Executive Security Officer
The purpose of an organization’s Executive Security Officer is to align security efforts with enterprise initiatives and company goals. This must be accomplished in a manner that prioritizes the protection of data, assets, and technology. Other important purposes include oversight and management of security program processes and technology, facilitating education and awareness throughout the organization and effectively communicating with other executive leadership and the Board.
Employee Information Security Awareness Training
Employees are often the first line of defense for cyber-attacks and can also be the weakest link in your security program. Employee training is vital to your organization’s chances for success in securing information. SCA is proud to provide employee information security awareness training either online or on-site in a classroom format. This training is applicable to all employees from support staff to executives. Our team explains the details of the information security program, teaches employees how to recognize threats and actual attacks, demonstrates the action necessary for the problem in question, and shows how to let the appropriate parties know exactly what is going on in a timely manner. Furthermore, we provide invaluable guidance that instructs your staff how to properly respond to questions when consumer data is improperly accessed.
3rd Party Due Diligence
Due diligence includes an evaluation of your organization’s arrangement with 3rd parties that process, maintain, or are granted access to non-public information. We help you review whether the 3rd party service provider’s business processes include appropriate physical, administrative and technical safeguards to protect non-public information against unauthorized access or use. As needed, due-diligence includes running background evaluations, a verification of references related to the service provided, reviewing Better Business Bureau and Federal Trade Commission files a review of the service provider’s experience and SSAE 18 or equivalent report or certification. If necessary, key employee qualifications will be verified. Furthermore, a thorough review of the service provider’s bonding and insurance must be performed. This includes property, errors, omissions, dishonesty, information losses, and casualty. It will also help to know each service provider’s risk rating as well as the security measures they have in place.
Reach out to us to schedule a consultation and learn more about our cybersecurity assessment and advisory services. We will help elevate your security and demonstrate your compliance so that your organization can grow and thrive.