unfortunately, we can’t help you.

Good news though! We have a network that spans the globe. We have built a network of friends and advisors that we’d put our name to. So if you do want help with your information security program, and you’re looking for a consultant but are not in Minnesota we still invite you to give us a call and we can introduce you to one of our trusted friends that can serve you. 

Schedule an appointment today.

Schedule a Call…

Submit a Comment

7 Ways to Improve Your Cybersecurity Reporting to Executives and the Board of Directors

A guide for cybersecurity leaders that will help you gain the reputation of a solid leader, while preventing you from making the mistakes I made when I was projected into reporting. This guilde will equip you and remove the stress and anxiety so that you can be clear and bold in your opportunity to prove you're the right person for the role, and your plan is on track!

You have Successfully Subscribed!