Privacy and Cyber Security

Main Banner Image

Risk management and compliance.

Navigating data privacy laws and managing privacy risks are essential components to an organization’s compliance and operational activities. Every company collects and handles data related to customers, partners, website visitors, employees or other individuals, as well as propriety information and trade secrets. In addition, many employees inside the company touch different types of data, ranging from teams handling customer service or “Big Data” analytics or HR functions, through to vendor management, IT/IS and security personnel, and even scientists, engineers and mobile app developers. Further, data is often shared between corporate entities and with third parties such as partners and service providers, and usually across borders. The international and interconnected nature of many IT solutions (e.g., through worldwide shared service centers, outsourced service providers and cloud based solutions), can further complicate compliance and risk management. Organizations―particularly multinationals or those with global customer bases―must balance the requirements of dozens and sometimes hundreds of international privacy regimes.

The objective of our services is to support the protection of critical infrastructure, assurance of agency information, and operations that protect and defend information and information systems by ensuring confidentiality, integrity, availability, accountability, restoration, authentication, non-repudiation, protection, detection, monitoring, and event react capabilities within your organization. Our comprehensive services include, but not limited:

  • Exercises and Simulation Exercises and Simulation Icon
    Cyber Security Exercises and Simulation Icon
  • Federal Information Security ManagementAct (FISMA) Implementation Support Exercises and Simulation Icon
    Critical Infrastructure Asset Identification and Configuration Management Databases Exercises and Simulation Icon
  • Health Insurance Portability and Accountability Act Implementation Support Exercises and Simulation Icon
    Information Assurance of Critical Infrastructure Exercises and Simulation Icon
  • Cryptographic Support and Services Exercises and Simulation Icon
    Risk Management (Vulnerability Assessment and Threat Identification) Exercises and Simulation Icon
  • Record Management Exercises and Simulation Icon
    Information Systems Security Exercises and Simulation Icon
  • Public Key Infrastructure Exercises and Simulation Icon
    Security Operations Center Development and Operations Management Exercises and Simulation Icon
  • Trusted Internet Connections implementation Exercises and Simulation Icon
    Application Security Exercises and Simulation Icon
  • Security Review and Analysis of Automated Information Systems Exercises and Simulation Icon
    Disaster Recovery Exercises and Simulation Icon
  • Identity Management and Assurance Exercises and Simulation Icon
    Critical Infrastructure Continuity and Contingency Planning Exercises and Simulation Icon
  • Intelligent, Automated Data Collection and Analysis Exercises and Simulation Icon
    Incident Response Planning and Execution Exercises and Simulation Icon
  • IT Forensics and eDiscovery Exercises and Simulation Icon
    Training and Awareness Programs Exercises and Simulation Icon

Comprehensive counseling services

We help our clients manage every step in the data life cycle:

  • Privacy audits, privacy impact assessments (PIA), and privacy-by-design (PbD) programs
  • Privacy risk management for “Big Data” and “People Analytics” engines, Social Media, Internet of Things (IoT) and smart devices, and other emerging, disruptive technologies
  • Designing and implementing legal and technical enterprise privacy governance structuresInternational data transfers (both intra-group transfers and third-party transfers), including implementation of Safe Harbor, EU model contract clauses, and binding corporate rules (BCR)
  • Integration of foreign affiliates into internal data sharing/access schemes, and implementation of data processing through outsourcing by third party service providers (including cloud computing platforms and services)
  • Implementation of new software applications to process, for example, employee or customer data (e.g. CRM systems, ERP systems, employee monitoring technologies)
  • Designing online privacy policies, terms of service (ToS) and end user licensing agreements (EULA), relating to core privacy and related consumer-protection issues, such as online behavioral advertising (OBA), cookies and similar tracking technologies, commercial email, phone and text advertising campaigns, non-traditional channels (social, viral, media-integration), and e-commerce platforms
  • Counseling pursuant to a host of international privacy rules and regulations and related consumer-protection statutes, including but not limited to: EU Data Protection Directive 95/46/EC and its local member-state implementations; (draft) General Data Protection Regulation; Children’s Online Privacy Protection Act (COPPA); Gramm-Leach Bliley Act (GLBA); Fair Credit Reporting Act (FCRA); Family Education Rights Protection Act (FERPA); California Online Privacy Protection Act (CalOPPA); Computer Fraud and Abuse Act (CFAA); Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM); Electronic Communications Privacy Act (ECPA); Federal Trade Commission Guidelines and the FTC Act; Payment Card Industry (PCI) Standards; Student Online Personal Information Protection Act (SOPIPA); Telephone Consumer Protection Act (TCPA); and dozens of other privacy-related rules and regulations

Our security solutions work together from deep within the data center out to the farthest remote devices, and all along the networks within the cloud. As a result, our technology can provide full-spectrum visibility and share context-aware intelligence, enabling you to adapt to ever-changing threats and regulations, while continuously strengthening security across your Agency or organization.

  • Network security to protect the ever-shifting perimeter;
  • Endpoint Security and encryption to protect data wherever it goes;
  • Identity and access management to reduce ambiguity and complexity; and
  • Compliance with industry best practices such as National Institute of Standards and Technology (NIST) Cybersecurity Framework, Health Insurance Portability and Accountability Act (HIPAA), and Health Information Trust Alliance Common Security Framework (CSF)(HITRUST-CSF).