Information Security
You need a clear, cost-effective way to secure your organization and meet compliance requirements.
Information Security
You need a clear, cost-effective way to secure your organization and meet compliance requirements.
Very large organizations hire expensive, specialized staff. Others tend to struggle under the weight and confusion of Information Security.
The Mainstay team has pioneered an approach for necessary guidance and for ongoing service. We don’t simply assess your organization and leave you with a long list of tasks. We shoulder your needs, bringing our experience to your organization each day.
We have developed the most effective and budget-friendly way to meet compliance and information security needs. We turn the complexities of Information Security into a competitive advantage for your whole organization.
Watch the Overview for Information Security Services
Paige Yeater, Director of Information Security, shares more about what problems we help business leaders solve and what makes Mainstay’s services unique.
How does partnering for Information Security work?
- Assess. A straightforward, low-cost assessment lets us determine both your risk of being hacked and your level of compliance… and then we turn that into plain English. We give clear recommendations to ensure all stakeholders have clarity on the need, the consequences, and the path.
- Partner. We can partner with you in multiple ways, bringing clarity, ease, and speed. We can partner with your IT Department, or with our Managed IT team. And we can carry the ongoing Information Security Program.
Why an Information Security Program?
Because risk must be assessed and addressed.
Policies must be set and training programs developed. Leaders must understand their responsibilities and HR must facilitate. Permissions must be centrally managed and data flows mapped. Tests must be run and reporting shared with leaders.
Vendors must be assessed and compliances managed. IT must be strengthened and continuous monitoring layered over top.
Contact us today to discuss a risk assessment.
Who needs Information Security?
- Organizations with data to protect. Sensitive, confidential data must be secured at all times, in all places.
- Organizations with compliances to meet. This includes CMMC, HIPAA, NIST SP 800-171, NIST CSF, client contracts, state PII laws, ISO 27001, and more.
Meet the Team
Paige Yeater
Director of Information Security
Certified Information Security Manager (CISM), CMMC Registered Practitioner
Bridget Franciscovich
Information Security Program Manager
CMMC Registered Practitioner
Erin Mealey
Information Security Program Manager
Certified Information Systems Auditor (CISA), CMMC Registered Practitioner
Mike DelSanto
Information Security Program Manager
Certified Information Systems Security Professional (CISSP), CMMC Registered Practitioner
Key Terms in Information Security
If there’s an especially confusing area of technology today, it’s security! Terms are often interchanged and concepts blurred.
A few key terms:
Security
Scope: Everything
Protecting the organization, its assets (physical and digital), its people, and its data from threat.
Information Security (InfoSec)
Scope: Data
Also known as “Data Security,” this is the practice of protecting all data, in all forms, at all times. InfoSec sets policy, manages risk, and drives to compliance. It encompasses the IT systems but also the people, processes, and physical facilities (the whole organization).
Cybersecurity
Scope: Technology
The technical layers that protect an organization’s technology (such as encryption, firewalls, web filtering, etc.)
Compliance
Scope: Meeting requirements
Meeting regulatory or contract requirements (such as HIPAA, CMMC, NIST, state laws, or client contracts).
Information Security Program
It isn’t enough to have policies and strong cybersecurity. These must all be brought together in an ongoing program of monitoring, development, training, and iteration. It must be carried by qualified staff and evolve with the threats, the regulations, and the organization.
This is necessary for whole-organization security and is required by nearly every compliance.
Information Security Policies
Policies are more than pieces of paper. They are the record of decisions for how data is handled. They provide the foundation of compliance and must be tailored to each organization.
The Event That Never Happened
(a true story)
The link looked innocent enough. And the login page was definitely official. Diane* (not her real name) had a busy day ahead, and the pressure of an overloaded schedule caused her to forget her training. She didn’t stop and consider, she simply input her credentials, downloaded the required software, and was off to the next task without a thought.
Two minutes later, her Internet stopped working. Before she could call Mainstay, they called her. “Diane, I wanted to let you know your system has been isolated and your account disabled, as suspicious activity was just noticed on your machine.”
The well-planned Information Security Program was working. And had the threat been even more severe, the organization would still have been ready. Layers of active defenses were backed by layers of incident response, overseen by skilled professionals.
The organization wasn’t in some extreme security industry with the budget to suit. They were a consulting firm, with 30 employees, and a standard budget for information security.
That day, their investment paid off.