I must comply with legal regulation.
Good news – Mainstay serves:
- Covered Entities and Business Associates under HIPAA and HITECH
- DoD contractors, subcontractors, and manufacturers under NIST 800-171 and DFARS 252.204-7012
- Any organization maintains Personally Identifiable Information of staff or clients that fall under state privacy laws such as MA 201 CMR 17.00
- Organizations that process credit cards and must meet PCI standards
- Federal contractors under NIST 800-53
- Financial institutions under GLBA
- Organizations preparing for GDPR
I need a partner for something specific.
Mainstay Technologies provides services for a complete infosec program and engages with current business leaders, IT, and information security personnel to strengthen defenses.
Customized plans may include:
- Risk assessments
- Staff training
- Phishing testing
- Managed SIEM
- Disaster recovery planning
- Multi-Factor authentication
- Policy development
I must comply with client or vendor requirements.
Large organizations are demanding that their clients and contractors comply with robust cybersecurity requirements – regardless of size or industry. We can handle these requirements proactively and creatively, controlling costs while meeting these conditions in an “audit worthy” manner.
Whether the compliance is with a defined standard, such as SANS 20 or NIST Cyber Security Framework (CSF), or left open to interpretation, we have the experience and ability to address issues effectively and in budget.
I am concerned about risk to my organization.
Our in-depth risk assessment involves multiple tests, interviews, discovery, consultations, compliance review, and deep technical investigation. This allows us to accurately provide a risk rating, identify areas of vulnerability, and create a foundation for protecting the organization quickly and cost-effectively.
I need a Written Information Security Plan (WISP).
A Written Information Security Plan is not only a requirement for many federal and state compliances, but is also one of the most important steps any organization can take to become more secure. A carefully developed WISP is not a document that sits on a shelf, but rather a security program that ensures that you have the right policies, workflows, training, and controls.